Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

need Fixlist.tx


  • This topic is locked This topic is locked
32 replies to this topic

#1 thegonga

thegonga

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Katavi
  • Local time:02:44 AM

Posted 27 October 2012 - 06:46 AM

hi!

am having problem in booting window 7 64bit ultimate, I used FRST64 it genarated the log below FRST.TXT,, NEXT STEP IT NEEDS FIXLIST.TXT,, HELP ME PLEASE



Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-10-2012
Ran by SYSTEM at 27-10-2012 13:50:08
Running from H:\
Windows 7 Ultimate (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-06-07] (IDT, Inc.)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1289704 2012-09-12] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [x]
HKLM\...\Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [42808 2011-06-27] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [KSafeTray] "C:\Program Files (x86)\Kingsoft\PcDoctor\KSafeTray.exe" -autorun [1308064 2012-04-10] (Kingsoft Corporation)
HKLM-x32\...\Run: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey [1858152 2012-03-30] (Microsoft Corp.)
HKLM-x32\...\Run: [kxesc] "c:\program files (x86)\kingsoft\kingsoft antivirus\kxetray.exe" -autorun [1595056 2012-10-07] (Kingsoft Corporation)
HKLM-x32\...\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [318520 2011-01-27] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [FileFort] "C:\Program Files (x86)\NCH Software\FileFort\filefort.exe" -logon [964720 2012-09-19] (NCH Software)
HKLM-x32\...\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [724576 2012-09-25] (Sony Corporation)
HKLM-x32\...\Run: [UX Launcher] C:\Program Files (x86)\UX Pack\uxlaunch.exe [234274 2012-09-02] (Windows X)
HKU\Default\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1668664 2009-10-25] (Hewlett-Packard)
HKU\Default User\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1668664 2009-10-25] (Hewlett-Packard)
HKU\user\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-12-06] (Google Inc.)
HKU\user\...\Run: [Facebook Update] "C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-09-25] (Facebook Inc.)
HKU\user\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
HKU\user\...\Run: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart [288128 2012-05-28] (IObit)
HKU\user\...\Run: [XLaunchPad] C:\Program Files (x86)\XLaunchPad\XLaunchPad.exe [2368000 2012-07-31] (xwidget.com)
HKU\user\...\Policies\system: [DisableLockWorkstation] 0
HKU\user\...\Policies\system: [DisableChangePassword] 0
HKU\user\...\Policies\system: [LogonHoursAction] 2
HKU\user\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 41.72.175.3 41.72.175.4
Tcpip\..\Interfaces\{95C42E44-7667-4E72-BAE0-38FE7E626B77}: [NameServer]8.8.8.8,208.67.222.222,8.8.4.4,208.67.220.220,222.46.120.5,222.46.120.6,211.98.2.4,211.98.2.1
Tcpip\..\Interfaces\{A61C3E57-8416-43E7-B359-74068AE4361C}: [NameServer]8.8.8.8,208.67.222.222,8.8.4.4,208.67.220.220,222.46.120.5,222.46.120.6,211.98.2.4,211.98.2.1
Startup: C:\Users\user\Start Menu\Programs\Startup\Boot BMP Changer.lnk
ShortcutTarget: Boot BMP Changer.lnk -> C:\Program Files (x86)\Boot BMP Changer\BootBMP.exe (No File)
Startup: C:\Users\user\Start Menu\Programs\Startup\XWindows Dock.lnk
ShortcutTarget: XWindows Dock.lnk -> C:\Program Files (x86)\XWindows Dock\XWD.exe (Lichonos Vladimir)

==================== Services (Whitelisted) ===================

2 AdvancedSystemCareService5; C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [913792 2012-05-26] (IObit)
2 BingDesktopUpdate; "C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe" [151656 2012-03-30] (Microsoft Corp.)
3 ExpressAccountsService; "C:\Program Files (x86)\NCH Software\ExpressAccounts\expressaccounts.exe" -service [3051632 2012-09-25] (NCH Software)
3 ExpressInvoiceService; "C:\Program Files (x86)\NCH Software\ExpressInvoice\expressinvoice.exe" -service [2158192 2012-09-17] (NCH Software)
2 HPAuto; "C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe" [682040 2011-02-16] (Hewlett-Packard)
3 hpCMSrv; "C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe" [1098296 2011-06-14] (Hewlett-Packard Development Company L.P.)
3 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [821592 2012-01-09] (IObit)
3 iprip; C:\Windows\System32\iprip.dll [35328 2009-07-13] (Microsoft Corporation)
2 KSafeSvc; "C:\Program Files (x86)\Kingsoft\PcDoctor\KSafeSvc.exe" -svc [452512 2012-04-10] (Kingsoft Corporation)
2 kxescore; "C:\program files (x86)\kingsoft\kingsoft antivirus\kxescore.exe" /service kxescore [123992 2012-07-11] (Kingsoft Corporation)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [22072 2012-09-12] (Microsoft Corporation)
4 msvsmon80; "C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x64\msvsmon.exe" /service msvsmon80 [4476096 2005-09-22] (Microsoft Corporation)
3 MWAgent; C:\PROGRA~2\COMMON~1\MICROW~1\Agent\MWASER.EXE [845320 2010-03-10] (MicroWorld Technologies Inc.)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [368896 2012-09-12] (Microsoft Corporation)
3 PMBDeviceInfoProvider; "C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe" [474208 2012-09-25] (Sony Corporation)
3 UI Assistant Service; C:\Program Files (x86)\Join Air\AssistantServices.exe [246272 2009-07-14] ()
3 UnsignedThemes; C:\Windows\UnsignedThemesSvc.exe [24168 2009-07-12] (The Within Network, LLC)
3 vToolbarUpdater12.1.5; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe [830048 2012-07-27] ()
3 wampapache; "C:\wamp\bin\apache\apache2.2.21\bin\httpd.exe" -k runservice [21504 2011-09-26] (Apache Software Foundation)
3 wampmysqld; C:\wamp\bin\mysql\mysql5.5.16\bin\mysqld.exe wampmysqld [9665536 2011-09-26] ()
2 Web Assistant Updater; C:\Program Files\Web Assistant\ExtensionUpdaterService.exe [185856 2012-05-01] ()
3 Applications Manager; "C:\Program Files (x86)\ManageEngine\AppManager10\working\wrapper.exe" -s conf\wrapper.conf [x]
2 WinDefend; C:\Program Files (x86)\Windows Defender\mpsvc.dll [x]

==================== Drivers (Whitelisted) =====================

3 athr; C:\Windows\System32\DRIVERS\athrx.sys [3678720 2012-06-19] (Qualcomm Atheros Communications, Inc.)
1 avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys [31080 2012-07-27] (AVG Technologies)
3 bdfsfltr; C:\Windows\System32\Drivers\bdfsfltr.sys [340488 2009-07-24] (BitDefender S.R.L. Bucharest, ROMANIA)
3 dgderdrv; C:\Windows\System32\Drivers\dgderdrv.sys [20552 2010-09-13] (Devguru Co., Ltd)
3 FileMonitor; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [21384 2012-01-05] (IObit)
0 kavbootc; C:\Windows\System32\Drivers\kavbootc.sys [27240 2012-07-11] (Kingsoft Corporation)
1 KDHacker; C:\Windows\System32\Drivers\KDHacker.sys [125784 2012-07-11] (Kingsoft Corporation)
2 kisknl; C:\Windows\System32\Drivers\kisknl.sys [210296 2012-08-22] (Kingsoft Corporation)
1 kmodurl; \??\C:\Program Files (x86)\Kingsoft\PcDoctor\kmodurl64.sys [133096 2011-12-19] (Kingsoft Corporation)
3 ksfmonsys; \??\C:\Program Files (x86)\Kingsoft\PcDoctor\ksfmonsys64.sys [21320 2012-04-10] (Kingsoft Corporation)
4 KUsbGuard; \??\C:\Program Files (x86)\Kingsoft\kingsoft antivirus\kusbquery64.sys [18296 2012-09-11] (Kingsoft Corporation)
0 MpFilter; C:\Windows\System32\Drivers\MpFilter.sys [228768 2012-08-30] (Microsoft Corporation)
2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [128456 2012-08-30] (Microsoft Corporation)
3 PsxDrv; C:\Windows\System32\Drivers\PsxDrv.sys [10240 2009-07-13] (Microsoft Corporation)
3 RegFilter; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [33184 2012-04-28] (IObit.com)
0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [17720 2010-11-26] ()
3 UrlFilter; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [21872 2012-04-28] (IObit.com)
2 uxpatch; C:\Windows\System32\Drivers\uxpatch.sys [30568 2009-07-12] ()
3 vodafone_K380x-z_dc_enum; C:\Windows\System32\Drivers\vodafone_K380x-z_dc_enum.sys [75776 2010-05-20] (Vodafone)
3 WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-10-31] (OpenLibSys.org)
3 ZTEusbwwan; C:\Windows\System32\Drivers\ZTEusbwwan.sys [235520 2011-04-18] (ZTE Incorporated)
3 catchme; \??\C:\ComboFix\catchme.sys [x]
0 SR; [x]
2 SRService; [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2012-10-27 13:33 - 2012-10-27 13:33 - 00000000 ____D C:\FRST
2012-10-26 07:39 - 2012-10-26 09:27 - 00000000 ___HD C:\_Exception1
2012-10-24 21:14 - 2012-10-24 21:15 - 00000000 ____D C:\Users\user\AppData\Local\{F07B9708-3EE1-4FA6-BBF2-1051C451E178}
2012-10-24 12:15 - 2012-10-24 12:15 - 00000000 ____D C:\Users\user\AppData\Local\{53E2B7E2-8DC0-408E-9FBD-10D2207EE98E}
2012-10-23 23:35 - 2012-10-23 23:35 - 00013847 ____A C:\Users\user\Documents\Payments 2012.xlsx
2012-10-23 22:13 - 2012-10-23 22:13 - 00000000 ____D C:\Users\user\AppData\Local\{56D89B6B-FB03-485D-B73D-FB649911C196}
2012-10-23 21:04 - 2012-10-23 21:04 - 00000000 ____D C:\Users\user\AppData\Local\{F7E08D87-DF2E-4A85-85F4-E74202DA1381}
2012-10-23 03:50 - 2012-10-23 03:51 - 01873160 ____A (Conduit) C:\Users\user\Downloads\WeLoveMusic.exe
2012-10-22 21:03 - 2012-10-22 21:03 - 00000000 ____D C:\Users\user\AppData\Local\{5643005F-0B83-4F60-B83E-F996F31D6793}
2012-10-22 10:47 - 2012-10-22 10:47 - 00000000 ____D C:\Users\user\AppData\Local\{5D3CDE61-F8C1-4E40-AE41-2B8FC3D8C470}
2012-10-22 09:22 - 2010-12-02 03:58 - 27247964 ____A C:\Users\user\Documents\AVSEQ01.DAT
2012-10-22 09:20 - 2011-05-14 07:00 - 53961099 ____A C:\Users\user\Documents\Busty MILF Wearing Satin bleep Machine.flv
2012-10-22 09:19 - 2011-01-06 23:03 - 33260021 ____A C:\Users\user\Documents\melissa_mpeg4.mp4
2012-10-22 09:19 - 2010-11-07 14:18 - 22962954 ____A C:\Users\user\Documents\Mtoto malaya.mp4
2012-10-22 09:17 - 2012-10-22 09:17 - 00000000 ____D C:\Users\user\AppData\Local\{24550164-C4EB-4AF6-A151-904B2A58E089}
2012-10-21 21:06 - 2012-10-21 21:09 - 00000000 ____D C:\Users\user\AppData\Local\{404E88E2-87AA-45E3-B2AA-7BDB77BD7DC9}
2012-10-21 00:46 - 2012-10-27 12:28 - 00000000 ___HD C:\Users\user\Documents\.picasaoriginals
2012-10-21 00:45 - 2012-10-21 00:47 - 00000113 ___AH C:\Users\user\Documents\.picasa.ini
2012-10-20 23:50 - 2012-10-20 23:50 - 00000000 ____D C:\Users\user\Documents\103SSCAM
2012-10-20 23:31 - 2012-10-27 12:28 - 00000000 ____D C:\Program Files (x86)\DVD Shrink
2012-10-20 23:31 - 2012-10-22 21:09 - 00000000 ____D C:\Users\All Users\DVD Shrink
2012-10-20 23:12 - 2012-10-27 12:25 - 00000000 ____D C:\Users\user\Documents\www
2012-10-20 21:30 - 2012-10-20 21:30 - 00000000 ____D C:\Users\user\AppData\Local\{1FDEB07A-6C66-4B4A-9CD2-E1B8581A719B}
2012-10-20 10:14 - 2012-10-20 10:14 - 00000000 ____D C:\Users\user\AppData\Local\{57430025-2E9B-431C-837A-AD3AD72751D7}
2012-10-20 00:42 - 2012-10-20 00:43 - 00658944 ____A (Coder for Life) C:\Users\user\Downloads\Win7BootUpdater (1).exe
2012-10-20 00:12 - 2010-11-20 19:24 - 00249856 ____A (Microsoft Corporation) C:\Windows\System32\stobject.dll
2012-10-20 00:11 - 2012-06-08 21:43 - 14171136 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-10-20 00:11 - 2011-07-02 17:16 - 02930176 ____A (Microsoft Corporation) C:\Windows\explorer.exe
2012-10-20 00:11 - 2010-11-20 19:24 - 02059776 ____A (Microsoft Corporation) C:\Windows\System32\ExplorerFrame.dll
2012-10-20 00:11 - 2010-11-20 19:24 - 00749568 ____A (Microsoft Corporation) C:\Windows\System32\batmeter.dll
2012-10-20 00:11 - 2010-11-20 19:23 - 01927168 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2012-10-20 00:11 - 2010-11-20 19:23 - 01574912 ____A (Microsoft Corporation) C:\Windows\System32\pnidui.dll
2012-10-20 00:11 - 2010-11-20 19:23 - 00143872 ____A (Microsoft Corporation) C:\Windows\System32\SndVolSSO.dll
2012-10-20 00:11 - 2009-07-13 17:28 - 16842752 ____A (Microsoft Corporation) C:\Windows\System32\imageres.dll
2012-10-19 23:43 - 2010-11-20 19:24 - 00014336 ____A (Microsoft Corporation) C:\Windows\System32\browseui.dll
2012-10-19 23:43 - 2009-07-13 17:38 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\wscui.cpl
2012-10-19 23:31 - 2012-10-19 23:31 - 01376768 ____A C:\Users\user\Downloads\7z920-x64.msi
2012-10-19 22:50 - 2012-09-24 12:16 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2012-10-19 22:50 - 2012-09-24 12:08 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-10-19 22:50 - 2012-09-24 12:07 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-10-19 22:49 - 2012-10-19 22:50 - 00004119 ____A C:\Windows\SysWOW64\jupdate-1.7.0_09-b05.log
2012-10-19 21:11 - 2012-10-19 21:11 - 00000000 ____D C:\Users\user\AppData\Local\{D955DECC-9E67-43CC-974B-DF5399BE7A46}
2012-10-19 21:09 - 2012-10-19 22:39 - 00000336 ____A C:\Windows\Tasks\HPCeeScheduleForFREDG$.job
2012-10-19 21:08 - 2012-10-19 21:08 - 00000394 ____A C:\Windows\PFRO.log
2012-10-19 00:05 - 2012-10-19 00:25 - 47436176 ____A (Apple Inc.) C:\Users\user\Downloads\iCloudSetup.exe
2012-10-18 23:17 - 2012-10-18 23:48 - 00000061 ____A C:\Users\user\Documents\reject.txt
2012-10-18 22:46 - 2012-10-18 22:46 - 00000000 ____D C:\Program Files (x86)\Tweaks
2012-10-18 22:44 - 2012-10-18 22:44 - 01069632 ____A C:\Users\user\Downloads\FB_Cover_Maker.exe
2012-10-18 21:14 - 2012-10-18 21:14 - 00000000 ____D C:\Users\user\AppData\Local\{F1067694-96E6-4958-BE65-655374059754}
2012-10-17 21:09 - 2012-10-17 21:10 - 00000000 ____D C:\Users\user\AppData\Local\{5D26C5A4-C123-4930-9D02-F35C228D3C24}
2012-10-17 11:07 - 2012-10-17 11:07 - 00000000 ____D C:\Users\user\AppData\Local\{C0BAE662-E435-400F-91FF-D595039FEBF1}
2012-10-17 00:36 - 2012-10-17 00:36 - 00000724 ____A C:\Windows\DirectX.log
2012-10-16 22:49 - 2012-10-16 22:49 - 00373456 ____A (Softonic) C:\Users\user\Downloads\SoftonicDownloader_for_windows-7-logon-screen-editor.exe
2012-10-16 22:40 - 2012-10-16 22:40 - 00425568 ____A (Yahoo! Inc.) C:\Users\user\Downloads\yahoo-messenger-11-5-0-155-es-win.exe
2012-10-16 22:39 - 2012-10-16 22:40 - 01075736 ____A C:\Users\user\Downloads\yahoo-messenger-11.5.0.155-en-win-setup.exe
2012-10-16 22:36 - 2012-10-27 12:28 - 00000000 ____D C:\Program Files (x86)\Logon Screen
2012-10-16 22:35 - 2012-10-16 22:35 - 01382922 ____A (Daniel Rebelo ) C:\Users\user\Downloads\logon-screen-2.40.exe
2012-10-16 22:34 - 2012-10-16 22:34 - 01075736 ____A C:\Users\user\Downloads\logon-screen-2.40-en-win-setup.exe
2012-10-16 22:22 - 2012-10-16 22:23 - 00000000 ____D C:\Users\user\AppData\Local\Windows 7 Account Screen Editor
2012-10-16 22:22 - 2012-10-16 22:22 - 00000000 ____D C:\Users\user\Downloads\Windows_7_Logon_screen_editor_by_bcubing
2012-10-16 22:20 - 2012-10-16 22:21 - 01604149 ____A C:\Users\user\Downloads\Windows_7_Logon_screen_editor_by_bcubing.zip
2012-10-16 22:18 - 2012-10-16 22:19 - 00827707 ____A C:\Users\user\Downloads\Unconfirmed 680486.crdownload
2012-10-16 21:50 - 2012-10-16 21:50 - 00027367 ____A C:\Users\user\Documents\LABES.xlsx
2012-10-16 21:12 - 2012-10-16 21:12 - 00000000 ____D C:\Users\user\AppData\Local\{0ABA69A3-9A9F-4C69-B06F-6FAE19FE961F}
2012-10-16 06:08 - 2012-10-16 06:08 - 00110679 ____A C:\Users\user\Documents\SEEDS '12-'13 crop.xlsx
2012-10-15 21:53 - 2012-10-15 21:53 - 00191823 ____A C:\Users\user\Downloads\naturalbeautiestemp1117.zip
2012-10-15 21:13 - 2012-10-15 21:14 - 00000000 ____D C:\Users\user\AppData\Local\{8D508AF8-D113-434D-A042-CF3C43EEE3BD}
2012-10-14 23:27 - 2012-10-14 23:28 - 00000082 ___AH C:\IPH.PH
2012-10-14 21:04 - 2012-10-14 21:05 - 00000000 ____D C:\Users\user\AppData\Local\{6A5DC5AF-DE98-47F8-8EBE-C827576A8129}
2012-10-13 11:37 - 2012-10-13 11:37 - 00000000 ____D C:\Users\user\AppData\Local\{C8AC7B93-3BF5-4F44-AD5C-9776F8F605C5}
2012-10-12 22:33 - 2012-10-12 22:33 - 00657408 ____A (Abdul Fatir Ansari) C:\Users\user\Downloads\Se7en Logon Changer 7LC 1.1.exe
2012-10-12 21:46 - 2012-10-12 21:47 - 03165621 ____A C:\Users\user\Downloads\EmergeDesktop-6.1.1.exe
2012-10-12 21:24 - 2012-10-12 21:24 - 00248259 ____A C:\Users\user\Downloads\tweakslogon.zip
2012-10-12 21:24 - 2012-10-12 21:24 - 00000000 ____D C:\Users\user\Downloads\tweakslogon
2012-10-12 21:06 - 2012-10-12 21:06 - 00000000 ____D C:\Users\user\AppData\Local\{0636CE81-96FE-4FF7-B9EA-5F8E48AABBE9}
2012-10-12 05:49 - 2012-10-12 05:49 - 00000000 ____D C:\Users\user\Downloads\Token_by_brsev
2012-10-12 05:46 - 2012-10-12 05:47 - 06892672 ____A C:\Users\user\Downloads\Token_by_brsev.zip
2012-10-12 05:27 - 2012-10-24 21:10 - 00003380 ____A C:\Windows\setupact.log
2012-10-12 05:27 - 2012-10-12 05:27 - 00000000 ____A C:\Windows\setuperr.log
2012-10-12 01:55 - 2012-10-12 01:55 - 00000000 ____D C:\Users\user\Downloads\8TP6
2012-10-11 21:15 - 2012-10-11 21:15 - 43941888 ____A C:\Windows\System32\config\COMPONENTS.iobit
2012-10-11 21:15 - 2012-10-11 21:15 - 23814144 ____A C:\Windows\System32\config\SYSTEM.iobit
2012-10-11 21:15 - 2012-10-11 21:15 - 133054464 ____A C:\Windows\System32\config\SOFTWARE.iobit
2012-10-11 21:15 - 2012-10-11 21:15 - 01114112 ____A C:\Windows\System32\config\DEFAULT.iobit
2012-10-11 21:15 - 2012-10-11 21:15 - 00065536 ____A C:\Windows\System32\config\SAM.iobit
2012-10-11 21:15 - 2012-10-11 21:15 - 00032768 ____A C:\Windows\System32\config\SECURITY.iobit
2012-10-11 21:07 - 2012-10-11 21:07 - 00000000 ____D C:\Users\user\AppData\Local\{14A05542-1ADD-4864-A4F4-2D2C0CD1A9E7}
2012-10-11 06:28 - 2012-10-11 06:28 - 00000000 ____D C:\Users\user\Downloads\metamorph_seasonspring
2012-10-11 06:27 - 2012-10-11 06:27 - 00000000 ____D C:\Users\user\Downloads\metamorph_newstyle
2012-10-11 06:26 - 2012-10-11 06:26 - 00904595 ____A C:\Users\user\Downloads\metamorph_seasonspring.zip
2012-10-11 06:24 - 2012-10-11 06:24 - 00893578 ____A C:\Users\user\Downloads\metamorph_newstyle.zip
2012-10-11 06:21 - 2012-10-11 06:21 - 02221362 ____A C:\Users\user\Downloads\metamorph_seasonfall.zip
2012-10-11 06:21 - 2012-10-11 06:21 - 00000000 ____D C:\Users\user\Downloads\metamorph_seasonfall
2012-10-11 06:19 - 2012-10-11 06:19 - 00000000 ____D C:\Users\user\Downloads\metamorph_clearsky
2012-10-11 06:18 - 2012-10-11 06:18 - 01848617 ____A C:\Users\user\Downloads\metamorph_clearsky.zip
2012-10-11 06:15 - 2012-10-11 06:15 - 00000000 ____D C:\Users\user\Downloads\FW272
2012-10-11 06:14 - 2012-10-11 06:15 - 02088624 ____A C:\Users\user\Downloads\FW272.zip
2012-10-11 01:42 - 2012-10-11 01:42 - 00000000 ____D C:\Users\user\AppData\Local\{01102C13-5CE8-4607-84C2-A79EE0B46444}
2012-10-10 22:01 - 2012-10-10 22:01 - 00373448 ____A (Softonic) C:\Users\user\Downloads\SoftonicDownloader_for_windows-8-charms-bar-skin.exe
2012-10-10 03:04 - 2012-10-10 03:04 - 03025006 ____A C:\Users\user\Downloads\setup_seeandtype.exe
2012-10-10 02:43 - 2012-10-10 02:43 - 00000000 ____D C:\Users\user\AppData\Roaming\RapidTyping
2012-10-10 02:43 - 2012-10-10 02:43 - 00000000 ____D C:\Users\All Users\RapidTyping
2012-10-10 01:49 - 2012-10-10 02:13 - 85547188 ____A (Broderbund Software ) C:\Users\user\Downloads\MBTT Dlx 17 Setup.exe
2012-10-10 01:47 - 2012-10-27 12:28 - 00000000 ____D C:\Program Files (x86)\RapidTyping
2012-10-10 01:45 - 2012-10-10 01:47 - 08819669 ____A C:\Users\user\Downloads\RapidTyping_Setup_4.exe
2012-10-10 01:34 - 2012-10-12 05:50 - 00000000 ____D C:\Program Files (x86)\NCH Software
2012-10-10 01:34 - 2012-10-10 01:34 - 01512056 ____A (NCH Software) C:\Users\user\Downloads\kbsetup.exe
2012-10-09 21:23 - 2012-08-31 10:19 - 01659760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2012-10-09 21:22 - 2012-08-30 10:03 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-10-09 21:22 - 2012-08-30 09:12 - 03968880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-10-09 21:22 - 2012-08-30 09:12 - 03914096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-10-09 21:22 - 2012-08-20 10:48 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-10-09 21:22 - 2012-08-20 10:48 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-10-09 21:22 - 2012-08-20 10:48 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2012-10-09 21:22 - 2012-08-20 10:48 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2012-10-09 21:22 - 2012-08-20 10:48 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-10-09 21:22 - 2012-08-20 10:48 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2012-10-09 21:22 - 2012-08-20 10:48 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2012-10-09 21:22 - 2012-08-20 10:46 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2012-10-09 21:22 - 2012-08-20 10:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 10:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 10:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 10:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 09:40 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2012-10-09 21:22 - 2012-08-20 09:38 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2012-10-09 21:22 - 2012-08-20 09:37 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2012-10-09 21:22 - 2012-08-20 09:37 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2012-10-09 21:22 - 2012-08-20 09:37 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2012-10-09 21:22 - 2012-08-20 09:32 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 09:32 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 07:38 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2012-10-09 21:22 - 2012-08-20 07:38 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2012-10-09 21:22 - 2012-08-20 07:33 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 07:33 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 07:33 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 07:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2012-10-09 21:21 - 2012-09-14 11:19 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-10-09 21:21 - 2012-09-14 10:28 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-10-09 21:21 - 2012-08-24 10:05 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-10-09 21:21 - 2012-08-24 08:57 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-10-09 21:20 - 2012-08-10 16:56 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2012-10-09 21:20 - 2012-08-10 15:56 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2012-10-09 21:20 - 2012-06-01 21:41 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-10-09 21:20 - 2012-06-01 21:41 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-10-09 21:20 - 2012-06-01 21:41 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-10-09 21:20 - 2012-06-01 20:36 - 01159680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-10-09 21:20 - 2012-06-01 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-10-09 21:20 - 2012-06-01 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-10-09 04:02 - 2012-10-09 04:03 - 00000000 ____D C:\Users\user\Documents\Avater 2
2012-10-09 04:00 - 2012-10-09 04:01 - 04157360 ____A (http://yourfiledownloader.com) C:\Users\user\Downloads\Cbt_Gx6102S01_A6V4_FACY4_2012_05_19.rar_downloader_224 (1).exe
2012-10-09 03:52 - 2012-10-09 03:53 - 04157360 ____A (http://yourfiledownloader.com) C:\Users\user\Downloads\Cbt_Gx6102S01_A6V4_FACY4_2012_05_19.rar_downloader_224.exe
2012-10-08 22:13 - 2012-10-08 22:13 - 00015888 ____A C:\Users\user\Documents\LA LIGA spain.xlsx_2012-10-09_09-13-41.enc
2012-10-08 22:02 - 2012-10-08 22:02 - 00009428 ____A C:\Users\user\Documents\kitchen.xlsx_2012-10-09_09-02-36.enc
2012-10-08 21:25 - 2012-10-08 21:25 - 00763424 ____A (Google Inc.) C:\Users\user\Downloads\GoogleEarthPluginSetup.exe
2012-10-06 09:39 - 2012-10-18 02:21 - 00000000 ____D C:\Users\user\Documents\PIUS PICS
2012-10-06 07:02 - 2012-10-06 07:02 - 00000000 ____D C:\Program Files (x86)\ScreenSaverGift
2012-10-03 23:38 - 2012-10-03 23:39 - 00000000 ____D C:\Users\user\AppData\Local\{F0DF93F2-200F-42FF-8EC3-52D7617E9599}
2012-10-03 21:51 - 2012-10-03 21:52 - 00000000 ____D C:\Users\user\Documents\BEI
2012-10-03 10:34 - 2012-10-03 10:34 - 00000000 ____D C:\Users\user\AppData\Local\{39AA94CA-7EDE-438D-834D-164F4E404D9B}
2012-10-03 05:43 - 2012-10-04 00:31 - 00000000 ____D C:\Program Files (x86)\Easy Video Splitter
2012-10-03 05:42 - 2012-10-03 05:42 - 01200623 ____A C:\Users\user\Downloads\ezsplitter.exe
2012-10-03 01:58 - 2012-10-03 02:03 - 31192520 ____A (Any-Video-Converter.com ) C:\Users\user\Downloads\avc-free (1).exe
2012-10-02 21:56 - 2012-10-02 21:56 - 00000000 ____D C:\Users\user\AppData\Local\{07024469-7B0B-4BBD-BAA0-A67C11C28FC3}
2012-10-02 12:35 - 2012-10-02 12:35 - 00168268 ____A C:\Users\user\Documents\my logo.tlc
2012-10-02 11:17 - 2012-10-02 11:17 - 00000000 ____D C:\Users\user\AppData\Local\{1A8A0524-AB5C-4D18-A93F-3643DA9C1F8C}
2012-10-01 06:02 - 2011-06-07 00:13 - 00821824 ____A (Devguru Co., Ltd.) C:\Windows\SysWOW64\dgderapi.dll
2012-09-30 21:56 - 2012-09-30 21:56 - 00000846 ____A C:\Users\user\Downloads\HighLowGUI (1).java
2012-09-30 21:53 - 2012-09-30 21:53 - 00012036 ____A C:\Users\user\Downloads\SimplePaint2.java
2012-09-30 21:42 - 2012-10-24 21:17 - 00000000 ____D C:\Users\All Users\Safe
2012-09-30 21:39 - 2012-09-30 21:39 - 00045679 ____A C:\ComboFix.txt
2012-09-28 02:29 - 2012-09-28 02:29 - 00008553 ____A C:\Users\user\Documents\result.xlsx
2012-09-27 23:38 - 2012-09-27 23:38 - 00000222 ____A C:\Users\user\Documents\code 1.txt

==================== 3 Months Modified Files ==================

2012-10-24 21:21 - 2009-07-13 20:45 - 00032544 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-10-24 21:21 - 2009-07-13 20:45 - 00032544 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-10-24 21:18 - 2012-03-25 00:36 - 02086989 ____A C:\Windows\WindowsUpdate.log
2012-10-24 21:10 - 2012-10-12 05:27 - 00003380 ____A C:\Windows\setupact.log
2012-10-24 21:10 - 2012-05-30 00:36 - 00065536 ____A C:\Windows\System32\Ikeext.etl
2012-10-24 21:10 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-10-24 12:28 - 2012-03-29 21:29 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-10-24 12:19 - 2009-07-13 21:13 - 00876558 ____A C:\Windows\System32\PerfStringBackup.INI
2012-10-23 23:35 - 2012-10-23 23:35 - 00013847 ____A C:\Users\user\Documents\Payments 2012.xlsx
2012-10-23 03:51 - 2012-10-23 03:50 - 01873160 ____A (Conduit) C:\Users\user\Downloads\WeLoveMusic.exe
2012-10-22 09:14 - 2012-09-23 22:21 - 00000328 ____A C:\Windows\Tasks\HPCeeScheduleForuser.job
2012-10-22 05:13 - 2012-01-23 04:23 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
2012-10-21 00:47 - 2012-10-21 00:45 - 00000113 ___AH C:\Users\user\Documents\.picasa.ini
2012-10-20 00:43 - 2012-10-20 00:42 - 00658944 ____A (Coder for Life) C:\Users\user\Downloads\Win7BootUpdater (1).exe
2012-10-19 23:31 - 2012-10-19 23:31 - 01376768 ____A C:\Users\user\Downloads\7z920-x64.msi
2012-10-19 22:50 - 2012-10-19 22:49 - 00004119 ____A C:\Windows\SysWOW64\jupdate-1.7.0_09-b05.log
2012-10-19 22:39 - 2012-10-19 21:09 - 00000336 ____A C:\Windows\Tasks\HPCeeScheduleForFREDG$.job
2012-10-19 22:39 - 2009-07-13 20:45 - 00591328 ____A C:\Windows\System32\FNTCACHE.DAT
2012-10-19 22:35 - 2011-12-06 02:45 - 00172944 ____A C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT
2012-10-19 21:08 - 2012-10-19 21:08 - 00000394 ____A C:\Windows\PFRO.log
2012-10-19 21:08 - 2009-07-13 21:08 - 00032632 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-10-19 00:25 - 2012-10-19 00:05 - 47436176 ____A (Apple Inc.) C:\Users\user\Downloads\iCloudSetup.exe
2012-10-18 23:48 - 2012-10-18 23:17 - 00000061 ____A C:\Users\user\Documents\reject.txt
2012-10-18 22:44 - 2012-10-18 22:44 - 01069632 ____A C:\Users\user\Downloads\FB_Cover_Maker.exe
2012-10-17 00:36 - 2012-10-17 00:36 - 00000724 ____A C:\Windows\DirectX.log
2012-10-16 22:49 - 2012-10-16 22:49 - 00373456 ____A (Softonic) C:\Users\user\Downloads\SoftonicDownloader_for_windows-7-logon-screen-editor.exe
2012-10-16 22:40 - 2012-10-16 22:40 - 00425568 ____A (Yahoo! Inc.) C:\Users\user\Downloads\yahoo-messenger-11-5-0-155-es-win.exe
2012-10-16 22:40 - 2012-10-16 22:39 - 01075736 ____A C:\Users\user\Downloads\yahoo-messenger-11.5.0.155-en-win-setup.exe
2012-10-16 22:35 - 2012-10-16 22:35 - 01382922 ____A (Daniel Rebelo ) C:\Users\user\Downloads\logon-screen-2.40.exe
2012-10-16 22:34 - 2012-10-16 22:34 - 01075736 ____A C:\Users\user\Downloads\logon-screen-2.40-en-win-setup.exe
2012-10-16 22:21 - 2012-10-16 22:20 - 01604149 ____A C:\Users\user\Downloads\Windows_7_Logon_screen_editor_by_bcubing.zip
2012-10-16 22:19 - 2012-10-16 22:18 - 00827707 ____A C:\Users\user\Downloads\Unconfirmed 680486.crdownload
2012-10-16 21:50 - 2012-10-16 21:50 - 00027367 ____A C:\Users\user\Documents\LABES.xlsx
2012-10-16 06:08 - 2012-10-16 06:08 - 00110679 ____A C:\Users\user\Documents\SEEDS '12-'13 crop.xlsx
2012-10-15 21:53 - 2012-10-15 21:53 - 00191823 ____A C:\Users\user\Downloads\naturalbeautiestemp1117.zip
2012-10-14 23:28 - 2012-10-14 23:27 - 00000082 ___AH C:\IPH.PH
2012-10-12 22:33 - 2012-10-12 22:33 - 00657408 ____A (Abdul Fatir Ansari) C:\Users\user\Downloads\Se7en Logon Changer 7LC 1.1.exe
2012-10-12 21:47 - 2012-10-12 21:46 - 03165621 ____A C:\Users\user\Downloads\EmergeDesktop-6.1.1.exe
2012-10-12 21:24 - 2012-10-12 21:24 - 00248259 ____A C:\Users\user\Downloads\tweakslogon.zip
2012-10-12 05:47 - 2012-10-12 05:46 - 06892672 ____A C:\Users\user\Downloads\Token_by_brsev.zip
2012-10-12 05:27 - 2012-10-12 05:27 - 00000000 ____A C:\Windows\setuperr.log
2012-10-11 21:15 - 2012-10-11 21:15 - 43941888 ____A C:\Windows\System32\config\COMPONENTS.iobit
2012-10-11 21:15 - 2012-10-11 21:15 - 23814144 ____A C:\Windows\System32\config\SYSTEM.iobit
2012-10-11 21:15 - 2012-10-11 21:15 - 133054464 ____A C:\Windows\System32\config\SOFTWARE.iobit
2012-10-11 21:15 - 2012-10-11 21:15 - 01114112 ____A C:\Windows\System32\config\DEFAULT.iobit
2012-10-11 21:15 - 2012-10-11 21:15 - 00065536 ____A C:\Windows\System32\config\SAM.iobit
2012-10-11 21:15 - 2012-10-11 21:15 - 00032768 ____A C:\Windows\System32\config\SECURITY.iobit
2012-10-11 06:26 - 2012-10-11 06:26 - 00904595 ____A C:\Users\user\Downloads\metamorph_seasonspring.zip
2012-10-11 06:24 - 2012-10-11 06:24 - 00893578 ____A C:\Users\user\Downloads\metamorph_newstyle.zip
2012-10-11 06:21 - 2012-10-11 06:21 - 02221362 ____A C:\Users\user\Downloads\metamorph_seasonfall.zip
2012-10-11 06:18 - 2012-10-11 06:18 - 01848617 ____A C:\Users\user\Downloads\metamorph_clearsky.zip
2012-10-11 06:15 - 2012-10-11 06:14 - 02088624 ____A C:\Users\user\Downloads\FW272.zip
2012-10-10 22:01 - 2012-10-10 22:01 - 00373448 ____A (Softonic) C:\Users\user\Downloads\SoftonicDownloader_for_windows-8-charms-bar-skin.exe
2012-10-10 03:04 - 2012-10-10 03:04 - 03025006 ____A C:\Users\user\Downloads\setup_seeandtype.exe
2012-10-10 02:13 - 2012-10-10 01:49 - 85547188 ____A (Broderbund Software ) C:\Users\user\Downloads\MBTT Dlx 17 Setup.exe
2012-10-10 01:47 - 2012-10-10 01:45 - 08819669 ____A C:\Users\user\Downloads\RapidTyping_Setup_4.exe
2012-10-10 01:34 - 2012-10-10 01:34 - 01512056 ____A (NCH Software) C:\Users\user\Downloads\kbsetup.exe
2012-10-10 00:23 - 2012-01-22 06:29 - 65309168 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-10-09 09:03 - 2011-12-06 03:00 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-10-09 09:03 - 2011-12-06 03:00 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-10-09 04:01 - 2012-10-09 04:00 - 04157360 ____A (http://yourfiledownloader.com) C:\Users\user\Downloads\Cbt_Gx6102S01_A6V4_FACY4_2012_05_19.rar_downloader_224 (1).exe
2012-10-09 03:53 - 2012-10-09 03:52 - 04157360 ____A (http://yourfiledownloader.com) C:\Users\user\Downloads\Cbt_Gx6102S01_A6V4_FACY4_2012_05_19.rar_downloader_224.exe
2012-10-08 22:30 - 2012-03-29 21:29 - 00696760 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-10-08 22:30 - 2011-07-02 17:36 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-10-08 22:13 - 2012-10-08 22:13 - 00015888 ____A C:\Users\user\Documents\LA LIGA spain.xlsx_2012-10-09_09-13-41.enc
2012-10-08 22:02 - 2012-10-08 22:02 - 00009428 ____A C:\Users\user\Documents\kitchen.xlsx_2012-10-09_09-02-36.enc
2012-10-08 21:25 - 2012-10-08 21:25 - 00763424 ____A (Google Inc.) C:\Users\user\Downloads\GoogleEarthPluginSetup.exe
2012-10-07 21:07 - 2012-05-30 01:10 - 00000632 _RASH C:\Users\user\ntuser.pol
2012-10-03 05:42 - 2012-10-03 05:42 - 01200623 ____A C:\Users\user\Downloads\ezsplitter.exe
2012-10-03 02:03 - 2012-10-03 01:58 - 31192520 ____A (Any-Video-Converter.com ) C:\Users\user\Downloads\avc-free (1).exe
2012-10-02 12:35 - 2012-10-02 12:35 - 00168268 ____A C:\Users\user\Documents\my logo.tlc
2012-10-01 03:33 - 2012-01-22 02:11 - 00002006 ____A C:\aqua_bitmap.cpp
2012-09-30 21:56 - 2012-09-30 21:56 - 00000846 ____A C:\Users\user\Downloads\HighLowGUI (1).java
2012-09-30 21:53 - 2012-09-30 21:53 - 00012036 ____A C:\Users\user\Downloads\SimplePaint2.java
2012-09-30 21:39 - 2012-09-30 21:39 - 00045679 ____A C:\ComboFix.txt
2012-09-30 21:37 - 2009-07-13 18:34 - 00000272 ____A C:\Windows\system.ini
2012-09-30 21:14 - 2012-09-14 05:45 - 04759143 ___RA (Swearware) C:\Users\user\Downloads\ComboFix.exe
2012-09-28 02:29 - 2012-09-28 02:29 - 00008553 ____A C:\Users\user\Documents\result.xlsx
2012-09-27 23:38 - 2012-09-27 23:38 - 00000222 ____A C:\Users\user\Documents\code 1.txt
2012-09-26 23:27 - 2012-06-06 01:32 - 00012907 ____A C:\Users\user\Documents\LTS.xlsx
2012-09-26 22:03 - 2012-01-23 09:49 - 00020992 ____A C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-09-26 21:37 - 2012-09-26 21:37 - 00012643 ____A C:\Users\user\Documents\FARMER BOOK DISTRIBUTION FORM.xlsx
2012-09-26 21:22 - 2012-01-22 22:33 - 00001945 ____A C:\Windows\epplauncher.mif
2012-09-26 06:18 - 2012-09-26 06:18 - 01497598 ____A C:\Users\user\Documents\Mpanda.zip
2012-09-25 22:08 - 2012-09-25 22:08 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe
2012-09-25 08:35 - 2012-09-25 08:35 - 00501248 ____A (Facebook Inc.) C:\Users\user\Downloads\FacebookVideoCallSetup_v1.2.205.0.exe
2012-09-24 12:16 - 2012-10-19 22:50 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2012-09-24 12:08 - 2012-10-19 22:50 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-09-24 12:07 - 2012-10-19 22:50 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-09-24 06:16 - 2012-09-24 06:11 - 00001588 ____A C:\Users\user\Documents\SortNumbers.java
2012-09-24 06:06 - 2012-09-24 06:05 - 00002758 ____A C:\Users\user\Documents\Stroking.java
2012-09-24 06:03 - 2012-02-01 05:47 - 00010780 ____A C:\Users\user\_viminfo
2012-09-24 05:50 - 2012-09-24 05:49 - 00000713 ____A C:\Users\user\Documents\Reverse.java
2012-09-24 05:42 - 2012-09-24 05:34 - 00001892 ____A C:\Users\user\Documents\Factorial4.java
2012-09-23 21:47 - 2012-09-23 21:46 - 00716800 ____A (Blue Label Soft ) C:\Users\user\Downloads\blspeesetup.exe
2012-09-21 07:39 - 2012-09-21 07:38 - 04539792 ____A (www.orbitdownloader.com ) C:\Users\user\Downloads\OrbitDownloaderSetup (1).exe
2012-09-21 07:38 - 2012-09-21 07:30 - 03438630 ____A (www.orbitdownloader.com ) C:\Users\user\Downloads\OrbitDownloaderSetup.exe
2012-09-18 02:03 - 2012-09-18 02:03 - 00032640 ____A C:\Users\user\Documents\phone contacts.spb
2012-09-17 23:52 - 2012-09-17 23:52 - 01055987 ____A C:\Users\user\Documents\patl-amis-odk-v1.2-1c.apk
2012-09-15 11:12 - 2011-04-18 04:43 - 00003026 ____A C:\Windows\System32\Drivers\ztectx.txt
2012-09-14 11:19 - 2012-10-09 21:21 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-09-14 10:28 - 2012-10-09 21:21 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-09-14 06:19 - 2012-09-14 06:17 - 13739104 ____A (Kingsoft Corporation) C:\Users\user\Downloads\kav_setup.exe
2012-09-12 06:22 - 2012-01-25 01:29 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1301686803-1442502241-2597133401-1000UA.job
2012-09-12 06:22 - 2012-01-25 01:29 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1301686803-1442502241-2597133401-1000Core.job
2012-09-11 04:11 - 2012-09-11 04:12 - 00018296 ____A (Kingsoft Corporation) C:\Windows\System32\Drivers\kusbquery64.sys
2012-09-11 04:11 - 2012-09-11 04:12 - 00014200 ____A (Kingsoft Corporation) C:\Windows\System32\Drivers\kusbquery.sys
2012-09-10 21:43 - 2012-09-10 21:43 - 00112176 ____A C:\Users\user\Downloads\Snippage.air
2012-09-10 01:21 - 2012-09-10 01:21 - 00505442 ____A C:\Users\user\Downloads\WorldClock.gadget
2012-09-09 21:51 - 2012-03-25 07:28 - 00038912 ____A C:\Users\user\Documents\Seed Distribution Form_2011_10_01.xls
2012-09-07 21:30 - 2012-09-07 21:29 - 05903754 ____A (SibCode) C:\Users\user\Downloads\junior-icon-editor.exe
2012-09-03 05:37 - 2012-09-03 05:37 - 05562248 ____A (XWidget Software ) C:\Users\user\Documents\xlaunchpad_setup108.exe
2012-09-03 05:09 - 2012-09-03 05:09 - 00012632 ____A C:\Users\user\Documents\Tablets ID.xlsx
2012-09-03 02:52 - 2012-09-03 02:52 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_ggsemc_01009.Wdf
2012-09-03 02:52 - 2012-09-03 02:52 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_ggflt_01009.Wdf
2012-09-03 01:39 - 2012-09-03 01:39 - 01721576 ____A (Microsoft Corporation) C:\Windows\System32\WdfCoInstaller01009.dll
2012-09-03 01:39 - 2012-09-03 01:39 - 00027760 ____A (Sony Ericsson Mobile Communications) C:\Windows\System32\Drivers\ggsemc.sys
2012-09-03 01:39 - 2012-09-03 01:39 - 00014448 ____A (Sony Ericsson Mobile Communications) C:\Windows\System32\Drivers\ggflt.sys
2012-09-03 01:30 - 2012-09-03 01:17 - 27237672 ____A (Sony Mobile Communications ) C:\Users\user\Downloads\Sony PC Companion_2.10.094_Web.exe
2012-08-31 23:22 - 2012-08-31 23:17 - 00038529 ____A C:\Users\user\Documents\INFUSTRACTURE MPANDA.xlsx
2012-08-31 21:38 - 2012-08-31 21:24 - 82308090 ____A C:\Users\user\Downloads\k3d-setup-0.8.0.1.exe
2012-08-31 21:22 - 2012-08-31 21:22 - 00159461 ____A C:\Users\user\Downloads\CharMaker.zip
2012-08-31 10:19 - 2012-10-09 21:23 - 01659760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2012-08-31 06:50 - 2012-08-31 06:49 - 09098180 ____A C:\Users\user\Downloads\wings-1.4.1.exe
2012-08-31 06:33 - 2012-08-31 06:32 - 05554508 ____A C:\Users\user\Downloads\pencil-0.4.4b-win.zip
2012-08-31 06:18 - 2012-08-31 06:18 - 00000207 ____A C:\Users\user\Downloads\cachee55bedbac24f6eaebd9e85adc1a25fcb.wcm
2012-08-31 06:14 - 2012-08-31 06:13 - 05694948 ____A (Web Cartoon Maker ) C:\Users\user\Downloads\wcm_desktop_setup.exe
2012-08-31 05:30 - 2012-02-16 07:32 - 00821736 ____A (Oracle Corporation) C:\Windows\SysWOW64\npdeployJava1.dll
2012-08-31 05:30 - 2012-01-30 23:49 - 00746984 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2012-08-31 02:41 - 2012-08-31 02:39 - 10217672 ____A (Adobe Systems Incorporated) C:\Users\user\Downloads\install_flash_player.exe
2012-08-31 02:18 - 2012-08-31 02:16 - 03866528 ____A (Adobe Systems, Inc.) C:\Users\user\Downloads\flash.ocx
2012-08-31 02:06 - 2012-08-31 01:58 - 22550656 ____A C:\Users\user\Downloads\setup_pfm_free.exe
2012-08-30 22:02 - 2012-08-30 22:02 - 00447126 ____A C:\Users\user\Downloads\Windows 7 Start Button Animator.zip
2012-08-30 21:48 - 2012-08-30 21:47 - 03431179 ____A C:\Users\user\Downloads\concept_8_boot_animation_for_7_by_anunkasan-d469ud0.rar
2012-08-30 21:45 - 2012-08-30 21:45 - 00676960 ____A (OptimumInstaller) C:\Users\user\Downloads\Setup (2).exe
2012-08-30 11:03 - 2012-08-30 11:03 - 00228768 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MpFilter.sys
2012-08-30 11:03 - 2010-10-24 10:25 - 00128456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\NisDrvWFP.sys
2012-08-30 10:03 - 2012-10-09 21:22 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-08-30 09:12 - 2012-10-09 21:22 - 03968880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-08-30 09:12 - 2012-10-09 21:22 - 03914096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-08-30 01:55 - 2012-08-30 01:55 - 00000341 ____A C:\Users\user\Documents\CODE SALE.txt
2012-08-30 00:04 - 2012-08-29 23:51 - 00023290 ____A C:\Users\user\Documents\Mpda farm profile summary.xlsx
2012-08-29 00:47 - 2012-08-29 00:46 - 03198742 ____A C:\Users\user\Downloads\bootchanger_manual_and__ppm_by_artas182x-d45ns22.zip
2012-08-27 21:24 - 2012-08-27 21:24 - 00429775 ____A C:\Users\user\Downloads\Longhorn_Media_Player_by_Ludacris1990.rar
2012-08-27 06:14 - 2012-08-27 05:57 - 74789265 ____A (Studio V5 ) C:\Users\user\Downloads\uk-logomaker-2-web-full.exe
2012-08-24 23:42 - 2012-02-10 23:14 - 00001366 ____A C:\user.js
2012-08-24 23:40 - 2012-08-24 23:39 - 04124080 ____A (http://yourfiledownloader.com) C:\Users\user\Downloads\the_road_less_traveled_pdf_downloader_352 (1).exe
2012-08-24 23:37 - 2012-08-24 23:36 - 04124080 ____A (http://yourfiledownloader.com) C:\Users\user\Downloads\the_road_less_traveled_pdf_downloader_352.exe
2012-08-24 10:05 - 2012-10-09 21:21 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-08-24 08:57 - 2012-10-09 21:21 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-08-24 03:43 - 2012-08-24 01:36 - 00023420 ____A C:\Users\user\Documents\FARM PROFILE 2012.xlsx
2012-08-24 03:15 - 2012-09-23 21:26 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-24 02:31 - 2012-09-23 21:26 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-08-24 02:22 - 2012-09-23 21:26 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-24 02:21 - 2012-09-23 21:26 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-24 02:18 - 2012-09-23 21:26 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-24 02:17 - 2012-09-23 21:26 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-24 02:14 - 2012-09-23 21:26 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-08-24 02:14 - 2012-09-23 21:26 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-08-24 02:13 - 2012-09-23 21:26 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-08-24 02:12 - 2012-09-23 21:26 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-24 02:11 - 2012-09-23 21:26 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-08-24 02:10 - 2012-09-23 21:26 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-24 02:09 - 2012-09-23 21:26 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-24 02:04 - 2012-09-23 21:26 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-23 23:27 - 2012-09-23 21:26 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-08-23 23:03 - 2012-09-23 21:26 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-08-23 22:59 - 2012-09-23 21:26 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-08-23 22:51 - 2012-09-23 21:26 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-08-23 22:51 - 2012-09-23 21:26 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-08-23 22:51 - 2012-09-23 21:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-08-23 22:49 - 2012-09-23 21:26 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-08-23 22:48 - 2012-09-23 21:26 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-08-23 22:47 - 2012-09-23 21:26 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-08-23 22:47 - 2012-09-23 21:26 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-08-23 22:47 - 2012-09-23 21:26 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-08-23 22:45 - 2012-09-23 21:26 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-08-23 22:44 - 2012-09-23 21:26 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-08-23 22:44 - 2012-09-23 21:26 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-08-23 22:43 - 2012-09-23 21:26 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-08-23 22:40 - 2012-09-23 21:26 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-08-22 22:04 - 2012-08-22 22:01 - 06977936 ____A C:\Users\user\Downloads\applocker.wmv
2012-08-22 21:44 - 2012-08-22 21:44 - 00025745 ____A C:\Users\user\Documents\COP - PATL - 2013 Crop.xlsx
2012-08-22 21:41 - 2012-08-22 21:38 - 09735080 ____A (Hewlett-Packard ) C:\Users\user\Downloads\sp56099.exe
2012-08-22 21:14 - 2012-07-11 08:35 - 00210296 ____A (Kingsoft Corporation) C:\Windows\System32\Drivers\kisknl.sys
2012-08-22 10:12 - 2012-09-12 04:37 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-08-22 10:12 - 2012-09-12 04:37 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2012-08-22 10:12 - 2012-09-12 04:37 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2012-08-22 10:12 - 2012-09-12 04:37 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2012-08-21 22:42 - 2012-08-21 05:03 - 00028605 ____A C:\Users\user\Documents\Ukonongo Payments.xlsx
2012-08-20 21:40 - 2012-07-12 05:46 - 00012092 ____A C:\Users\user\Documents\SCHOOLS2.xlsx
2012-08-20 10:48 - 2012-10-09 21:22 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-08-20 10:48 - 2012-10-09 21:22 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-08-20 10:48 - 2012-10-09 21:22 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2012-08-20 10:48 - 2012-10-09 21:22 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2012-08-20 10:48 - 2012-10-09 21:22 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-08-20 10:48 - 2012-10-09 21:22 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2012-08-20 10:48 - 2012-10-09 21:22 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2012-08-20 10:46 - 2012-10-09 21:22 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2012-08-20 10:38 - 2012-10-09 21:22 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 21:22 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 21:22 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 21:22 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 21:22 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 21:22 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 21:22 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 21:22 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 21:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 21:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 21:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 21:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 21:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 21:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 21:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 21:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 21:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 21:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 21:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 21:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 21:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 21:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 21:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 21:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 21:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 21:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 21:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 21:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-08-20 09:40 - 2012-10-09 21:22 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2012-08-20 09:38 - 2012-10-09 21:22 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2012-08-20 09:37 - 2012-10-09 21:22 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2012-08-20 09:37 - 2012-10-09 21:22 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2012-08-20 09:37 - 2012-10-09 21:22 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2012-08-20 09:32 - 2012-10-09 21:22 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 21:22 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 21:22 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 21:22 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 21:22 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 21:22 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 21:22 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 21:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 21:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 21:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 21:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 21:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 21:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 21:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 21:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 21:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 21:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 21:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 21:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 21:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 21:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 21:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 21:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 21:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2012-08-20 07:38 - 2012-10-09 21:22 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2012-08-20 07:38 - 2012-10-09 21:22 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2012-08-20 07:33 - 2012-10-09 21:22 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2012-08-20 07:33 - 2012-10-09 21:22 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 07:33 - 2012-10-09 21:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 07:33 - 2012-10-09 21:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2012-08-17 03:13 - 2012-08-17 03:09 - 20928200 ____A (Audacity Team ) C:\Users\user\Downloads\audacity-win-2.0.1 (1).exe
2012-08-17 01:58 - 2012-08-17 01:55 - 11383789 ____A (Audacity Team ) C:\Users\user\Downloads\audacity-win-2.0.1.exe
2012-08-17 01:36 - 2012-08-17 01:34 - 03814935 ____A (Pianosoft ) C:\Users\user\Downloads\vocrem11.exe
2012-08-17 01:33 - 2012-08-17 01:33 - 00431288 ____A C:\Users\user\Downloads\Afreecodec_downloader_For_Vocal_Remover.exe
2012-08-17 01:14 - 2012-08-17 01:14 - 00360520 ____A (AnalogX, LLC) C:\Users\user\Downloads\vremover(1).exe
2012-08-17 01:12 - 2012-08-17 01:12 - 00431312 ____A C:\Users\user\Downloads\Afreecodec_downloader_For_Vocal_Remover_DirectX_.exe
2012-08-17 01:07 - 2012-08-17 01:07 - 00360520 ____A (AnalogX, LLC) C:\Users\user\Downloads\vremover (1).exe
2012-08-16 23:29 - 2012-08-16 23:26 - 16476616 ____A (Microsoft Corporation) C:\Users\user\Downloads\Windows-KB890830-V4.11.exe
2012-08-16 23:15 - 2012-08-16 23:15 - 01448809 ____A (DOSBox Team) C:\Users\user\Downloads\DOSBox0.74-win32-installer.exe
2012-08-16 22:41 - 2012-08-16 22:41 - 00292184 ____A (Microsoft Corporation) C:\Users\user\Downloads\dxwebsetup.exe
2012-08-16 22:33 - 2012-08-16 22:29 - 17335648 ____A (Nullsoft, Inc.) C:\Users\user\Downloads\winamp563_full_emusic-7plus_all.exe
2012-08-16 22:14 - 2012-08-16 22:14 - 00360520 ____A (AnalogX, LLC) C:\Users\user\Downloads\vremover.exe
2012-08-15 07:42 - 2012-08-15 07:42 - 00000051 ____A C:\Users\user\.eyrc
2012-08-14 22:30 - 2012-08-14 22:29 - 06519568 ____A ( ) C:\Users\user\Downloads\Sublime Text 2.0.1 x64 Setup.exe
2012-08-14 21:40 - 2012-08-14 21:40 - 00000993 ____A C:\Windows\gvimdiff.bat
2012-08-14 21:40 - 2012-08-14 21:40 - 00000993 ____A C:\Windows\gview.bat
2012-08-14 21:40 - 2012-08-14 21:40 - 00000993 ____A C:\Windows\evim.bat
2012-08-14 21:40 - 2012-08-14 21:40 - 00000985 ____A C:\Windows\gvim.bat
2012-08-14 21:40 - 2012-08-14 21:40 - 00000668 ____A C:\Windows\vimdiff.bat
2012-08-14 21:40 - 2012-08-14 21:40 - 00000668 ____A C:\Windows\view.bat
2012-08-14 21:40 - 2012-08-14 21:40 - 00000664 ____A C:\Windows\vim.bat
2012-08-14 21:40 - 2012-02-01 05:41 - 00000694 ____A C:\Windows\vimtutor.bat
2012-08-14 21:38 - 2012-08-14 21:36 - 09585439 ____A C:\Users\user\Downloads\gvim73_46.exe
2012-08-14 21:33 - 2012-08-14 21:33 - 00809840 ____A (AirInstaller Inc.) C:\Users\user\Downloads\setup (1).exe
2012-08-14 03:43 - 2012-08-14 03:38 - 22975511 ____A (Igor Pavlov) C:\Users\user\Downloads\DevKit-tdm-32-4.5.2-20111229-1559-sfx.exe
2012-08-14 03:37 - 2012-08-14 03:34 - 18025816 ____A (RubyInstaller Team ) C:\Users\user\Downloads\rubyinstaller-1.9.3-p194.exe
2012-08-13 22:07 - 2012-08-13 22:07 - 00064000 ____A C:\Users\user\Documents\OFFSITE BALES.xls
2012-08-13 02:31 - 2012-08-13 02:10 - 96847848 ____A (Oracle Corporation) C:\Users\user\Downloads\jdk-7u5-windows-x64 (1).exe
2012-08-13 00:56 - 2012-08-13 00:41 - 83345288 ____A C:\Users\user\Desktop\jdk-7-windows-i586.exe
2012-08-12 22:46 - 2012-08-12 22:41 - 21865936 ____A (Oracle Corporation) C:\Users\user\Downloads\jre-7u4-windows-x64.exe
2012-08-12 22:29 - 2012-08-12 22:24 - 16451497 ____A C:\Users\user\Downloads\jdk-7u5-windows-x64-demos.zip
2012-08-12 22:22 - 2012-08-12 21:55 - 85423313 ____A (Oracle Corporation) C:\Users\user\Downloads\jdk-7u5-windows-x64.exe
2012-08-12 21:37 - 2012-08-12 21:37 - 00352968 ____A (Softonic) C:\Users\user\Downloads\SoftonicDownloader_for_java-development-kit.exe
2012-08-11 08:58 - 2012-08-11 08:55 - 00001071 ____A C:\Users\user\Documents\FizzBuzz2.class
2012-08-11 08:57 - 2012-08-11 08:57 - 00001268 ____A C:\Users\user\Documents\Averager$Test.class
2012-08-11 08:57 - 2012-08-11 08:57 - 00001092 ____A C:\Users\user\Documents\Averager.class
2012-08-11 08:57 - 2012-08-11 08:46 - 00001277 ____A C:\Users\user\Documents\FactComputer.java
2012-08-11 08:57 - 2012-08-11 07:49 - 00001963 ____A C:\Users\user\Documents\Averager.java
2012-08-11 08:55 - 2012-08-11 08:53 - 00001222 ____A C:\Users\user\Documents\FizzBuzz2.java
2012-08-11 07:56 - 2012-08-11 07:56 - 00000450 ____A C:\Users\user\Documents\Hello.java
2012-08-11 07:42 - 2012-08-11 07:36 - 00011330 ____A C:\Users\user\Documents\HighLowWithImages.java
2012-08-11 07:39 - 2012-08-11 07:37 - 00000468 ____A C:\Users\user\Documents\HighLowWithImages.class
2012-08-11 07:20 - 2012-08-11 07:20 - 00022910 ____A C:\Users\user\Downloads\PaintWithOffScreenCanvas.java
2012-08-11 07:19 - 2012-08-11 07:19 - 00011238 ____A C:\Users\user\Downloads\HighLowWithImages.java
2012-08-11 07:18 - 2012-08-11 07:18 - 00000846 ____A C:\Users\user\Downloads\HighLowGUI.java
2012-08-11 00:24 - 2012-08-11 00:23 - 02893191 ____A C:\Users\user\Downloads\1302981014_nbruby041611.zip
2012-08-10 22:34 - 2012-08-10 22:34 - 00662689 ____A (MinGW ) C:\Users\user\Downloads\mingw-get-inst-20120426 (1).exe
2012-08-10 22:24 - 2012-08-10 22:24 - 00000044 ____A C:\Windows\MSYS.INI
2012-08-10 22:03 - 2012-08-10 06:10 - 00662689 ____A (MinGW ) C:\Users\user\Downloads\mingw-get-inst-20120426.exe
2012-08-10 16:56 - 2012-10-09 21:20 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2012-08-10 15:56 - 2012-10-09 21:20 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2012-08-08 21:42 - 2012-08-08 21:24 - 00070983 ____A C:\Users\user\Documents\Reconcialtion Ukonongo.xlsx
2012-08-07 01:21 - 2012-08-07 01:21 - 00208406 ____A C:\Users\user\Downloads\ehep-1.0.0.zip
2012-08-06 23:57 - 2012-08-06 23:53 - 18595693 ____A (Leapconverter Software, Inc. ) C:\Users\user\Downloads\freemp3_to_m4a_aac_converter.exe
2012-08-06 21:39 - 2012-08-06 21:39 - 00189424 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-08-06 21:39 - 2012-08-06 21:39 - 00188912 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-08-06 21:16 - 2012-08-06 21:15 - 05443429 ____A C:\Users\user\Downloads\winpathed.zip
2012-08-06 12:39 - 2012-08-06 12:39 - 00000906 ___RA C:\Windows\System32\BitLocker Recovery Key 4B504857-FDB6-4525-B947-5B217B24205B.txt
2012-08-06 05:55 - 2012-08-06 05:55 - 00008765 ____A C:\Users\user\Documents\Inputs.xlsx
2012-08-06 00:29 - 2012-08-06 00:27 - 00338609 ____A C:\Users\user\Downloads\Pulmon Beta 1.rar
2012-08-06 00:14 - 2012-08-06 00:14 - 00205772 ____A C:\Users\user\Downloads\Pulmon Start.rar
2012-08-05 21:23 - 2012-08-05 21:12 - 27669608 ____A (IObit ) C:\Users\user\Downloads\asc-setup.exe
2012-08-03 21:19 - 2012-08-03 21:19 - 00012073 ____A C:\Users\user\Documents\Offsite Bales.xlsx
2012-08-02 09:58 - 2012-09-12 04:37 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2012-08-02 08:57 - 2012-09-12 04:37 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2012-08-01 23:07 - 2012-08-01 23:07 - 00000252 ____A C:\Users\user\AppData\Roaming\GPU MeterV2_Settings.ini
2012-08-01 22:54 - 2012-08-01 22:54 - 02086577 ____A C:\Users\user\Downloads\Windows-vNext.themepack
2012-08-01 22:52 - 2012-08-01 22:52 - 00009886 ____A C:\Users\user\Documents\tablets.xlsx
2012-08-01 21:52 - 2012-08-01 21:39 - 32261212 ____A C:\Users\user\Downloads\Windows_8_7282_RC.rar
2012-08-01 00:11 - 2012-08-01 00:11 - 06956544 ____A C:\Users\user\Documents\Bkp_Sec_20120730.bak
2012-07-31 04:08 - 2012-02-12 07:01 - 00000411 ____A C:\Windows\ODBCINST.INI
2012-07-31 01:20 - 2012-07-31 01:19 - 01683448 ____A (arvato digital services llc) C:\Users\user\Downloads\Download_Sage_Simply_Accounting_2012_(Canada),_Release_D.exe

==================== Known DLLs (Whitelisted) =================

[2009-07-13 16:18] - [2009-07-13 17:41] - 0083456 ____A (Microsoft Corporation) C:\Windows\System32\msacm32.dll
[2009-07-13 16:03] - [2009-07-13 17:15] - 0072192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msacm32.dll
[2009-07-13 15:21] - [2009-07-13 17:41] - 0006656 ____A (Microsoft Corporation) C:\Windows\System32\shimeng.dll
[2009-07-13 15:12] - [2009-07-13 17:16] - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
[2009-07-13 15:55] - [2012-01-23 03:06] - 0332288 ____A (Microsoft Corporation) C:\Windows\System32\uxtheme.dll
[2009-07-13 15:39] - [2009-07-13 17:11] - 0245760 ____A (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe
[2012-10-20 00:11] - [2011-07-02 17:16] - 2930176 ____A (Microsoft Corporation) 504FCEDB4333FAEFFF05CDAC4952BB1A

C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-10-11 21:31:23
Restore point made on: 2012-10-11 21:37:04
Restore point made on: 2012-10-12 21:59:57
Restore point made on: 2012-10-14 21:16:16
Restore point made on: 2012-10-17 00:36:02
Restore point made on: 2012-10-18 02:00:18
Restore point made on: 2012-10-19 22:48:54
Restore point made on: 2012-10-19 23:26:06
Restore point made on: 2012-10-19 23:57:18
Restore point made on: 2012-10-21 21:15:46
Restore point made on: 2012-10-24 21:25:48

==================== Memory info ===========================

Percentage of memory in use: 17%
Total physical RAM: 4043.86 MB
Available physical RAM: 3355.46 MB
Total Pagefile: 4042.01 MB
Available Pagefile: 3356.31 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:445.7 GB) (Free:103.98 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive e: (Recovery) (Fixed) (Total:15.9 GB) (Free:1.72 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive f: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:1.08 GB) FAT32
5 Drive h: () (Removable) (Total:7.5 GB) (Free:7.27 GB) NTFS
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
7 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 7680 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 199 MB 1024 KB
Partition 2 Primary 445 GB 200 MB
Partition 3 Primary 15 GB 445 GB
Partition 4 Primary 4063 MB 461 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 445 GB Healthy

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E Recovery NTFS Partition 15 GB Healthy

=========================================================

Disk: 0
Partition 4
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F HP_TOOLS FAT32 Partition 4063 MB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7678 MB 1032 KB

==================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H NTFS Removable 7678 MB Healthy

=========================================================

Last Boot: 2012-10-17 11:49

==================== End Of Log =============================

Attached Files

  • Attached File  FRST.txt   76.45KB   2 downloads


BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:44 AM

Posted 27 October 2012 - 10:24 AM

Hello thegonga,

Welcome to the forum.

How far it goes when you start the computer?

Boot to System Recovery Options and run FRST.
In Windows XP: Please boot to BartPe and run FRST.
Type the following in the edit box after "Search:"

explorer.exe

Click Search File(s) button and post the log it makes to your reply.

#3 thegonga

thegonga
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Katavi
  • Local time:02:44 AM

Posted 29 October 2012 - 01:40 AM

thanks!

when starting it shows the window with the tiltle: Startup Repair which says Startup Repair is checking your system for problems...
then attempting repair ... then after booting it start all over again

below is the log after explore.exe seach file(s)

Farbar Recovery Scan Tool (x64) Version: 26-10-2012
Ran by SYSTEM at 2012-10-29 09:06:22
Running from H:\

================== Search: "explorer.exe" ===================

C:\Windows\explorer.exe
[2012-10-20 00:11] - [2011-07-02 17:16] - 2930176 ____A (Microsoft Corporation) 504FCEDB4333FAEFFF05CDAC4952BB1A

C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011-07-02 17:16] - [2011-07-02 17:16] - 2616320 ____A (Microsoft Corporation) 0FB9C74046656D1579A64660AD67B746

C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2011-07-02 17:16] - [2011-07-02 17:16] - 2616320 ____A (Microsoft Corporation) 8B88EBBB05A0E56B7DCC708498C02B3E

C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010-11-20 19:24] - [2010-11-20 19:24] - 2616320 ____A (Microsoft Corporation) 40D777B7A95E00593EB1568C68514493

C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2011-07-02 17:16] - [2011-07-02 17:16] - 2871808 ____A (Microsoft Corporation) 3B69712041F3D63605529BD66DC00C48

C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011-07-02 17:16] - [2011-07-02 17:16] - 2871808 ____A (Microsoft Corporation) 332FEAB1435662FC6C672E25BEB37BE3

C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2010-11-20 19:24] - [2010-11-20 19:24] - 2872320 ____A (Microsoft Corporation) AC4C51EB24AA95B77F705AB159189E24

C:\Windows\UXBackup\explorer.exe
[2012-10-20 00:11] - [2011-07-02 17:16] - 2822656 ____A (Microsoft Corporation) C7D1FD89BD4C9AF11917049E5F15E31D

C:\Windows\SysWOW64\explorer.exe
[2011-07-02 17:16] - [2011-07-02 17:16] - 2616320 ____A (Microsoft Corporation) 8B88EBBB05A0E56B7DCC708498C02B3E

C:\Windows\Resources\Themes\Snow Leopard for Windows7\System Files\explorer\64 BIT\explorer.exe
[2012-06-28 23:15] - [2009-10-30 14:34] - 2870272 ____A (Microsoft Corporation) B5F0451C13D0A9175034210D45F65E58

C:\Windows\Resources\Themes\Snow Leopard for Windows7\System Files\explorer\32 BIT\explorer.exe
[2012-06-28 23:15] - [2009-04-11 11:42] - 2641408 ____A (Microsoft Corporation) 58ECFDD48ECDA802A7CEC1F998C18088

C:\Users\user\Downloads\Windows_8_7282_RC\Windows\explorer.exe
[2012-08-01 21:54] - [2009-04-21 09:04] - 2900992 ____A (Microsoft Corporation) 2090BEE22BE87735FD35ACEDC1E7DB6F

C:\Users\user\Documents\windows 8\Snow Leopard for Windows7\System Files\explorer\64 BIT\explorer.exe
[2012-05-11 22:08] - [2009-10-30 14:34] - 2870272 ____A (Microsoft Corporation) B5F0451C13D0A9175034210D45F65E58

C:\Users\user\Documents\windows 8\Snow Leopard for Windows7\System Files\explorer\32 BIT\explorer.exe
[2012-05-11 22:08] - [2009-04-11 11:42] - 2641408 ____A (Microsoft Corporation) 58ECFDD48ECDA802A7CEC1F998C18088

====== End Of Search ======

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:44 AM

Posted 29 October 2012 - 02:18 AM

Let's replace this unknown explorer file with a known legit one.

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation)
Replace: C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe C:\Windows\explorer.exe
end

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options and select Command Prompt.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Also restart, let it boot normally and tell me how it went.

#5 thegonga

thegonga
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Katavi
  • Local time:02:44 AM

Posted 29 October 2012 - 03:47 AM

still the same broblem after normal booting .

below is the log after running FRST and press Fix button

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-10-2012
Ran by SYSTEM at 2012-10-29 11:33:51 Run:1
Running from H:\

==============================================

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\*Restore Value not found.
C:\Windows\explorer.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe copied successfully to C:\Windows\explorer.exe

==== End of Fixlog ====

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:44 AM

Posted 29 October 2012 - 05:54 AM

Please make sure you don't run any fix or do any changes to the system unless you think you can do the rest on your own without my assistance. The reason is that I see an entry on the log which is not there any more. So it means the system is gone through changes after posting the log.

Could please tell me how long you have this issue, on which date did the problem start to show up?

I see also ComboFix is run before, what was the reason?

Also I see you have tried to restore the system. Which restore point you have used?

Finally please post a fresh FRST log to see what are the changes after posting the log.

#7 thegonga

thegonga
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Katavi
  • Local time:02:44 AM

Posted 29 October 2012 - 08:55 AM

I'm very sorry for that, of course I was using HP Quick Web which does not need to boot the system

this problem started 24th October 2012 Durring evening now it's about 6 days
I ran Combofix before, because the system was seems to run slowly so I thought it could help
Durring this problem I used Repair Disk I created earlier from the system to restore point of 24th October 2012 but was not succesfully

this is Fresh Log

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-10-2012
Ran by SYSTEM at 29-10-2012 16:36:08
Running from H:\
Windows 7 Ultimate (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-06-07] (IDT, Inc.)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1289704 2012-09-12] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [x]
HKLM\...\Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [42808 2011-06-27] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [KSafeTray] "C:\Program Files (x86)\Kingsoft\PcDoctor\KSafeTray.exe" -autorun [1308064 2012-04-10] (Kingsoft Corporation)
HKLM-x32\...\Run: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey [1858152 2012-03-30] (Microsoft Corp.)
HKLM-x32\...\Run: [kxesc] "c:\program files (x86)\kingsoft\kingsoft antivirus\kxetray.exe" -autorun [1595056 2012-10-07] (Kingsoft Corporation)
HKLM-x32\...\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [318520 2011-01-27] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [FileFort] "C:\Program Files (x86)\NCH Software\FileFort\filefort.exe" -logon [964720 2012-09-19] (NCH Software)
HKLM-x32\...\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [724576 2012-09-25] (Sony Corporation)
HKLM-x32\...\Run: [UX Launcher] C:\Program Files (x86)\UX Pack\uxlaunch.exe [234274 2012-09-02] (Windows X)
HKU\Default\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1668664 2009-10-25] (Hewlett-Packard)
HKU\Default User\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1668664 2009-10-25] (Hewlett-Packard)
HKU\user\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-12-06] (Google Inc.)
HKU\user\...\Run: [Facebook Update] "C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-09-25] (Facebook Inc.)
HKU\user\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
HKU\user\...\Run: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart [288128 2012-05-28] (IObit)
HKU\user\...\Run: [XLaunchPad] C:\Program Files (x86)\XLaunchPad\XLaunchPad.exe [2368000 2012-07-31] (xwidget.com)
HKU\user\...\Policies\system: [DisableLockWorkstation] 0
HKU\user\...\Policies\system: [DisableChangePassword] 0
HKU\user\...\Policies\system: [LogonHoursAction] 2
HKU\user\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Tcpip\Parameters: [DhcpNameServer] 41.72.175.3 41.72.175.4
Tcpip\..\Interfaces\{95C42E44-7667-4E72-BAE0-38FE7E626B77}: [NameServer]8.8.8.8,208.67.222.222,8.8.4.4,208.67.220.220,222.46.120.5,222.46.120.6,211.98.2.4,211.98.2.1
Tcpip\..\Interfaces\{A61C3E57-8416-43E7-B359-74068AE4361C}: [NameServer]8.8.8.8,208.67.222.222,8.8.4.4,208.67.220.220,222.46.120.5,222.46.120.6,211.98.2.4,211.98.2.1
Startup: C:\Users\user\Start Menu\Programs\Startup\Boot BMP Changer.lnk
ShortcutTarget: Boot BMP Changer.lnk -> C:\Program Files (x86)\Boot BMP Changer\BootBMP.exe (No File)
Startup: C:\Users\user\Start Menu\Programs\Startup\XWindows Dock.lnk
ShortcutTarget: XWindows Dock.lnk -> C:\Program Files (x86)\XWindows Dock\XWD.exe (Lichonos Vladimir)

==================== Services (Whitelisted) ===================

2 AdvancedSystemCareService5; C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [913792 2012-05-26] (IObit)
2 BingDesktopUpdate; "C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe" [151656 2012-03-30] (Microsoft Corp.)
3 ExpressAccountsService; "C:\Program Files (x86)\NCH Software\ExpressAccounts\expressaccounts.exe" -service [3051632 2012-09-25] (NCH Software)
3 ExpressInvoiceService; "C:\Program Files (x86)\NCH Software\ExpressInvoice\expressinvoice.exe" -service [2158192 2012-09-17] (NCH Software)
2 HPAuto; "C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe" [682040 2011-02-16] (Hewlett-Packard)
3 hpCMSrv; "C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe" [1098296 2011-06-14] (Hewlett-Packard Development Company L.P.)
3 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [821592 2012-01-09] (IObit)
3 iprip; C:\Windows\System32\iprip.dll [35328 2009-07-13] (Microsoft Corporation)
2 KSafeSvc; "C:\Program Files (x86)\Kingsoft\PcDoctor\KSafeSvc.exe" -svc [452512 2012-04-10] (Kingsoft Corporation)
2 kxescore; "C:\program files (x86)\kingsoft\kingsoft antivirus\kxescore.exe" /service kxescore [123992 2012-07-11] (Kingsoft Corporation)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [22072 2012-09-12] (Microsoft Corporation)
4 msvsmon80; "C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x64\msvsmon.exe" /service msvsmon80 [4476096 2005-09-22] (Microsoft Corporation)
3 MWAgent; C:\PROGRA~2\COMMON~1\MICROW~1\Agent\MWASER.EXE [845320 2010-03-10] (MicroWorld Technologies Inc.)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [368896 2012-09-12] (Microsoft Corporation)
3 PMBDeviceInfoProvider; "C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe" [474208 2012-09-25] (Sony Corporation)
3 UI Assistant Service; C:\Program Files (x86)\Join Air\AssistantServices.exe [246272 2009-07-14] ()
3 UnsignedThemes; C:\Windows\UnsignedThemesSvc.exe [24168 2009-07-12] (The Within Network, LLC)
3 vToolbarUpdater12.1.5; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe [830048 2012-07-27] ()
3 wampapache; "C:\wamp\bin\apache\apache2.2.21\bin\httpd.exe" -k runservice [21504 2011-09-26] (Apache Software Foundation)
3 wampmysqld; C:\wamp\bin\mysql\mysql5.5.16\bin\mysqld.exe wampmysqld [9665536 2011-09-26] ()
2 Web Assistant Updater; C:\Program Files\Web Assistant\ExtensionUpdaterService.exe [185856 2012-05-01] ()
3 Applications Manager; "C:\Program Files (x86)\ManageEngine\AppManager10\working\wrapper.exe" -s conf\wrapper.conf [x]
2 WinDefend; C:\Program Files (x86)\Windows Defender\mpsvc.dll [x]

==================== Drivers (Whitelisted) =====================

3 athr; C:\Windows\System32\DRIVERS\athrx.sys [3678720 2012-06-19] (Qualcomm Atheros Communications, Inc.)
1 avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys [31080 2012-07-27] (AVG Technologies)
3 bdfsfltr; C:\Windows\System32\Drivers\bdfsfltr.sys [340488 2009-07-24] (BitDefender S.R.L. Bucharest, ROMANIA)
3 dgderdrv; C:\Windows\System32\Drivers\dgderdrv.sys [20552 2010-09-13] (Devguru Co., Ltd)
3 FileMonitor; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [21384 2012-01-05] (IObit)
0 kavbootc; C:\Windows\System32\Drivers\kavbootc.sys [27240 2012-07-11] (Kingsoft Corporation)
1 KDHacker; C:\Windows\System32\Drivers\KDHacker.sys [125784 2012-07-11] (Kingsoft Corporation)
2 kisknl; C:\Windows\System32\Drivers\kisknl.sys [210296 2012-08-22] (Kingsoft Corporation)
1 kmodurl; \??\C:\Program Files (x86)\Kingsoft\PcDoctor\kmodurl64.sys [133096 2011-12-19] (Kingsoft Corporation)
3 ksfmonsys; \??\C:\Program Files (x86)\Kingsoft\PcDoctor\ksfmonsys64.sys [21320 2012-04-10] (Kingsoft Corporation)
4 KUsbGuard; \??\C:\Program Files (x86)\Kingsoft\kingsoft antivirus\kusbquery64.sys [18296 2012-09-11] (Kingsoft Corporation)
0 MpFilter; C:\Windows\System32\Drivers\MpFilter.sys [228768 2012-08-30] (Microsoft Corporation)
2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [128456 2012-08-30] (Microsoft Corporation)
3 PsxDrv; C:\Windows\System32\Drivers\PsxDrv.sys [10240 2009-07-13] (Microsoft Corporation)
3 RegFilter; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [33184 2012-04-28] (IObit.com)
0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [17720 2010-11-26] ()
3 UrlFilter; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [21872 2012-04-28] (IObit.com)
2 uxpatch; C:\Windows\System32\Drivers\uxpatch.sys [30568 2009-07-12] ()
3 vodafone_K380x-z_dc_enum; C:\Windows\System32\Drivers\vodafone_K380x-z_dc_enum.sys [75776 2010-05-20] (Vodafone)
3 WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-10-31] (OpenLibSys.org)
3 ZTEusbwwan; C:\Windows\System32\Drivers\ZTEusbwwan.sys [235520 2011-04-18] (ZTE Incorporated)
3 catchme; \??\C:\ComboFix\catchme.sys [x]
0 SR; [x]
2 SRService; [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2012-10-27 13:33 - 2012-10-27 13:33 - 00000000 ____D C:\FRST
2012-10-26 07:39 - 2012-10-26 09:27 - 00000000 ___HD C:\_Exception1
2012-10-24 21:14 - 2012-10-24 21:15 - 00000000 ____D C:\Users\user\AppData\Local\{F07B9708-3EE1-4FA6-BBF2-1051C451E178}
2012-10-24 12:15 - 2012-10-24 12:15 - 00000000 ____D C:\Users\user\AppData\Local\{53E2B7E2-8DC0-408E-9FBD-10D2207EE98E}
2012-10-23 23:35 - 2012-10-23 23:35 - 00013847 ____A C:\Users\user\Documents\Payments 2012.xlsx
2012-10-23 22:13 - 2012-10-23 22:13 - 00000000 ____D C:\Users\user\AppData\Local\{56D89B6B-FB03-485D-B73D-FB649911C196}
2012-10-23 21:04 - 2012-10-23 21:04 - 00000000 ____D C:\Users\user\AppData\Local\{F7E08D87-DF2E-4A85-85F4-E74202DA1381}
2012-10-23 03:50 - 2012-10-23 03:51 - 01873160 ____A (Conduit) C:\Users\user\Downloads\WeLoveMusic.exe
2012-10-22 21:03 - 2012-10-22 21:03 - 00000000 ____D C:\Users\user\AppData\Local\{5643005F-0B83-4F60-B83E-F996F31D6793}
2012-10-22 10:47 - 2012-10-22 10:47 - 00000000 ____D C:\Users\user\AppData\Local\{5D3CDE61-F8C1-4E40-AE41-2B8FC3D8C470}
2012-10-22 09:22 - 2010-12-02 03:58 - 27247964 ____A C:\Users\user\Documents\AVSEQ01.DAT
2012-10-22 09:20 - 2011-05-14 07:00 - 53961099 ____A C:\Users\user\Documents\Busty MILF Wearing Satin bleep Machine.flv
2012-10-22 09:19 - 2011-01-06 23:03 - 33260021 ____A C:\Users\user\Documents\melissa_mpeg4.mp4
2012-10-22 09:19 - 2010-11-07 14:18 - 22962954 ____A C:\Users\user\Documents\Mtoto malaya.mp4
2012-10-22 09:17 - 2012-10-22 09:17 - 00000000 ____D C:\Users\user\AppData\Local\{24550164-C4EB-4AF6-A151-904B2A58E089}
2012-10-21 21:06 - 2012-10-21 21:09 - 00000000 ____D C:\Users\user\AppData\Local\{404E88E2-87AA-45E3-B2AA-7BDB77BD7DC9}
2012-10-21 00:46 - 2012-10-29 12:01 - 00000000 ___HD C:\Users\user\Documents\.picasaoriginals
2012-10-21 00:45 - 2012-10-21 00:47 - 00000113 ___AH C:\Users\user\Documents\.picasa.ini
2012-10-20 23:50 - 2012-10-20 23:50 - 00000000 ____D C:\Users\user\Documents\103SSCAM
2012-10-20 23:31 - 2012-10-29 12:01 - 00000000 ____D C:\Program Files (x86)\DVD Shrink
2012-10-20 23:31 - 2012-10-22 21:09 - 00000000 ____D C:\Users\All Users\DVD Shrink
2012-10-20 23:12 - 2012-10-29 11:58 - 00000000 ____D C:\Users\user\Documents\www
2012-10-20 21:30 - 2012-10-20 21:30 - 00000000 ____D C:\Users\user\AppData\Local\{1FDEB07A-6C66-4B4A-9CD2-E1B8581A719B}
2012-10-20 10:14 - 2012-10-20 10:14 - 00000000 ____D C:\Users\user\AppData\Local\{57430025-2E9B-431C-837A-AD3AD72751D7}
2012-10-20 00:42 - 2012-10-20 00:43 - 00658944 ____A (Coder for Life) C:\Users\user\Downloads\Win7BootUpdater (1).exe
2012-10-20 00:12 - 2010-11-20 19:24 - 00249856 ____A (Microsoft Corporation) C:\Windows\System32\stobject.dll
2012-10-20 00:11 - 2012-06-08 21:43 - 14171136 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-10-20 00:11 - 2011-07-02 17:16 - 02930176 ____A (Microsoft Corporation) C:\Windows\explorer.exe
2012-10-20 00:11 - 2010-11-20 19:24 - 02059776 ____A (Microsoft Corporation) C:\Windows\System32\ExplorerFrame.dll
2012-10-20 00:11 - 2010-11-20 19:24 - 00749568 ____A (Microsoft Corporation) C:\Windows\System32\batmeter.dll
2012-10-20 00:11 - 2010-11-20 19:23 - 01927168 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2012-10-20 00:11 - 2010-11-20 19:23 - 01574912 ____A (Microsoft Corporation) C:\Windows\System32\pnidui.dll
2012-10-20 00:11 - 2010-11-20 19:23 - 00143872 ____A (Microsoft Corporation) C:\Windows\System32\SndVolSSO.dll
2012-10-20 00:11 - 2009-07-13 17:28 - 16842752 ____A (Microsoft Corporation) C:\Windows\System32\imageres.dll
2012-10-19 23:43 - 2010-11-20 19:24 - 00014336 ____A (Microsoft Corporation) C:\Windows\System32\browseui.dll
2012-10-19 23:43 - 2009-07-13 17:38 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\wscui.cpl
2012-10-19 23:31 - 2012-10-19 23:31 - 01376768 ____A C:\Users\user\Downloads\7z920-x64.msi
2012-10-19 22:50 - 2012-09-24 12:16 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2012-10-19 22:50 - 2012-09-24 12:08 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-10-19 22:50 - 2012-09-24 12:07 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-10-19 22:49 - 2012-10-19 22:50 - 00004119 ____A C:\Windows\SysWOW64\jupdate-1.7.0_09-b05.log
2012-10-19 21:11 - 2012-10-19 21:11 - 00000000 ____D C:\Users\user\AppData\Local\{D955DECC-9E67-43CC-974B-DF5399BE7A46}
2012-10-19 21:09 - 2012-10-19 22:39 - 00000336 ____A C:\Windows\Tasks\HPCeeScheduleForFREDG$.job
2012-10-19 21:08 - 2012-10-19 21:08 - 00000394 ____A C:\Windows\PFRO.log
2012-10-19 00:05 - 2012-10-19 00:25 - 47436176 ____A (Apple Inc.) C:\Users\user\Downloads\iCloudSetup.exe
2012-10-18 23:17 - 2012-10-18 23:48 - 00000061 ____A C:\Users\user\Documents\reject.txt
2012-10-18 22:46 - 2012-10-18 22:46 - 00000000 ____D C:\Program Files (x86)\Tweaks
2012-10-18 22:44 - 2012-10-18 22:44 - 01069632 ____A C:\Users\user\Downloads\FB_Cover_Maker.exe
2012-10-18 21:14 - 2012-10-18 21:14 - 00000000 ____D C:\Users\user\AppData\Local\{F1067694-96E6-4958-BE65-655374059754}
2012-10-17 21:09 - 2012-10-17 21:10 - 00000000 ____D C:\Users\user\AppData\Local\{5D26C5A4-C123-4930-9D02-F35C228D3C24}
2012-10-17 11:07 - 2012-10-17 11:07 - 00000000 ____D C:\Users\user\AppData\Local\{C0BAE662-E435-400F-91FF-D595039FEBF1}
2012-10-17 00:36 - 2012-10-17 00:36 - 00000724 ____A C:\Windows\DirectX.log
2012-10-16 22:49 - 2012-10-16 22:49 - 00373456 ____A (Softonic) C:\Users\user\Downloads\SoftonicDownloader_for_windows-7-logon-screen-editor.exe
2012-10-16 22:40 - 2012-10-16 22:40 - 00425568 ____A (Yahoo! Inc.) C:\Users\user\Downloads\yahoo-messenger-11-5-0-155-es-win.exe
2012-10-16 22:39 - 2012-10-16 22:40 - 01075736 ____A C:\Users\user\Downloads\yahoo-messenger-11.5.0.155-en-win-setup.exe
2012-10-16 22:36 - 2012-10-29 12:01 - 00000000 ____D C:\Program Files (x86)\Logon Screen
2012-10-16 22:35 - 2012-10-16 22:35 - 01382922 ____A (Daniel Rebelo ) C:\Users\user\Downloads\logon-screen-2.40.exe
2012-10-16 22:34 - 2012-10-16 22:34 - 01075736 ____A C:\Users\user\Downloads\logon-screen-2.40-en-win-setup.exe
2012-10-16 22:22 - 2012-10-16 22:23 - 00000000 ____D C:\Users\user\AppData\Local\Windows 7 Account Screen Editor
2012-10-16 22:22 - 2012-10-16 22:22 - 00000000 ____D C:\Users\user\Downloads\Windows_7_Logon_screen_editor_by_bcubing
2012-10-16 22:20 - 2012-10-16 22:21 - 01604149 ____A C:\Users\user\Downloads\Windows_7_Logon_screen_editor_by_bcubing.zip
2012-10-16 22:18 - 2012-10-16 22:19 - 00827707 ____A C:\Users\user\Downloads\Unconfirmed 680486.crdownload
2012-10-16 21:50 - 2012-10-16 21:50 - 00027367 ____A C:\Users\user\Documents\LABES.xlsx
2012-10-16 21:12 - 2012-10-16 21:12 - 00000000 ____D C:\Users\user\AppData\Local\{0ABA69A3-9A9F-4C69-B06F-6FAE19FE961F}
2012-10-16 06:08 - 2012-10-16 06:08 - 00110679 ____A C:\Users\user\Documents\SEEDS '12-'13 crop.xlsx
2012-10-15 21:53 - 2012-10-15 21:53 - 00191823 ____A C:\Users\user\Downloads\naturalbeautiestemp1117.zip
2012-10-15 21:13 - 2012-10-15 21:14 - 00000000 ____D C:\Users\user\AppData\Local\{8D508AF8-D113-434D-A042-CF3C43EEE3BD}
2012-10-14 23:27 - 2012-10-14 23:28 - 00000082 ___AH C:\IPH.PH
2012-10-14 21:04 - 2012-10-14 21:05 - 00000000 ____D C:\Users\user\AppData\Local\{6A5DC5AF-DE98-47F8-8EBE-C827576A8129}
2012-10-13 11:37 - 2012-10-13 11:37 - 00000000 ____D C:\Users\user\AppData\Local\{C8AC7B93-3BF5-4F44-AD5C-9776F8F605C5}
2012-10-12 22:33 - 2012-10-12 22:33 - 00657408 ____A (Abdul Fatir Ansari) C:\Users\user\Downloads\Se7en Logon Changer 7LC 1.1.exe
2012-10-12 21:46 - 2012-10-12 21:47 - 03165621 ____A C:\Users\user\Downloads\EmergeDesktop-6.1.1.exe
2012-10-12 21:24 - 2012-10-12 21:24 - 00248259 ____A C:\Users\user\Downloads\tweakslogon.zip
2012-10-12 21:24 - 2012-10-12 21:24 - 00000000 ____D C:\Users\user\Downloads\tweakslogon
2012-10-12 21:06 - 2012-10-12 21:06 - 00000000 ____D C:\Users\user\AppData\Local\{0636CE81-96FE-4FF7-B9EA-5F8E48AABBE9}
2012-10-12 05:49 - 2012-10-12 05:49 - 00000000 ____D C:\Users\user\Downloads\Token_by_brsev
2012-10-12 05:46 - 2012-10-12 05:47 - 06892672 ____A C:\Users\user\Downloads\Token_by_brsev.zip
2012-10-12 05:27 - 2012-10-24 21:10 - 00003380 ____A C:\Windows\setupact.log
2012-10-12 05:27 - 2012-10-12 05:27 - 00000000 ____A C:\Windows\setuperr.log
2012-10-12 01:55 - 2012-10-12 01:55 - 00000000 ____D C:\Users\user\Downloads\8TP6
2012-10-11 21:15 - 2012-10-11 21:15 - 43941888 ____A C:\Windows\System32\config\COMPONENTS.iobit
2012-10-11 21:15 - 2012-10-11 21:15 - 23814144 ____A C:\Windows\System32\config\SYSTEM.iobit
2012-10-11 21:15 - 2012-10-11 21:15 - 133054464 ____A C:\Windows\System32\config\SOFTWARE.iobit
2012-10-11 21:15 - 2012-10-11 21:15 - 01114112 ____A C:\Windows\System32\config\DEFAULT.iobit
2012-10-11 21:15 - 2012-10-11 21:15 - 00065536 ____A C:\Windows\System32\config\SAM.iobit
2012-10-11 21:15 - 2012-10-11 21:15 - 00032768 ____A C:\Windows\System32\config\SECURITY.iobit
2012-10-11 21:07 - 2012-10-11 21:07 - 00000000 ____D C:\Users\user\AppData\Local\{14A05542-1ADD-4864-A4F4-2D2C0CD1A9E7}
2012-10-11 06:28 - 2012-10-11 06:28 - 00000000 ____D C:\Users\user\Downloads\metamorph_seasonspring
2012-10-11 06:27 - 2012-10-11 06:27 - 00000000 ____D C:\Users\user\Downloads\metamorph_newstyle
2012-10-11 06:26 - 2012-10-11 06:26 - 00904595 ____A C:\Users\user\Downloads\metamorph_seasonspring.zip
2012-10-11 06:24 - 2012-10-11 06:24 - 00893578 ____A C:\Users\user\Downloads\metamorph_newstyle.zip
2012-10-11 06:21 - 2012-10-11 06:21 - 02221362 ____A C:\Users\user\Downloads\metamorph_seasonfall.zip
2012-10-11 06:21 - 2012-10-11 06:21 - 00000000 ____D C:\Users\user\Downloads\metamorph_seasonfall
2012-10-11 06:19 - 2012-10-11 06:19 - 00000000 ____D C:\Users\user\Downloads\metamorph_clearsky
2012-10-11 06:18 - 2012-10-11 06:18 - 01848617 ____A C:\Users\user\Downloads\metamorph_clearsky.zip
2012-10-11 06:15 - 2012-10-11 06:15 - 00000000 ____D C:\Users\user\Downloads\FW272
2012-10-11 06:14 - 2012-10-11 06:15 - 02088624 ____A C:\Users\user\Downloads\FW272.zip
2012-10-11 01:42 - 2012-10-11 01:42 - 00000000 ____D C:\Users\user\AppData\Local\{01102C13-5CE8-4607-84C2-A79EE0B46444}
2012-10-10 22:01 - 2012-10-10 22:01 - 00373448 ____A (Softonic) C:\Users\user\Downloads\SoftonicDownloader_for_windows-8-charms-bar-skin.exe
2012-10-10 03:04 - 2012-10-10 03:04 - 03025006 ____A C:\Users\user\Downloads\setup_seeandtype.exe
2012-10-10 02:43 - 2012-10-10 02:43 - 00000000 ____D C:\Users\user\AppData\Roaming\RapidTyping
2012-10-10 02:43 - 2012-10-10 02:43 - 00000000 ____D C:\Users\All Users\RapidTyping
2012-10-10 01:49 - 2012-10-10 02:13 - 85547188 ____A (Broderbund Software ) C:\Users\user\Downloads\MBTT Dlx 17 Setup.exe
2012-10-10 01:47 - 2012-10-29 12:01 - 00000000 ____D C:\Program Files (x86)\RapidTyping
2012-10-10 01:45 - 2012-10-10 01:47 - 08819669 ____A C:\Users\user\Downloads\RapidTyping_Setup_4.exe
2012-10-10 01:34 - 2012-10-12 05:50 - 00000000 ____D C:\Program Files (x86)\NCH Software
2012-10-10 01:34 - 2012-10-10 01:34 - 01512056 ____A (NCH Software) C:\Users\user\Downloads\kbsetup.exe
2012-10-09 21:23 - 2012-08-31 10:19 - 01659760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2012-10-09 21:22 - 2012-08-30 10:03 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-10-09 21:22 - 2012-08-30 09:12 - 03968880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-10-09 21:22 - 2012-08-30 09:12 - 03914096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-10-09 21:22 - 2012-08-20 10:48 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-10-09 21:22 - 2012-08-20 10:48 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-10-09 21:22 - 2012-08-20 10:48 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2012-10-09 21:22 - 2012-08-20 10:48 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2012-10-09 21:22 - 2012-08-20 10:48 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-10-09 21:22 - 2012-08-20 10:48 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2012-10-09 21:22 - 2012-08-20 10:48 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2012-10-09 21:22 - 2012-08-20 10:46 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2012-10-09 21:22 - 2012-08-20 10:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 10:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 10:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 10:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 09:40 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2012-10-09 21:22 - 2012-08-20 09:38 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2012-10-09 21:22 - 2012-08-20 09:37 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2012-10-09 21:22 - 2012-08-20 09:37 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2012-10-09 21:22 - 2012-08-20 09:37 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2012-10-09 21:22 - 2012-08-20 09:32 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 09:32 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 07:38 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2012-10-09 21:22 - 2012-08-20 07:38 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2012-10-09 21:22 - 2012-08-20 07:33 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 07:33 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 07:33 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 07:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2012-10-09 21:21 - 2012-09-14 11:19 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-10-09 21:21 - 2012-09-14 10:28 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-10-09 21:21 - 2012-08-24 10:05 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-10-09 21:21 - 2012-08-24 08:57 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-10-09 21:20 - 2012-08-10 16:56 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2012-10-09 21:20 - 2012-08-10 15:56 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2012-10-09 21:20 - 2012-06-01 21:41 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-10-09 21:20 - 2012-06-01 21:41 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-10-09 21:20 - 2012-06-01 21:41 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-10-09 21:20 - 2012-06-01 20:36 - 01159680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-10-09 21:20 - 2012-06-01 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-10-09 21:20 - 2012-06-01 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-10-09 04:02 - 2012-10-09 04:03 - 00000000 ____D C:\Users\user\Documents\Avater 2
2012-10-09 04:00 - 2012-10-09 04:01 - 04157360 ____A (http://yourfiledownloader.com) C:\Users\user\Downloads\Cbt_Gx6102S01_A6V4_FACY4_2012_05_19.rar_downloader_224 (1).exe
2012-10-09 03:52 - 2012-10-09 03:53 - 04157360 ____A (http://yourfiledownloader.com) C:\Users\user\Downloads\Cbt_Gx6102S01_A6V4_FACY4_2012_05_19.rar_downloader_224.exe
2012-10-08 22:13 - 2012-10-08 22:13 - 00015888 ____A C:\Users\user\Documents\LA LIGA spain.xlsx_2012-10-09_09-13-41.enc
2012-10-08 22:02 - 2012-10-08 22:02 - 00009428 ____A C:\Users\user\Documents\kitchen.xlsx_2012-10-09_09-02-36.enc
2012-10-08 21:25 - 2012-10-08 21:25 - 00763424 ____A (Google Inc.) C:\Users\user\Downloads\GoogleEarthPluginSetup.exe
2012-10-06 09:39 - 2012-10-18 02:21 - 00000000 ____D C:\Users\user\Documents\PIUS PICS
2012-10-06 07:02 - 2012-10-06 07:02 - 00000000 ____D C:\Program Files (x86)\ScreenSaverGift
2012-10-03 23:38 - 2012-10-03 23:39 - 00000000 ____D C:\Users\user\AppData\Local\{F0DF93F2-200F-42FF-8EC3-52D7617E9599}
2012-10-03 21:51 - 2012-10-03 21:52 - 00000000 ____D C:\Users\user\Documents\BEI
2012-10-03 10:34 - 2012-10-03 10:34 - 00000000 ____D C:\Users\user\AppData\Local\{39AA94CA-7EDE-438D-834D-164F4E404D9B}
2012-10-03 05:43 - 2012-10-04 00:31 - 00000000 ____D C:\Program Files (x86)\Easy Video Splitter
2012-10-03 05:42 - 2012-10-03 05:42 - 01200623 ____A C:\Users\user\Downloads\ezsplitter.exe
2012-10-03 01:58 - 2012-10-03 02:03 - 31192520 ____A (Any-Video-Converter.com ) C:\Users\user\Downloads\avc-free (1).exe
2012-10-02 21:56 - 2012-10-02 21:56 - 00000000 ____D C:\Users\user\AppData\Local\{07024469-7B0B-4BBD-BAA0-A67C11C28FC3}
2012-10-02 12:35 - 2012-10-02 12:35 - 00168268 ____A C:\Users\user\Documents\my logo.tlc
2012-10-02 11:17 - 2012-10-02 11:17 - 00000000 ____D C:\Users\user\AppData\Local\{1A8A0524-AB5C-4D18-A93F-3643DA9C1F8C}
2012-10-01 06:02 - 2011-06-07 00:13 - 00821824 ____A (Devguru Co., Ltd.) C:\Windows\SysWOW64\dgderapi.dll
2012-09-30 21:56 - 2012-09-30 21:56 - 00000846 ____A C:\Users\user\Downloads\HighLowGUI (1).java
2012-09-30 21:53 - 2012-09-30 21:53 - 00012036 ____A C:\Users\user\Downloads\SimplePaint2.java
2012-09-30 21:42 - 2012-10-24 21:17 - 00000000 ____D C:\Users\All Users\Safe
2012-09-30 21:39 - 2012-09-30 21:39 - 00045679 ____A C:\ComboFix.txt

==================== 3 Months Modified Files ==================

2012-10-24 21:21 - 2009-07-13 20:45 - 00032544 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-10-24 21:21 - 2009-07-13 20:45 - 00032544 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-10-24 21:18 - 2012-03-25 00:36 - 02086989 ____A C:\Windows\WindowsUpdate.log
2012-10-24 21:10 - 2012-10-12 05:27 - 00003380 ____A C:\Windows\setupact.log
2012-10-24 21:10 - 2012-05-30 00:36 - 00065536 ____A C:\Windows\System32\Ikeext.etl
2012-10-24 21:10 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-10-24 12:28 - 2012-03-29 21:29 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-10-24 12:19 - 2009-07-13 21:13 - 00876558 ____A C:\Windows\System32\PerfStringBackup.INI
2012-10-23 23:35 - 2012-10-23 23:35 - 00013847 ____A C:\Users\user\Documents\Payments 2012.xlsx
2012-10-23 03:51 - 2012-10-23 03:50 - 01873160 ____A (Conduit) C:\Users\user\Downloads\WeLoveMusic.exe
2012-10-22 09:14 - 2012-09-23 22:21 - 00000328 ____A C:\Windows\Tasks\HPCeeScheduleForuser.job
2012-10-22 05:13 - 2012-01-23 04:23 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
2012-10-21 00:47 - 2012-10-21 00:45 - 00000113 ___AH C:\Users\user\Documents\.picasa.ini
2012-10-20 00:43 - 2012-10-20 00:42 - 00658944 ____A (Coder for Life) C:\Users\user\Downloads\Win7BootUpdater (1).exe
2012-10-19 23:31 - 2012-10-19 23:31 - 01376768 ____A C:\Users\user\Downloads\7z920-x64.msi
2012-10-19 22:50 - 2012-10-19 22:49 - 00004119 ____A C:\Windows\SysWOW64\jupdate-1.7.0_09-b05.log
2012-10-19 22:39 - 2012-10-19 21:09 - 00000336 ____A C:\Windows\Tasks\HPCeeScheduleForFREDG$.job
2012-10-19 22:39 - 2009-07-13 20:45 - 00591328 ____A C:\Windows\System32\FNTCACHE.DAT
2012-10-19 22:35 - 2011-12-06 02:45 - 00172944 ____A C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT
2012-10-19 21:08 - 2012-10-19 21:08 - 00000394 ____A C:\Windows\PFRO.log
2012-10-19 21:08 - 2009-07-13 21:08 - 00032632 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-10-19 00:25 - 2012-10-19 00:05 - 47436176 ____A (Apple Inc.) C:\Users\user\Downloads\iCloudSetup.exe
2012-10-18 23:48 - 2012-10-18 23:17 - 00000061 ____A C:\Users\user\Documents\reject.txt
2012-10-18 22:44 - 2012-10-18 22:44 - 01069632 ____A C:\Users\user\Downloads\FB_Cover_Maker.exe
2012-10-17 00:36 - 2012-10-17 00:36 - 00000724 ____A C:\Windows\DirectX.log
2012-10-16 22:49 - 2012-10-16 22:49 - 00373456 ____A (Softonic) C:\Users\user\Downloads\SoftonicDownloader_for_windows-7-logon-screen-editor.exe
2012-10-16 22:40 - 2012-10-16 22:40 - 00425568 ____A (Yahoo! Inc.) C:\Users\user\Downloads\yahoo-messenger-11-5-0-155-es-win.exe
2012-10-16 22:40 - 2012-10-16 22:39 - 01075736 ____A C:\Users\user\Downloads\yahoo-messenger-11.5.0.155-en-win-setup.exe
2012-10-16 22:35 - 2012-10-16 22:35 - 01382922 ____A (Daniel Rebelo ) C:\Users\user\Downloads\logon-screen-2.40.exe
2012-10-16 22:34 - 2012-10-16 22:34 - 01075736 ____A C:\Users\user\Downloads\logon-screen-2.40-en-win-setup.exe
2012-10-16 22:21 - 2012-10-16 22:20 - 01604149 ____A C:\Users\user\Downloads\Windows_7_Logon_screen_editor_by_bcubing.zip
2012-10-16 22:19 - 2012-10-16 22:18 - 00827707 ____A C:\Users\user\Downloads\Unconfirmed 680486.crdownload
2012-10-16 21:50 - 2012-10-16 21:50 - 00027367 ____A C:\Users\user\Documents\LABES.xlsx
2012-10-16 06:08 - 2012-10-16 06:08 - 00110679 ____A C:\Users\user\Documents\SEEDS '12-'13 crop.xlsx
2012-10-15 21:53 - 2012-10-15 21:53 - 00191823 ____A C:\Users\user\Downloads\naturalbeautiestemp1117.zip
2012-10-14 23:28 - 2012-10-14 23:27 - 00000082 ___AH C:\IPH.PH
2012-10-12 22:33 - 2012-10-12 22:33 - 00657408 ____A (Abdul Fatir Ansari) C:\Users\user\Downloads\Se7en Logon Changer 7LC 1.1.exe
2012-10-12 21:47 - 2012-10-12 21:46 - 03165621 ____A C:\Users\user\Downloads\EmergeDesktop-6.1.1.exe
2012-10-12 21:24 - 2012-10-12 21:24 - 00248259 ____A C:\Users\user\Downloads\tweakslogon.zip
2012-10-12 05:47 - 2012-10-12 05:46 - 06892672 ____A C:\Users\user\Downloads\Token_by_brsev.zip
2012-10-12 05:27 - 2012-10-12 05:27 - 00000000 ____A C:\Windows\setuperr.log
2012-10-11 21:15 - 2012-10-11 21:15 - 43941888 ____A C:\Windows\System32\config\COMPONENTS.iobit
2012-10-11 21:15 - 2012-10-11 21:15 - 23814144 ____A C:\Windows\System32\config\SYSTEM.iobit
2012-10-11 21:15 - 2012-10-11 21:15 - 133054464 ____A C:\Windows\System32\config\SOFTWARE.iobit
2012-10-11 21:15 - 2012-10-11 21:15 - 01114112 ____A C:\Windows\System32\config\DEFAULT.iobit
2012-10-11 21:15 - 2012-10-11 21:15 - 00065536 ____A C:\Windows\System32\config\SAM.iobit
2012-10-11 21:15 - 2012-10-11 21:15 - 00032768 ____A C:\Windows\System32\config\SECURITY.iobit
2012-10-11 06:26 - 2012-10-11 06:26 - 00904595 ____A C:\Users\user\Downloads\metamorph_seasonspring.zip
2012-10-11 06:24 - 2012-10-11 06:24 - 00893578 ____A C:\Users\user\Downloads\metamorph_newstyle.zip
2012-10-11 06:21 - 2012-10-11 06:21 - 02221362 ____A C:\Users\user\Downloads\metamorph_seasonfall.zip
2012-10-11 06:18 - 2012-10-11 06:18 - 01848617 ____A C:\Users\user\Downloads\metamorph_clearsky.zip
2012-10-11 06:15 - 2012-10-11 06:14 - 02088624 ____A C:\Users\user\Downloads\FW272.zip
2012-10-10 22:01 - 2012-10-10 22:01 - 00373448 ____A (Softonic) C:\Users\user\Downloads\SoftonicDownloader_for_windows-8-charms-bar-skin.exe
2012-10-10 03:04 - 2012-10-10 03:04 - 03025006 ____A C:\Users\user\Downloads\setup_seeandtype.exe
2012-10-10 02:13 - 2012-10-10 01:49 - 85547188 ____A (Broderbund Software ) C:\Users\user\Downloads\MBTT Dlx 17 Setup.exe
2012-10-10 01:47 - 2012-10-10 01:45 - 08819669 ____A C:\Users\user\Downloads\RapidTyping_Setup_4.exe
2012-10-10 01:34 - 2012-10-10 01:34 - 01512056 ____A (NCH Software) C:\Users\user\Downloads\kbsetup.exe
2012-10-10 00:23 - 2012-01-22 06:29 - 65309168 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-10-09 09:03 - 2011-12-06 03:00 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-10-09 09:03 - 2011-12-06 03:00 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-10-09 04:01 - 2012-10-09 04:00 - 04157360 ____A (http://yourfiledownloader.com) C:\Users\user\Downloads\Cbt_Gx6102S01_A6V4_FACY4_2012_05_19.rar_downloader_224 (1).exe
2012-10-09 03:53 - 2012-10-09 03:52 - 04157360 ____A (http://yourfiledownloader.com) C:\Users\user\Downloads\Cbt_Gx6102S01_A6V4_FACY4_2012_05_19.rar_downloader_224.exe
2012-10-08 22:30 - 2012-03-29 21:29 - 00696760 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-10-08 22:30 - 2011-07-02 17:36 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-10-08 22:13 - 2012-10-08 22:13 - 00015888 ____A C:\Users\user\Documents\LA LIGA spain.xlsx_2012-10-09_09-13-41.enc
2012-10-08 22:02 - 2012-10-08 22:02 - 00009428 ____A C:\Users\user\Documents\kitchen.xlsx_2012-10-09_09-02-36.enc
2012-10-08 21:25 - 2012-10-08 21:25 - 00763424 ____A (Google Inc.) C:\Users\user\Downloads\GoogleEarthPluginSetup.exe
2012-10-07 21:07 - 2012-05-30 01:10 - 00000632 _RASH C:\Users\user\ntuser.pol
2012-10-03 05:42 - 2012-10-03 05:42 - 01200623 ____A C:\Users\user\Downloads\ezsplitter.exe
2012-10-03 02:03 - 2012-10-03 01:58 - 31192520 ____A (Any-Video-Converter.com ) C:\Users\user\Downloads\avc-free (1).exe
2012-10-02 12:35 - 2012-10-02 12:35 - 00168268 ____A C:\Users\user\Documents\my logo.tlc
2012-10-01 03:33 - 2012-01-22 02:11 - 00002006 ____A C:\aqua_bitmap.cpp
2012-09-30 21:56 - 2012-09-30 21:56 - 00000846 ____A C:\Users\user\Downloads\HighLowGUI (1).java
2012-09-30 21:53 - 2012-09-30 21:53 - 00012036 ____A C:\Users\user\Downloads\SimplePaint2.java
2012-09-30 21:39 - 2012-09-30 21:39 - 00045679 ____A C:\ComboFix.txt
2012-09-30 21:37 - 2009-07-13 18:34 - 00000272 ____A C:\Windows\system.ini
2012-09-30 21:14 - 2012-09-14 05:45 - 04759143 ___RA (Swearware) C:\Users\user\Downloads\ComboFix.exe
2012-09-28 02:29 - 2012-09-28 02:29 - 00008553 ____A C:\Users\user\Documents\result.xlsx
2012-09-27 23:38 - 2012-09-27 23:38 - 00000222 ____A C:\Users\user\Documents\code 1.txt
2012-09-26 23:27 - 2012-06-06 01:32 - 00012907 ____A C:\Users\user\Documents\LTS.xlsx
2012-09-26 22:03 - 2012-01-23 09:49 - 00020992 ____A C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-09-26 21:37 - 2012-09-26 21:37 - 00012643 ____A C:\Users\user\Documents\FARMER BOOK DISTRIBUTION FORM.xlsx
2012-09-26 21:22 - 2012-01-22 22:33 - 00001945 ____A C:\Windows\epplauncher.mif
2012-09-26 06:18 - 2012-09-26 06:18 - 01497598 ____A C:\Users\user\Documents\Mpanda.zip
2012-09-25 22:08 - 2012-09-25 22:08 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe
2012-09-25 08:35 - 2012-09-25 08:35 - 00501248 ____A (Facebook Inc.) C:\Users\user\Downloads\FacebookVideoCallSetup_v1.2.205.0.exe
2012-09-24 12:16 - 2012-10-19 22:50 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2012-09-24 12:08 - 2012-10-19 22:50 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-09-24 12:07 - 2012-10-19 22:50 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-09-24 06:16 - 2012-09-24 06:11 - 00001588 ____A C:\Users\user\Documents\SortNumbers.java
2012-09-24 06:06 - 2012-09-24 06:05 - 00002758 ____A C:\Users\user\Documents\Stroking.java
2012-09-24 06:03 - 2012-02-01 05:47 - 00010780 ____A C:\Users\user\_viminfo
2012-09-24 05:50 - 2012-09-24 05:49 - 00000713 ____A C:\Users\user\Documents\Reverse.java
2012-09-24 05:42 - 2012-09-24 05:34 - 00001892 ____A C:\Users\user\Documents\Factorial4.java
2012-09-23 21:47 - 2012-09-23 21:46 - 00716800 ____A (Blue Label Soft ) C:\Users\user\Downloads\blspeesetup.exe
2012-09-21 07:39 - 2012-09-21 07:38 - 04539792 ____A (www.orbitdownloader.com ) C:\Users\user\Downloads\OrbitDownloaderSetup (1).exe
2012-09-21 07:38 - 2012-09-21 07:30 - 03438630 ____A (www.orbitdownloader.com ) C:\Users\user\Downloads\OrbitDownloaderSetup.exe
2012-09-18 02:03 - 2012-09-18 02:03 - 00032640 ____A C:\Users\user\Documents\phone contacts.spb
2012-09-17 23:52 - 2012-09-17 23:52 - 01055987 ____A C:\Users\user\Documents\patl-amis-odk-v1.2-1c.apk
2012-09-15 11:12 - 2011-04-18 04:43 - 00003026 ____A C:\Windows\System32\Drivers\ztectx.txt
2012-09-14 11:19 - 2012-10-09 21:21 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-09-14 10:28 - 2012-10-09 21:21 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-09-14 06:19 - 2012-09-14 06:17 - 13739104 ____A (Kingsoft Corporation) C:\Users\user\Downloads\kav_setup.exe
2012-09-12 06:22 - 2012-01-25 01:29 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1301686803-1442502241-2597133401-1000UA.job
2012-09-12 06:22 - 2012-01-25 01:29 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1301686803-1442502241-2597133401-1000Core.job
2012-09-11 04:11 - 2012-09-11 04:12 - 00018296 ____A (Kingsoft Corporation) C:\Windows\System32\Drivers\kusbquery64.sys
2012-09-11 04:11 - 2012-09-11 04:12 - 00014200 ____A (Kingsoft Corporation) C:\Windows\System32\Drivers\kusbquery.sys
2012-09-10 21:43 - 2012-09-10 21:43 - 00112176 ____A C:\Users\user\Downloads\Snippage.air
2012-09-10 01:21 - 2012-09-10 01:21 - 00505442 ____A C:\Users\user\Downloads\WorldClock.gadget
2012-09-09 21:51 - 2012-03-25 07:28 - 00038912 ____A C:\Users\user\Documents\Seed Distribution Form_2011_10_01.xls
2012-09-07 21:30 - 2012-09-07 21:29 - 05903754 ____A (SibCode) C:\Users\user\Downloads\junior-icon-editor.exe
2012-09-03 05:37 - 2012-09-03 05:37 - 05562248 ____A (XWidget Software ) C:\Users\user\Documents\xlaunchpad_setup108.exe
2012-09-03 05:09 - 2012-09-03 05:09 - 00012632 ____A C:\Users\user\Documents\Tablets ID.xlsx
2012-09-03 02:52 - 2012-09-03 02:52 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_ggsemc_01009.Wdf
2012-09-03 02:52 - 2012-09-03 02:52 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_ggflt_01009.Wdf
2012-09-03 01:39 - 2012-09-03 01:39 - 01721576 ____A (Microsoft Corporation) C:\Windows\System32\WdfCoInstaller01009.dll
2012-09-03 01:39 - 2012-09-03 01:39 - 00027760 ____A (Sony Ericsson Mobile Communications) C:\Windows\System32\Drivers\ggsemc.sys
2012-09-03 01:39 - 2012-09-03 01:39 - 00014448 ____A (Sony Ericsson Mobile Communications) C:\Windows\System32\Drivers\ggflt.sys
2012-09-03 01:30 - 2012-09-03 01:17 - 27237672 ____A (Sony Mobile Communications ) C:\Users\user\Downloads\Sony PC Companion_2.10.094_Web.exe
2012-08-31 23:22 - 2012-08-31 23:17 - 00038529 ____A C:\Users\user\Documents\INFUSTRACTURE MPANDA.xlsx
2012-08-31 21:38 - 2012-08-31 21:24 - 82308090 ____A C:\Users\user\Downloads\k3d-setup-0.8.0.1.exe
2012-08-31 21:22 - 2012-08-31 21:22 - 00159461 ____A C:\Users\user\Downloads\CharMaker.zip
2012-08-31 10:19 - 2012-10-09 21:23 - 01659760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2012-08-31 06:50 - 2012-08-31 06:49 - 09098180 ____A C:\Users\user\Downloads\wings-1.4.1.exe
2012-08-31 06:33 - 2012-08-31 06:32 - 05554508 ____A C:\Users\user\Downloads\pencil-0.4.4b-win.zip
2012-08-31 06:18 - 2012-08-31 06:18 - 00000207 ____A C:\Users\user\Downloads\cachee55bedbac24f6eaebd9e85adc1a25fcb.wcm
2012-08-31 06:14 - 2012-08-31 06:13 - 05694948 ____A (Web Cartoon Maker ) C:\Users\user\Downloads\wcm_desktop_setup.exe
2012-08-31 05:30 - 2012-02-16 07:32 - 00821736 ____A (Oracle Corporation) C:\Windows\SysWOW64\npdeployJava1.dll
2012-08-31 05:30 - 2012-01-30 23:49 - 00746984 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2012-08-31 02:41 - 2012-08-31 02:39 - 10217672 ____A (Adobe Systems Incorporated) C:\Users\user\Downloads\install_flash_player.exe
2012-08-31 02:18 - 2012-08-31 02:16 - 03866528 ____A (Adobe Systems, Inc.) C:\Users\user\Downloads\flash.ocx
2012-08-31 02:06 - 2012-08-31 01:58 - 22550656 ____A C:\Users\user\Downloads\setup_pfm_free.exe
2012-08-30 22:02 - 2012-08-30 22:02 - 00447126 ____A C:\Users\user\Downloads\Windows 7 Start Button Animator.zip
2012-08-30 21:48 - 2012-08-30 21:47 - 03431179 ____A C:\Users\user\Downloads\concept_8_boot_animation_for_7_by_anunkasan-d469ud0.rar
2012-08-30 21:45 - 2012-08-30 21:45 - 00676960 ____A (OptimumInstaller) C:\Users\user\Downloads\Setup (2).exe
2012-08-30 11:03 - 2012-08-30 11:03 - 00228768 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MpFilter.sys
2012-08-30 11:03 - 2010-10-24 10:25 - 00128456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\NisDrvWFP.sys
2012-08-30 10:03 - 2012-10-09 21:22 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-08-30 09:12 - 2012-10-09 21:22 - 03968880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-08-30 09:12 - 2012-10-09 21:22 - 03914096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-08-30 01:55 - 2012-08-30 01:55 - 00000341 ____A C:\Users\user\Documents\CODE SALE.txt
2012-08-30 00:04 - 2012-08-29 23:51 - 00023290 ____A C:\Users\user\Documents\Mpda farm profile summary.xlsx
2012-08-29 00:47 - 2012-08-29 00:46 - 03198742 ____A C:\Users\user\Downloads\bootchanger_manual_and__ppm_by_artas182x-d45ns22.zip
2012-08-27 21:24 - 2012-08-27 21:24 - 00429775 ____A C:\Users\user\Downloads\Longhorn_Media_Player_by_Ludacris1990.rar
2012-08-27 06:14 - 2012-08-27 05:57 - 74789265 ____A (Studio V5 ) C:\Users\user\Downloads\uk-logomaker-2-web-full.exe
2012-08-24 23:42 - 2012-02-10 23:14 - 00001366 ____A C:\user.js
2012-08-24 23:40 - 2012-08-24 23:39 - 04124080 ____A (http://yourfiledownloader.com) C:\Users\user\Downloads\the_road_less_traveled_pdf_downloader_352 (1).exe
2012-08-24 23:37 - 2012-08-24 23:36 - 04124080 ____A (http://yourfiledownloader.com) C:\Users\user\Downloads\the_road_less_traveled_pdf_downloader_352.exe
2012-08-24 10:05 - 2012-10-09 21:21 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-08-24 08:57 - 2012-10-09 21:21 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-08-24 03:43 - 2012-08-24 01:36 - 00023420 ____A C:\Users\user\Documents\FARM PROFILE 2012.xlsx
2012-08-24 03:15 - 2012-09-23 21:26 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-24 02:31 - 2012-09-23 21:26 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-08-24 02:22 - 2012-09-23 21:26 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-24 02:21 - 2012-09-23 21:26 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-24 02:18 - 2012-09-23 21:26 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-24 02:17 - 2012-09-23 21:26 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-24 02:14 - 2012-09-23 21:26 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-08-24 02:14 - 2012-09-23 21:26 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-08-24 02:13 - 2012-09-23 21:26 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-08-24 02:12 - 2012-09-23 21:26 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-24 02:11 - 2012-09-23 21:26 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-08-24 02:10 - 2012-09-23 21:26 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-24 02:09 - 2012-09-23 21:26 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-24 02:04 - 2012-09-23 21:26 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-23 23:27 - 2012-09-23 21:26 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-08-23 23:03 - 2012-09-23 21:26 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-08-23 22:59 - 2012-09-23 21:26 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-08-23 22:51 - 2012-09-23 21:26 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-08-23 22:51 - 2012-09-23 21:26 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-08-23 22:51 - 2012-09-23 21:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-08-23 22:49 - 2012-09-23 21:26 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-08-23 22:48 - 2012-09-23 21:26 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-08-23 22:47 - 2012-09-23 21:26 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-08-23 22:47 - 2012-09-23 21:26 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-08-23 22:47 - 2012-09-23 21:26 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-08-23 22:45 - 2012-09-23 21:26 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-08-23 22:44 - 2012-09-23 21:26 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-08-23 22:44 - 2012-09-23 21:26 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-08-23 22:43 - 2012-09-23 21:26 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-08-23 22:40 - 2012-09-23 21:26 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-08-22 22:04 - 2012-08-22 22:01 - 06977936 ____A C:\Users\user\Downloads\applocker.wmv
2012-08-22 21:44 - 2012-08-22 21:44 - 00025745 ____A C:\Users\user\Documents\COP - PATL - 2013 Crop.xlsx
2012-08-22 21:41 - 2012-08-22 21:38 - 09735080 ____A (Hewlett-Packard ) C:\Users\user\Downloads\sp56099.exe
2012-08-22 21:14 - 2012-07-11 08:35 - 00210296 ____A (Kingsoft Corporation) C:\Windows\System32\Drivers\kisknl.sys
2012-08-22 10:12 - 2012-09-12 04:37 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-08-22 10:12 - 2012-09-12 04:37 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2012-08-22 10:12 - 2012-09-12 04:37 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2012-08-22 10:12 - 2012-09-12 04:37 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2012-08-21 22:42 - 2012-08-21 05:03 - 00028605 ____A C:\Users\user\Documents\Ukonongo Payments.xlsx
2012-08-20 21:40 - 2012-07-12 05:46 - 00012092 ____A C:\Users\user\Documents\SCHOOLS2.xlsx
2012-08-20 10:48 - 2012-10-09 21:22 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-08-20 10:48 - 2012-10-09 21:22 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-08-20 10:48 - 2012-10-09 21:22 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2012-08-20 10:48 - 2012-10-09 21:22 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2012-08-20 10:48 - 2012-10-09 21:22 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-08-20 10:48 - 2012-10-09 21:22 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2012-08-20 10:48 - 2012-10-09 21:22 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2012-08-20 10:46 - 2012-10-09 21:22 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2012-08-20 10:38 - 2012-10-09 21:22 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 21:22 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 21:22 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 21:22 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 21:22 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 21:22 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 21:22 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 21:22 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 21:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 21:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 21:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 21:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 21:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 21:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 21:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 21:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 21:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 21:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 21:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 21:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 21:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 21:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 21:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 21:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 21:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 21:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 21:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 21:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-08-20 09:40 - 2012-10-09 21:22 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2012-08-20 09:38 - 2012-10-09 21:22 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2012-08-20 09:37 - 2012-10-09 21:22 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2012-08-20 09:37 - 2012-10-09 21:22 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2012-08-20 09:37 - 2012-10-09 21:22 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2012-08-20 09:32 - 2012-10-09 21:22 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 21:22 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 21:22 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 21:22 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 21:22 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 21:22 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 21:22 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 21:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 21:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 21:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 21:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 21:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 21:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 21:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 21:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 21:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 21:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 21:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 21:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 21:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 21:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 21:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 21:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 21:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2012-08-20 07:38 - 2012-10-09 21:22 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2012-08-20 07:38 - 2012-10-09 21:22 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2012-08-20 07:33 - 2012-10-09 21:22 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2012-08-20 07:33 - 2012-10-09 21:22 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 07:33 - 2012-10-09 21:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 07:33 - 2012-10-09 21:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2012-08-17 03:13 - 2012-08-17 03:09 - 20928200 ____A (Audacity Team ) C:\Users\user\Downloads\audacity-win-2.0.1 (1).exe
2012-08-17 01:58 - 2012-08-17 01:55 - 11383789 ____A (Audacity Team ) C:\Users\user\Downloads\audacity-win-2.0.1.exe
2012-08-17 01:36 - 2012-08-17 01:34 - 03814935 ____A (Pianosoft ) C:\Users\user\Downloads\vocrem11.exe
2012-08-17 01:33 - 2012-08-17 01:33 - 00431288 ____A C:\Users\user\Downloads\Afreecodec_downloader_For_Vocal_Remover.exe
2012-08-17 01:14 - 2012-08-17 01:14 - 00360520 ____A (AnalogX, LLC) C:\Users\user\Downloads\vremover(1).exe
2012-08-17 01:12 - 2012-08-17 01:12 - 00431312 ____A C:\Users\user\Downloads\Afreecodec_downloader_For_Vocal_Remover_DirectX_.exe
2012-08-17 01:07 - 2012-08-17 01:07 - 00360520 ____A (AnalogX, LLC) C:\Users\user\Downloads\vremover (1).exe
2012-08-16 23:29 - 2012-08-16 23:26 - 16476616 ____A (Microsoft Corporation) C:\Users\user\Downloads\Windows-KB890830-V4.11.exe
2012-08-16 23:15 - 2012-08-16 23:15 - 01448809 ____A (DOSBox Team) C:\Users\user\Downloads\DOSBox0.74-win32-installer.exe
2012-08-16 22:41 - 2012-08-16 22:41 - 00292184 ____A (Microsoft Corporation) C:\Users\user\Downloads\dxwebsetup.exe
2012-08-16 22:33 - 2012-08-16 22:29 - 17335648 ____A (Nullsoft, Inc.) C:\Users\user\Downloads\winamp563_full_emusic-7plus_all.exe
2012-08-16 22:14 - 2012-08-16 22:14 - 00360520 ____A (AnalogX, LLC) C:\Users\user\Downloads\vremover.exe
2012-08-15 07:42 - 2012-08-15 07:42 - 00000051 ____A C:\Users\user\.eyrc
2012-08-14 22:30 - 2012-08-14 22:29 - 06519568 ____A ( ) C:\Users\user\Downloads\Sublime Text 2.0.1 x64 Setup.exe
2012-08-14 21:40 - 2012-08-14 21:40 - 00000993 ____A C:\Windows\gvimdiff.bat
2012-08-14 21:40 - 2012-08-14 21:40 - 00000993 ____A C:\Windows\gview.bat
2012-08-14 21:40 - 2012-08-14 21:40 - 00000993 ____A C:\Windows\evim.bat
2012-08-14 21:40 - 2012-08-14 21:40 - 00000985 ____A C:\Windows\gvim.bat
2012-08-14 21:40 - 2012-08-14 21:40 - 00000668 ____A C:\Windows\vimdiff.bat
2012-08-14 21:40 - 2012-08-14 21:40 - 00000668 ____A C:\Windows\view.bat
2012-08-14 21:40 - 2012-08-14 21:40 - 00000664 ____A C:\Windows\vim.bat
2012-08-14 21:40 - 2012-02-01 05:41 - 00000694 ____A C:\Windows\vimtutor.bat
2012-08-14 21:38 - 2012-08-14 21:36 - 09585439 ____A C:\Users\user\Downloads\gvim73_46.exe
2012-08-14 21:33 - 2012-08-14 21:33 - 00809840 ____A (AirInstaller Inc.) C:\Users\user\Downloads\setup (1).exe
2012-08-14 03:43 - 2012-08-14 03:38 - 22975511 ____A (Igor Pavlov) C:\Users\user\Downloads\DevKit-tdm-32-4.5.2-20111229-1559-sfx.exe
2012-08-14 03:37 - 2012-08-14 03:34 - 18025816 ____A (RubyInstaller Team ) C:\Users\user\Downloads\rubyinstaller-1.9.3-p194.exe
2012-08-13 22:07 - 2012-08-13 22:07 - 00064000 ____A C:\Users\user\Documents\OFFSITE BALES.xls
2012-08-13 02:31 - 2012-08-13 02:10 - 96847848 ____A (Oracle Corporation) C:\Users\user\Downloads\jdk-7u5-windows-x64 (1).exe
2012-08-13 00:56 - 2012-08-13 00:41 - 83345288 ____A C:\Users\user\Desktop\jdk-7-windows-i586.exe
2012-08-12 22:46 - 2012-08-12 22:41 - 21865936 ____A (Oracle Corporation) C:\Users\user\Downloads\jre-7u4-windows-x64.exe
2012-08-12 22:29 - 2012-08-12 22:24 - 16451497 ____A C:\Users\user\Downloads\jdk-7u5-windows-x64-demos.zip
2012-08-12 22:22 - 2012-08-12 21:55 - 85423313 ____A (Oracle Corporation) C:\Users\user\Downloads\jdk-7u5-windows-x64.exe
2012-08-12 21:37 - 2012-08-12 21:37 - 00352968 ____A (Softonic) C:\Users\user\Downloads\SoftonicDownloader_for_java-development-kit.exe
2012-08-11 08:58 - 2012-08-11 08:55 - 00001071 ____A C:\Users\user\Documents\FizzBuzz2.class
2012-08-11 08:57 - 2012-08-11 08:57 - 00001268 ____A C:\Users\user\Documents\Averager$Test.class
2012-08-11 08:57 - 2012-08-11 08:57 - 00001092 ____A C:\Users\user\Documents\Averager.class
2012-08-11 08:57 - 2012-08-11 08:46 - 00001277 ____A C:\Users\user\Documents\FactComputer.java
2012-08-11 08:57 - 2012-08-11 07:49 - 00001963 ____A C:\Users\user\Documents\Averager.java
2012-08-11 08:55 - 2012-08-11 08:53 - 00001222 ____A C:\Users\user\Documents\FizzBuzz2.java
2012-08-11 07:56 - 2012-08-11 07:56 - 00000450 ____A C:\Users\user\Documents\Hello.java
2012-08-11 07:42 - 2012-08-11 07:36 - 00011330 ____A C:\Users\user\Documents\HighLowWithImages.java
2012-08-11 07:39 - 2012-08-11 07:37 - 00000468 ____A C:\Users\user\Documents\HighLowWithImages.class
2012-08-11 07:20 - 2012-08-11 07:20 - 00022910 ____A C:\Users\user\Downloads\PaintWithOffScreenCanvas.java
2012-08-11 07:19 - 2012-08-11 07:19 - 00011238 ____A C:\Users\user\Downloads\HighLowWithImages.java
2012-08-11 07:18 - 2012-08-11 07:18 - 00000846 ____A C:\Users\user\Downloads\HighLowGUI.java
2012-08-11 00:24 - 2012-08-11 00:23 - 02893191 ____A C:\Users\user\Downloads\1302981014_nbruby041611.zip
2012-08-10 22:34 - 2012-08-10 22:34 - 00662689 ____A (MinGW ) C:\Users\user\Downloads\mingw-get-inst-20120426 (1).exe
2012-08-10 22:24 - 2012-08-10 22:24 - 00000044 ____A C:\Windows\MSYS.INI
2012-08-10 22:03 - 2012-08-10 06:10 - 00662689 ____A (MinGW ) C:\Users\user\Downloads\mingw-get-inst-20120426.exe
2012-08-10 16:56 - 2012-10-09 21:20 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2012-08-10 15:56 - 2012-10-09 21:20 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2012-08-08 21:42 - 2012-08-08 21:24 - 00070983 ____A C:\Users\user\Documents\Reconcialtion Ukonongo.xlsx
2012-08-07 01:21 - 2012-08-07 01:21 - 00208406 ____A C:\Users\user\Downloads\ehep-1.0.0.zip
2012-08-06 23:57 - 2012-08-06 23:53 - 18595693 ____A (Leapconverter Software, Inc. ) C:\Users\user\Downloads\freemp3_to_m4a_aac_converter.exe
2012-08-06 21:39 - 2012-08-06 21:39 - 00189424 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-08-06 21:39 - 2012-08-06 21:39 - 00188912 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-08-06 21:16 - 2012-08-06 21:15 - 05443429 ____A C:\Users\user\Downloads\winpathed.zip
2012-08-06 12:39 - 2012-08-06 12:39 - 00000906 ___RA C:\Windows\System32\BitLocker Recovery Key 4B504857-FDB6-4525-B947-5B217B24205B.txt
2012-08-06 05:55 - 2012-08-06 05:55 - 00008765 ____A C:\Users\user\Documents\Inputs.xlsx
2012-08-06 00:29 - 2012-08-06 00:27 - 00338609 ____A C:\Users\user\Downloads\Pulmon Beta 1.rar
2012-08-06 00:14 - 2012-08-06 00:14 - 00205772 ____A C:\Users\user\Downloads\Pulmon Start.rar
2012-08-05 21:23 - 2012-08-05 21:12 - 27669608 ____A (IObit ) C:\Users\user\Downloads\asc-setup.exe
2012-08-03 21:19 - 2012-08-03 21:19 - 00012073 ____A C:\Users\user\Documents\Offsite Bales.xlsx
2012-08-02 09:58 - 2012-09-12 04:37 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2012-08-02 08:57 - 2012-09-12 04:37 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2012-08-01 23:07 - 2012-08-01 23:07 - 00000252 ____A C:\Users\user\AppData\Roaming\GPU MeterV2_Settings.ini
2012-08-01 22:54 - 2012-08-01 22:54 - 02086577 ____A C:\Users\user\Downloads\Windows-vNext.themepack
2012-08-01 22:52 - 2012-08-01 22:52 - 00009886 ____A C:\Users\user\Documents\tablets.xlsx
2012-08-01 21:52 - 2012-08-01 21:39 - 32261212 ____A C:\Users\user\Downloads\Windows_8_7282_RC.rar
2012-08-01 00:11 - 2012-08-01 00:11 - 06956544 ____A C:\Users\user\Documents\Bkp_Sec_20120730.bak

==================== Known DLLs (Whitelisted) =================

[2009-07-13 16:18] - [2009-07-13 17:41] - 0083456 ____A (Microsoft Corporation) C:\Windows\System32\msacm32.dll
[2009-07-13 16:03] - [2009-07-13 17:15] - 0072192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msacm32.dll
[2009-07-13 15:21] - [2009-07-13 17:41] - 0006656 ____A (Microsoft Corporation) C:\Windows\System32\shimeng.dll
[2009-07-13 15:12] - [2009-07-13 17:16] - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
[2009-07-13 15:55] - [2012-01-23 03:06] - 0332288 ____A (Microsoft Corporation) C:\Windows\System32\uxtheme.dll
[2009-07-13 15:39] - [2009-07-13 17:11] - 0245760 ____A (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe
[2012-10-20 00:11] - [2011-07-02 17:16] - 2930176 ____A (Microsoft Corporation) 504FCEDB4333FAEFFF05CDAC4952BB1A

C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-10-11 21:31:23
Restore point made on: 2012-10-11 21:37:04
Restore point made on: 2012-10-12 21:59:57
Restore point made on: 2012-10-14 21:16:16
Restore point made on: 2012-10-17 00:36:02
Restore point made on: 2012-10-18 02:00:18
Restore point made on: 2012-10-19 22:48:54
Restore point made on: 2012-10-19 23:26:06
Restore point made on: 2012-10-19 23:57:18
Restore point made on: 2012-10-21 21:15:46
Restore point made on: 2012-10-24 21:25:48

==================== Memory info ===========================

Percentage of memory in use: 17%
Total physical RAM: 4043.86 MB
Available physical RAM: 3346.25 MB
Total Pagefile: 4042.01 MB
Available Pagefile: 3341.97 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:445.7 GB) (Free:103.98 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive e: (Recovery) (Fixed) (Total:15.9 GB) (Free:1.72 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive f: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:1.08 GB) FAT32
5 Drive h: () (Removable) (Total:7.5 GB) (Free:7.27 GB) NTFS
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
7 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 7680 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 199 MB 1024 KB
Partition 2 Primary 445 GB 200 MB
Partition 3 Primary 15 GB 445 GB
Partition 4 Primary 4063 MB 461 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 445 GB Healthy

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E Recovery NTFS Partition 15 GB Healthy

=========================================================

Disk: 0
Partition 4
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F HP_TOOLS FAT32 Partition 4063 MB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7678 MB 1032 KB

==================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H NTFS Removable 7678 MB Healthy

=========================================================

Last Boot: 2012-10-17 11:49

==================== End Of Log =============================

#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:44 AM

Posted 29 October 2012 - 12:11 PM

Thanks for the feedback.

Let's give this another try.

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
Last Boot: 2012-10-17 11:49
Replace: C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe C:\Windows\explorer.exe
end

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options and select Command Prompt.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Also please restart, let it boot normally and tell me how it went. In case the system didn't boot please post a fresh FRST log because with the fix an older registry back up is restored.

#9 thegonga

thegonga
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Katavi
  • Local time:02:44 AM

Posted 30 October 2012 - 12:42 AM

Again the system is not booting normally

here are the Fix log and fresh FRST log

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-10-2012
Ran by SYSTEM at 2012-10-30 08:20:35 Run:2
Running from H:\

==============================================

DEFAULT hive was successfully copied to System32\config\HiveBackup
DEFAULT hive was successfully restored from registry back up.
SAM hive was successfully copied to System32\config\HiveBackup
SAM hive was successfully restored from registry back up.
SECURITY hive was successfully copied to System32\config\HiveBackup
SECURITY hive was successfully restored from registry back up.
SOFTWARE hive was successfully copied to System32\config\HiveBackup
SOFTWARE hive was successfully restored from registry back up.
SYSTEM hive was successfully copied to System32\config\HiveBackup
SYSTEM hive was successfully restored from registry back up.
C:\Windows\explorer.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe copied successfully to C:\Windows\explorer.exe

==== End of Fixlog ====




fresh FRST log

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-10-2012
Ran by SYSTEM at 30-10-2012 08:30:17
Running from H:\
Windows 7 Ultimate (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-06-07] (IDT, Inc.)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1289704 2012-09-12] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [x]
HKLM\...\Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [42808 2011-06-27] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HPUsageTracking] "C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT\" [30264 2009-10-06] (Hewlett-Packard Company)
HKLM-x32\...\Run: [KSafeTray] "C:\Program Files (x86)\Kingsoft\PcDoctor\KSafeTray.exe" -autorun [1308064 2012-04-10] (Kingsoft Corporation)
HKLM-x32\...\Run: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey [1858152 2012-03-30] (Microsoft Corp.)
HKLM-x32\...\Run: [kxesc] "c:\program files (x86)\kingsoft\kingsoft antivirus\kxetray.exe" -autorun [1595056 2012-10-07] (Kingsoft Corporation)
HKLM-x32\...\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [318520 2011-01-27] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [FileFort] "C:\Program Files (x86)\NCH Software\FileFort\filefort.exe" -logon [964720 2012-09-19] (NCH Software)
HKLM-x32\...\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot [296056 2012-05-23] (RealNetworks, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-02] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [724576 2012-09-25] (Sony Corporation)
HKU\Default\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1668664 2009-10-25] (Hewlett-Packard)
HKU\Default User\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1668664 2009-10-25] (Hewlett-Packard)
HKU\user\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-12-06] (Google Inc.)
HKU\user\...\Run: [Facebook Update] "C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-09-25] (Facebook Inc.)
HKU\user\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
HKU\user\...\Run: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart [288128 2012-05-28] (IObit)
HKU\user\...\Run: [XLaunchPad] C:\Program Files (x86)\XLaunchPad\XLaunchPad.exe [2368000 2012-07-31] (xwidget.com)
HKU\user\...\Policies\system: [DisableLockWorkstation] 0
HKU\user\...\Policies\system: [DisableChangePassword] 0
HKU\user\...\Policies\system: [LogonHoursAction] 2
HKU\user\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Tcpip\Parameters: [DhcpNameServer] 41.72.175.3 41.72.175.4
Tcpip\..\Interfaces\{95C42E44-7667-4E72-BAE0-38FE7E626B77}: [NameServer]202.56.230.2 66.198.145.145
Tcpip\..\Interfaces\{A61C3E57-8416-43E7-B359-74068AE4361C}: [NameServer]8.8.8.8,208.67.222.222,8.8.4.4,208.67.220.220,222.46.120.5,222.46.120.6,211.98.2.4,211.98.2.1
Startup: C:\Users\user\Start Menu\Programs\Startup\Boot BMP Changer.lnk
ShortcutTarget: Boot BMP Changer.lnk -> C:\Program Files (x86)\Boot BMP Changer\BootBMP.exe (No File)
Startup: C:\Users\user\Start Menu\Programs\Startup\XWindows Dock.lnk
ShortcutTarget: XWindows Dock.lnk -> C:\Program Files (x86)\XWindows Dock\XWD.exe (Lichonos Vladimir)

==================== Services (Whitelisted) ===================

2 AdvancedSystemCareService5; C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [913792 2012-05-26] (IObit)
2 BingDesktopUpdate; "C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe" [151656 2012-03-30] (Microsoft Corp.)
3 ExpressAccountsService; "C:\Program Files (x86)\NCH Software\ExpressAccounts\expressaccounts.exe" -service [3051632 2012-09-25] (NCH Software)
3 ExpressInvoiceService; "C:\Program Files (x86)\NCH Software\ExpressInvoice\expressinvoice.exe" -service [2158192 2012-09-17] (NCH Software)
2 HPAuto; "C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe" [682040 2011-02-16] (Hewlett-Packard)
3 hpCMSrv; "C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe" [1098296 2011-06-14] (Hewlett-Packard Development Company L.P.)
3 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [821592 2012-01-09] (IObit)
3 iprip; C:\Windows\System32\iprip.dll [35328 2009-07-13] (Microsoft Corporation)
2 KSafeSvc; "C:\Program Files (x86)\Kingsoft\PcDoctor\KSafeSvc.exe" -svc [452512 2012-04-10] (Kingsoft Corporation)
2 kxescore; "C:\program files (x86)\kingsoft\kingsoft antivirus\kxescore.exe" /service kxescore [123992 2012-07-11] (Kingsoft Corporation)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [22072 2012-09-12] (Microsoft Corporation)
4 msvsmon80; "C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x64\msvsmon.exe" /service msvsmon80 [4476096 2005-09-22] (Microsoft Corporation)
2 MWAgent; C:\PROGRA~2\COMMON~1\MICROW~1\Agent\MWASER.EXE [845320 2010-03-10] (MicroWorld Technologies Inc.)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [368896 2012-09-12] (Microsoft Corporation)
2 PMBDeviceInfoProvider; "C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe" [474208 2012-09-25] (Sony Corporation)
3 UI Assistant Service; C:\Program Files (x86)\Join Air\AssistantServices.exe [246272 2009-07-14] ()
3 UnsignedThemes; C:\Windows\UnsignedThemesSvc.exe [24168 2009-07-12] (The Within Network, LLC)
3 vToolbarUpdater12.1.5; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe [830048 2012-07-27] ()
3 wampapache; "C:\wamp\bin\apache\apache2.2.21\bin\httpd.exe" -k runservice [21504 2011-09-26] (Apache Software Foundation)
3 wampmysqld; C:\wamp\bin\mysql\mysql5.5.16\bin\mysqld.exe wampmysqld [9665536 2011-09-26] ()
2 Web Assistant Updater; C:\Program Files\Web Assistant\ExtensionUpdaterService.exe [185856 2012-05-01] ()
3 Applications Manager; "C:\Program Files (x86)\ManageEngine\AppManager10\working\wrapper.exe" -s conf\wrapper.conf [x]
2 WinDefend; C:\Program Files (x86)\Windows Defender\mpsvc.dll [x]

==================== Drivers (Whitelisted) =====================

3 athr; C:\Windows\System32\DRIVERS\athrx.sys [3678720 2012-06-19] (Qualcomm Atheros Communications, Inc.)
1 avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys [31080 2012-07-27] (AVG Technologies)
3 bdfsfltr; C:\Windows\System32\Drivers\bdfsfltr.sys [340488 2009-07-24] (BitDefender S.R.L. Bucharest, ROMANIA)
3 dgderdrv; C:\Windows\System32\Drivers\dgderdrv.sys [20552 2010-09-13] (Devguru Co., Ltd)
3 FileMonitor; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [21384 2012-01-05] (IObit)
0 kavbootc; C:\Windows\System32\Drivers\kavbootc.sys [27240 2012-07-11] (Kingsoft Corporation)
1 KDHacker; C:\Windows\System32\Drivers\KDHacker.sys [125784 2012-07-11] (Kingsoft Corporation)
2 kisknl; C:\Windows\System32\Drivers\kisknl.sys [210296 2012-08-22] (Kingsoft Corporation)
1 kmodurl; \??\C:\Program Files (x86)\Kingsoft\PcDoctor\kmodurl64.sys [133096 2011-12-19] (Kingsoft Corporation)
3 ksfmonsys; \??\C:\Program Files (x86)\Kingsoft\PcDoctor\ksfmonsys64.sys [21320 2012-04-10] (Kingsoft Corporation)
4 KUsbGuard; \??\C:\Program Files (x86)\Kingsoft\kingsoft antivirus\kusbquery64.sys [18296 2012-09-11] (Kingsoft Corporation)
0 MpFilter; C:\Windows\System32\Drivers\MpFilter.sys [228768 2012-08-30] (Microsoft Corporation)
2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [128456 2012-08-30] (Microsoft Corporation)
3 PsxDrv; C:\Windows\System32\Drivers\PsxDrv.sys [10240 2009-07-13] (Microsoft Corporation)
3 RegFilter; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [33184 2012-04-28] (IObit.com)
0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [17720 2010-11-26] ()
3 UrlFilter; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [21872 2012-04-28] (IObit.com)
2 uxpatch; C:\Windows\System32\Drivers\uxpatch.sys [30568 2009-07-12] ()
3 vodafone_K380x-z_dc_enum; C:\Windows\System32\Drivers\vodafone_K380x-z_dc_enum.sys [75776 2010-05-20] (Vodafone)
3 WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-10-31] (OpenLibSys.org)
3 ZTEusbwwan; C:\Windows\System32\Drivers\ZTEusbwwan.sys [235520 2011-04-18] (ZTE Incorporated)
3 catchme; \??\C:\ComboFix\catchme.sys [x]
0 SR; [x]
2 SRService; [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2012-10-30 08:20 - 2012-10-30 08:20 - 00000000 ____D C:\Windows\System32\config\HiveBackup
2012-10-27 13:33 - 2012-10-27 13:33 - 00000000 ____D C:\FRST
2012-10-26 07:39 - 2012-10-26 09:27 - 00000000 ___HD C:\_Exception1
2012-10-24 21:14 - 2012-10-24 21:15 - 00000000 ____D C:\Users\user\AppData\Local\{F07B9708-3EE1-4FA6-BBF2-1051C451E178}
2012-10-24 12:15 - 2012-10-24 12:15 - 00000000 ____D C:\Users\user\AppData\Local\{53E2B7E2-8DC0-408E-9FBD-10D2207EE98E}
2012-10-23 23:35 - 2012-10-23 23:35 - 00013847 ____A C:\Users\user\Documents\Payments 2012.xlsx
2012-10-23 22:13 - 2012-10-23 22:13 - 00000000 ____D C:\Users\user\AppData\Local\{56D89B6B-FB03-485D-B73D-FB649911C196}
2012-10-23 21:04 - 2012-10-23 21:04 - 00000000 ____D C:\Users\user\AppData\Local\{F7E08D87-DF2E-4A85-85F4-E74202DA1381}
2012-10-23 03:50 - 2012-10-23 03:51 - 01873160 ____A (Conduit) C:\Users\user\Downloads\WeLoveMusic.exe
2012-10-22 21:03 - 2012-10-22 21:03 - 00000000 ____D C:\Users\user\AppData\Local\{5643005F-0B83-4F60-B83E-F996F31D6793}
2012-10-22 10:47 - 2012-10-22 10:47 - 00000000 ____D C:\Users\user\AppData\Local\{5D3CDE61-F8C1-4E40-AE41-2B8FC3D8C470}
2012-10-22 09:22 - 2010-12-02 03:58 - 27247964 ____A C:\Users\user\Documents\AVSEQ01.DAT
2012-10-22 09:20 - 2011-05-14 07:00 - 53961099 ____A C:\Users\user\Documents\Busty MILF Wearing Satin bleep Machine.flv
2012-10-22 09:19 - 2011-01-06 23:03 - 33260021 ____A C:\Users\user\Documents\melissa_mpeg4.mp4
2012-10-22 09:19 - 2010-11-07 14:18 - 22962954 ____A C:\Users\user\Documents\Mtoto malaya.mp4
2012-10-22 09:17 - 2012-10-22 09:17 - 00000000 ____D C:\Users\user\AppData\Local\{24550164-C4EB-4AF6-A151-904B2A58E089}
2012-10-21 21:06 - 2012-10-21 21:09 - 00000000 ____D C:\Users\user\AppData\Local\{404E88E2-87AA-45E3-B2AA-7BDB77BD7DC9}
2012-10-21 00:46 - 2012-10-29 12:01 - 00000000 ___HD C:\Users\user\Documents\.picasaoriginals
2012-10-21 00:45 - 2012-10-21 00:47 - 00000113 ___AH C:\Users\user\Documents\.picasa.ini
2012-10-20 23:50 - 2012-10-20 23:50 - 00000000 ____D C:\Users\user\Documents\103SSCAM
2012-10-20 23:31 - 2012-10-29 12:01 - 00000000 ____D C:\Program Files (x86)\DVD Shrink
2012-10-20 23:31 - 2012-10-22 21:09 - 00000000 ____D C:\Users\All Users\DVD Shrink
2012-10-20 23:12 - 2012-10-29 11:58 - 00000000 ____D C:\Users\user\Documents\www
2012-10-20 21:30 - 2012-10-20 21:30 - 00000000 ____D C:\Users\user\AppData\Local\{1FDEB07A-6C66-4B4A-9CD2-E1B8581A719B}
2012-10-20 10:14 - 2012-10-20 10:14 - 00000000 ____D C:\Users\user\AppData\Local\{57430025-2E9B-431C-837A-AD3AD72751D7}
2012-10-20 00:42 - 2012-10-20 00:43 - 00658944 ____A (Coder for Life) C:\Users\user\Downloads\Win7BootUpdater (1).exe
2012-10-20 00:12 - 2010-11-20 19:24 - 00249856 ____A (Microsoft Corporation) C:\Windows\System32\stobject.dll
2012-10-20 00:11 - 2012-06-08 21:43 - 14171136 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-10-20 00:11 - 2011-07-02 17:16 - 02871808 ____A (Microsoft Corporation) C:\Windows\explorer.exe
2012-10-20 00:11 - 2010-11-20 19:24 - 02059776 ____A (Microsoft Corporation) C:\Windows\System32\ExplorerFrame.dll
2012-10-20 00:11 - 2010-11-20 19:24 - 00749568 ____A (Microsoft Corporation) C:\Windows\System32\batmeter.dll
2012-10-20 00:11 - 2010-11-20 19:23 - 01927168 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2012-10-20 00:11 - 2010-11-20 19:23 - 01574912 ____A (Microsoft Corporation) C:\Windows\System32\pnidui.dll
2012-10-20 00:11 - 2010-11-20 19:23 - 00143872 ____A (Microsoft Corporation) C:\Windows\System32\SndVolSSO.dll
2012-10-20 00:11 - 2009-07-13 17:28 - 16842752 ____A (Microsoft Corporation) C:\Windows\System32\imageres.dll
2012-10-19 23:43 - 2010-11-20 19:24 - 00014336 ____A (Microsoft Corporation) C:\Windows\System32\browseui.dll
2012-10-19 23:43 - 2009-07-13 17:38 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\wscui.cpl
2012-10-19 23:31 - 2012-10-19 23:31 - 01376768 ____A C:\Users\user\Downloads\7z920-x64.msi
2012-10-19 22:50 - 2012-09-24 12:16 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2012-10-19 22:50 - 2012-09-24 12:08 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-10-19 22:50 - 2012-09-24 12:07 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-10-19 22:49 - 2012-10-19 22:50 - 00004119 ____A C:\Windows\SysWOW64\jupdate-1.7.0_09-b05.log
2012-10-19 21:11 - 2012-10-19 21:11 - 00000000 ____D C:\Users\user\AppData\Local\{D955DECC-9E67-43CC-974B-DF5399BE7A46}
2012-10-19 21:09 - 2012-10-19 22:39 - 00000336 ____A C:\Windows\Tasks\HPCeeScheduleForFREDG$.job
2012-10-19 21:08 - 2012-10-19 21:08 - 00000394 ____A C:\Windows\PFRO.log
2012-10-19 00:05 - 2012-10-19 00:25 - 47436176 ____A (Apple Inc.) C:\Users\user\Downloads\iCloudSetup.exe
2012-10-18 23:17 - 2012-10-18 23:48 - 00000061 ____A C:\Users\user\Documents\reject.txt
2012-10-18 22:46 - 2012-10-18 22:46 - 00000000 ____D C:\Program Files (x86)\Tweaks
2012-10-18 22:44 - 2012-10-18 22:44 - 01069632 ____A C:\Users\user\Downloads\FB_Cover_Maker.exe
2012-10-18 21:14 - 2012-10-18 21:14 - 00000000 ____D C:\Users\user\AppData\Local\{F1067694-96E6-4958-BE65-655374059754}
2012-10-17 21:09 - 2012-10-17 21:10 - 00000000 ____D C:\Users\user\AppData\Local\{5D26C5A4-C123-4930-9D02-F35C228D3C24}
2012-10-17 11:07 - 2012-10-17 11:07 - 00000000 ____D C:\Users\user\AppData\Local\{C0BAE662-E435-400F-91FF-D595039FEBF1}
2012-10-17 00:36 - 2012-10-17 00:36 - 00000724 ____A C:\Windows\DirectX.log
2012-10-16 22:49 - 2012-10-16 22:49 - 00373456 ____A (Softonic) C:\Users\user\Downloads\SoftonicDownloader_for_windows-7-logon-screen-editor.exe
2012-10-16 22:40 - 2012-10-16 22:40 - 00425568 ____A (Yahoo! Inc.) C:\Users\user\Downloads\yahoo-messenger-11-5-0-155-es-win.exe
2012-10-16 22:39 - 2012-10-16 22:40 - 01075736 ____A C:\Users\user\Downloads\yahoo-messenger-11.5.0.155-en-win-setup.exe
2012-10-16 22:36 - 2012-10-29 12:01 - 00000000 ____D C:\Program Files (x86)\Logon Screen
2012-10-16 22:35 - 2012-10-16 22:35 - 01382922 ____A (Daniel Rebelo ) C:\Users\user\Downloads\logon-screen-2.40.exe
2012-10-16 22:34 - 2012-10-16 22:34 - 01075736 ____A C:\Users\user\Downloads\logon-screen-2.40-en-win-setup.exe
2012-10-16 22:22 - 2012-10-16 22:23 - 00000000 ____D C:\Users\user\AppData\Local\Windows 7 Account Screen Editor
2012-10-16 22:22 - 2012-10-16 22:22 - 00000000 ____D C:\Users\user\Downloads\Windows_7_Logon_screen_editor_by_bcubing
2012-10-16 22:20 - 2012-10-16 22:21 - 01604149 ____A C:\Users\user\Downloads\Windows_7_Logon_screen_editor_by_bcubing.zip
2012-10-16 22:18 - 2012-10-16 22:19 - 00827707 ____A C:\Users\user\Downloads\Unconfirmed 680486.crdownload
2012-10-16 21:50 - 2012-10-16 21:50 - 00027367 ____A C:\Users\user\Documents\LABES.xlsx
2012-10-16 21:12 - 2012-10-16 21:12 - 00000000 ____D C:\Users\user\AppData\Local\{0ABA69A3-9A9F-4C69-B06F-6FAE19FE961F}
2012-10-16 06:08 - 2012-10-16 06:08 - 00110679 ____A C:\Users\user\Documents\SEEDS '12-'13 crop.xlsx
2012-10-15 21:53 - 2012-10-15 21:53 - 00191823 ____A C:\Users\user\Downloads\naturalbeautiestemp1117.zip
2012-10-15 21:13 - 2012-10-15 21:14 - 00000000 ____D C:\Users\user\AppData\Local\{8D508AF8-D113-434D-A042-CF3C43EEE3BD}
2012-10-14 23:27 - 2012-10-14 23:28 - 00000082 ___AH C:\IPH.PH
2012-10-14 21:04 - 2012-10-14 21:05 - 00000000 ____D C:\Users\user\AppData\Local\{6A5DC5AF-DE98-47F8-8EBE-C827576A8129}
2012-10-13 11:37 - 2012-10-13 11:37 - 00000000 ____D C:\Users\user\AppData\Local\{C8AC7B93-3BF5-4F44-AD5C-9776F8F605C5}
2012-10-12 22:33 - 2012-10-12 22:33 - 00657408 ____A (Abdul Fatir Ansari) C:\Users\user\Downloads\Se7en Logon Changer 7LC 1.1.exe
2012-10-12 21:46 - 2012-10-12 21:47 - 03165621 ____A C:\Users\user\Downloads\EmergeDesktop-6.1.1.exe
2012-10-12 21:24 - 2012-10-12 21:24 - 00248259 ____A C:\Users\user\Downloads\tweakslogon.zip
2012-10-12 21:24 - 2012-10-12 21:24 - 00000000 ____D C:\Users\user\Downloads\tweakslogon
2012-10-12 21:06 - 2012-10-12 21:06 - 00000000 ____D C:\Users\user\AppData\Local\{0636CE81-96FE-4FF7-B9EA-5F8E48AABBE9}
2012-10-12 05:49 - 2012-10-12 05:49 - 00000000 ____D C:\Users\user\Downloads\Token_by_brsev
2012-10-12 05:46 - 2012-10-12 05:47 - 06892672 ____A C:\Users\user\Downloads\Token_by_brsev.zip
2012-10-12 05:27 - 2012-10-24 21:10 - 00003380 ____A C:\Windows\setupact.log
2012-10-12 05:27 - 2012-10-12 05:27 - 00000000 ____A C:\Windows\setuperr.log
2012-10-12 01:55 - 2012-10-12 01:55 - 00000000 ____D C:\Users\user\Downloads\8TP6
2012-10-11 21:15 - 2012-10-11 21:15 - 43941888 ____A C:\Windows\System32\config\COMPONENTS.iobit
2012-10-11 21:15 - 2012-10-11 21:15 - 23814144 ____A C:\Windows\System32\config\SYSTEM.iobit
2012-10-11 21:15 - 2012-10-11 21:15 - 133054464 ____A C:\Windows\System32\config\SOFTWARE.iobit
2012-10-11 21:15 - 2012-10-11 21:15 - 01114112 ____A C:\Windows\System32\config\DEFAULT.iobit
2012-10-11 21:15 - 2012-10-11 21:15 - 00065536 ____A C:\Windows\System32\config\SAM.iobit
2012-10-11 21:15 - 2012-10-11 21:15 - 00032768 ____A C:\Windows\System32\config\SECURITY.iobit
2012-10-11 21:07 - 2012-10-11 21:07 - 00000000 ____D C:\Users\user\AppData\Local\{14A05542-1ADD-4864-A4F4-2D2C0CD1A9E7}
2012-10-11 06:28 - 2012-10-11 06:28 - 00000000 ____D C:\Users\user\Downloads\metamorph_seasonspring
2012-10-11 06:27 - 2012-10-11 06:27 - 00000000 ____D C:\Users\user\Downloads\metamorph_newstyle
2012-10-11 06:26 - 2012-10-11 06:26 - 00904595 ____A C:\Users\user\Downloads\metamorph_seasonspring.zip
2012-10-11 06:24 - 2012-10-11 06:24 - 00893578 ____A C:\Users\user\Downloads\metamorph_newstyle.zip
2012-10-11 06:21 - 2012-10-11 06:21 - 02221362 ____A C:\Users\user\Downloads\metamorph_seasonfall.zip
2012-10-11 06:21 - 2012-10-11 06:21 - 00000000 ____D C:\Users\user\Downloads\metamorph_seasonfall
2012-10-11 06:19 - 2012-10-11 06:19 - 00000000 ____D C:\Users\user\Downloads\metamorph_clearsky
2012-10-11 06:18 - 2012-10-11 06:18 - 01848617 ____A C:\Users\user\Downloads\metamorph_clearsky.zip
2012-10-11 06:15 - 2012-10-11 06:15 - 00000000 ____D C:\Users\user\Downloads\FW272
2012-10-11 06:14 - 2012-10-11 06:15 - 02088624 ____A C:\Users\user\Downloads\FW272.zip
2012-10-11 01:42 - 2012-10-11 01:42 - 00000000 ____D C:\Users\user\AppData\Local\{01102C13-5CE8-4607-84C2-A79EE0B46444}
2012-10-10 22:01 - 2012-10-10 22:01 - 00373448 ____A (Softonic) C:\Users\user\Downloads\SoftonicDownloader_for_windows-8-charms-bar-skin.exe
2012-10-10 03:04 - 2012-10-10 03:04 - 03025006 ____A C:\Users\user\Downloads\setup_seeandtype.exe
2012-10-10 02:43 - 2012-10-10 02:43 - 00000000 ____D C:\Users\user\AppData\Roaming\RapidTyping
2012-10-10 02:43 - 2012-10-10 02:43 - 00000000 ____D C:\Users\All Users\RapidTyping
2012-10-10 01:49 - 2012-10-10 02:13 - 85547188 ____A (Broderbund Software ) C:\Users\user\Downloads\MBTT Dlx 17 Setup.exe
2012-10-10 01:47 - 2012-10-29 12:01 - 00000000 ____D C:\Program Files (x86)\RapidTyping
2012-10-10 01:45 - 2012-10-10 01:47 - 08819669 ____A C:\Users\user\Downloads\RapidTyping_Setup_4.exe
2012-10-10 01:34 - 2012-10-12 05:50 - 00000000 ____D C:\Program Files (x86)\NCH Software
2012-10-10 01:34 - 2012-10-10 01:34 - 01512056 ____A (NCH Software) C:\Users\user\Downloads\kbsetup.exe
2012-10-09 21:23 - 2012-08-31 10:19 - 01659760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2012-10-09 21:22 - 2012-08-30 10:03 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-10-09 21:22 - 2012-08-30 09:12 - 03968880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-10-09 21:22 - 2012-08-30 09:12 - 03914096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-10-09 21:22 - 2012-08-20 10:48 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-10-09 21:22 - 2012-08-20 10:48 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-10-09 21:22 - 2012-08-20 10:48 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2012-10-09 21:22 - 2012-08-20 10:48 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2012-10-09 21:22 - 2012-08-20 10:48 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-10-09 21:22 - 2012-08-20 10:48 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2012-10-09 21:22 - 2012-08-20 10:48 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2012-10-09 21:22 - 2012-08-20 10:46 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2012-10-09 21:22 - 2012-08-20 10:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 10:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 10:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 10:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 09:40 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2012-10-09 21:22 - 2012-08-20 09:38 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2012-10-09 21:22 - 2012-08-20 09:37 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2012-10-09 21:22 - 2012-08-20 09:37 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2012-10-09 21:22 - 2012-08-20 09:37 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2012-10-09 21:22 - 2012-08-20 09:32 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 09:32 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 07:38 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2012-10-09 21:22 - 2012-08-20 07:38 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2012-10-09 21:22 - 2012-08-20 07:33 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 07:33 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 07:33 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-10-09 21:22 - 2012-08-20 07:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2012-10-09 21:21 - 2012-09-14 11:19 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-10-09 21:21 - 2012-09-14 10:28 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-10-09 21:21 - 2012-08-24 10:05 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-10-09 21:21 - 2012-08-24 08:57 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-10-09 21:20 - 2012-08-10 16:56 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2012-10-09 21:20 - 2012-08-10 15:56 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2012-10-09 21:20 - 2012-06-01 21:41 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-10-09 21:20 - 2012-06-01 21:41 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-10-09 21:20 - 2012-06-01 21:41 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-10-09 21:20 - 2012-06-01 20:36 - 01159680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-10-09 21:20 - 2012-06-01 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-10-09 21:20 - 2012-06-01 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-10-09 04:02 - 2012-10-09 04:03 - 00000000 ____D C:\Users\user\Documents\Avater 2
2012-10-09 04:00 - 2012-10-09 04:01 - 04157360 ____A (http://yourfiledownloader.com) C:\Users\user\Downloads\Cbt_Gx6102S01_A6V4_FACY4_2012_05_19.rar_downloader_224 (1).exe
2012-10-09 03:52 - 2012-10-09 03:53 - 04157360 ____A (http://yourfiledownloader.com) C:\Users\user\Downloads\Cbt_Gx6102S01_A6V4_FACY4_2012_05_19.rar_downloader_224.exe
2012-10-08 22:13 - 2012-10-08 22:13 - 00015888 ____A C:\Users\user\Documents\LA LIGA spain.xlsx_2012-10-09_09-13-41.enc
2012-10-08 22:02 - 2012-10-08 22:02 - 00009428 ____A C:\Users\user\Documents\kitchen.xlsx_2012-10-09_09-02-36.enc
2012-10-08 21:25 - 2012-10-08 21:25 - 00763424 ____A (Google Inc.) C:\Users\user\Downloads\GoogleEarthPluginSetup.exe
2012-10-06 09:39 - 2012-10-18 02:21 - 00000000 ____D C:\Users\user\Documents\PIUS PICS
2012-10-06 07:02 - 2012-10-06 07:02 - 00000000 ____D C:\Program Files (x86)\ScreenSaverGift
2012-10-03 23:38 - 2012-10-03 23:39 - 00000000 ____D C:\Users\user\AppData\Local\{F0DF93F2-200F-42FF-8EC3-52D7617E9599}
2012-10-03 21:51 - 2012-10-03 21:52 - 00000000 ____D C:\Users\user\Documents\BEI
2012-10-03 10:34 - 2012-10-03 10:34 - 00000000 ____D C:\Users\user\AppData\Local\{39AA94CA-7EDE-438D-834D-164F4E404D9B}
2012-10-03 05:43 - 2012-10-04 00:31 - 00000000 ____D C:\Program Files (x86)\Easy Video Splitter
2012-10-03 05:42 - 2012-10-03 05:42 - 01200623 ____A C:\Users\user\Downloads\ezsplitter.exe
2012-10-03 01:58 - 2012-10-03 02:03 - 31192520 ____A (Any-Video-Converter.com ) C:\Users\user\Downloads\avc-free (1).exe
2012-10-02 21:56 - 2012-10-02 21:56 - 00000000 ____D C:\Users\user\AppData\Local\{07024469-7B0B-4BBD-BAA0-A67C11C28FC3}
2012-10-02 12:35 - 2012-10-02 12:35 - 00168268 ____A C:\Users\user\Documents\my logo.tlc
2012-10-02 11:17 - 2012-10-02 11:17 - 00000000 ____D C:\Users\user\AppData\Local\{1A8A0524-AB5C-4D18-A93F-3643DA9C1F8C}
2012-10-01 06:02 - 2011-06-07 00:13 - 00821824 ____A (Devguru Co., Ltd.) C:\Windows\SysWOW64\dgderapi.dll
2012-09-30 21:56 - 2012-09-30 21:56 - 00000846 ____A C:\Users\user\Downloads\HighLowGUI (1).java
2012-09-30 21:53 - 2012-09-30 21:53 - 00012036 ____A C:\Users\user\Downloads\SimplePaint2.java
2012-09-30 21:42 - 2012-10-24 21:17 - 00000000 ____D C:\Users\All Users\Safe
2012-09-30 21:39 - 2012-09-30 21:39 - 00045679 ____A C:\ComboFix.txt

==================== 3 Months Modified Files ==================

2012-10-24 21:21 - 2009-07-13 20:45 - 00032544 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-10-24 21:21 - 2009-07-13 20:45 - 00032544 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-10-24 21:18 - 2012-03-25 00:36 - 02086989 ____A C:\Windows\WindowsUpdate.log
2012-10-24 21:10 - 2012-10-12 05:27 - 00003380 ____A C:\Windows\setupact.log
2012-10-24 21:10 - 2012-05-30 00:36 - 00065536 ____A C:\Windows\System32\Ikeext.etl
2012-10-24 21:10 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-10-24 12:28 - 2012-03-29 21:29 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-10-24 12:19 - 2009-07-13 21:13 - 00876558 ____A C:\Windows\System32\PerfStringBackup.INI
2012-10-23 23:35 - 2012-10-23 23:35 - 00013847 ____A C:\Users\user\Documents\Payments 2012.xlsx
2012-10-23 03:51 - 2012-10-23 03:50 - 01873160 ____A (Conduit) C:\Users\user\Downloads\WeLoveMusic.exe
2012-10-22 09:14 - 2012-09-23 22:21 - 00000328 ____A C:\Windows\Tasks\HPCeeScheduleForuser.job
2012-10-22 05:13 - 2012-01-23 04:23 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
2012-10-21 00:47 - 2012-10-21 00:45 - 00000113 ___AH C:\Users\user\Documents\.picasa.ini
2012-10-20 00:43 - 2012-10-20 00:42 - 00658944 ____A (Coder for Life) C:\Users\user\Downloads\Win7BootUpdater (1).exe
2012-10-19 23:31 - 2012-10-19 23:31 - 01376768 ____A C:\Users\user\Downloads\7z920-x64.msi
2012-10-19 22:50 - 2012-10-19 22:49 - 00004119 ____A C:\Windows\SysWOW64\jupdate-1.7.0_09-b05.log
2012-10-19 22:39 - 2012-10-19 21:09 - 00000336 ____A C:\Windows\Tasks\HPCeeScheduleForFREDG$.job
2012-10-19 22:39 - 2009-07-13 20:45 - 00591328 ____A C:\Windows\System32\FNTCACHE.DAT
2012-10-19 22:35 - 2011-12-06 02:45 - 00172944 ____A C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT
2012-10-19 21:08 - 2012-10-19 21:08 - 00000394 ____A C:\Windows\PFRO.log
2012-10-19 21:08 - 2009-07-13 21:08 - 00032632 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-10-19 00:25 - 2012-10-19 00:05 - 47436176 ____A (Apple Inc.) C:\Users\user\Downloads\iCloudSetup.exe
2012-10-18 23:48 - 2012-10-18 23:17 - 00000061 ____A C:\Users\user\Documents\reject.txt
2012-10-18 22:44 - 2012-10-18 22:44 - 01069632 ____A C:\Users\user\Downloads\FB_Cover_Maker.exe
2012-10-17 00:36 - 2012-10-17 00:36 - 00000724 ____A C:\Windows\DirectX.log
2012-10-16 22:49 - 2012-10-16 22:49 - 00373456 ____A (Softonic) C:\Users\user\Downloads\SoftonicDownloader_for_windows-7-logon-screen-editor.exe
2012-10-16 22:40 - 2012-10-16 22:40 - 00425568 ____A (Yahoo! Inc.) C:\Users\user\Downloads\yahoo-messenger-11-5-0-155-es-win.exe
2012-10-16 22:40 - 2012-10-16 22:39 - 01075736 ____A C:\Users\user\Downloads\yahoo-messenger-11.5.0.155-en-win-setup.exe
2012-10-16 22:35 - 2012-10-16 22:35 - 01382922 ____A (Daniel Rebelo ) C:\Users\user\Downloads\logon-screen-2.40.exe
2012-10-16 22:34 - 2012-10-16 22:34 - 01075736 ____A C:\Users\user\Downloads\logon-screen-2.40-en-win-setup.exe
2012-10-16 22:21 - 2012-10-16 22:20 - 01604149 ____A C:\Users\user\Downloads\Windows_7_Logon_screen_editor_by_bcubing.zip
2012-10-16 22:19 - 2012-10-16 22:18 - 00827707 ____A C:\Users\user\Downloads\Unconfirmed 680486.crdownload
2012-10-16 21:50 - 2012-10-16 21:50 - 00027367 ____A C:\Users\user\Documents\LABES.xlsx
2012-10-16 06:08 - 2012-10-16 06:08 - 00110679 ____A C:\Users\user\Documents\SEEDS '12-'13 crop.xlsx
2012-10-15 21:53 - 2012-10-15 21:53 - 00191823 ____A C:\Users\user\Downloads\naturalbeautiestemp1117.zip
2012-10-14 23:28 - 2012-10-14 23:27 - 00000082 ___AH C:\IPH.PH
2012-10-12 22:33 - 2012-10-12 22:33 - 00657408 ____A (Abdul Fatir Ansari) C:\Users\user\Downloads\Se7en Logon Changer 7LC 1.1.exe
2012-10-12 21:47 - 2012-10-12 21:46 - 03165621 ____A C:\Users\user\Downloads\EmergeDesktop-6.1.1.exe
2012-10-12 21:24 - 2012-10-12 21:24 - 00248259 ____A C:\Users\user\Downloads\tweakslogon.zip
2012-10-12 05:47 - 2012-10-12 05:46 - 06892672 ____A C:\Users\user\Downloads\Token_by_brsev.zip
2012-10-12 05:27 - 2012-10-12 05:27 - 00000000 ____A C:\Windows\setuperr.log
2012-10-11 21:15 - 2012-10-11 21:15 - 43941888 ____A C:\Windows\System32\config\COMPONENTS.iobit
2012-10-11 21:15 - 2012-10-11 21:15 - 23814144 ____A C:\Windows\System32\config\SYSTEM.iobit
2012-10-11 21:15 - 2012-10-11 21:15 - 133054464 ____A C:\Windows\System32\config\SOFTWARE.iobit
2012-10-11 21:15 - 2012-10-11 21:15 - 01114112 ____A C:\Windows\System32\config\DEFAULT.iobit
2012-10-11 21:15 - 2012-10-11 21:15 - 00065536 ____A C:\Windows\System32\config\SAM.iobit
2012-10-11 21:15 - 2012-10-11 21:15 - 00032768 ____A C:\Windows\System32\config\SECURITY.iobit
2012-10-11 06:26 - 2012-10-11 06:26 - 00904595 ____A C:\Users\user\Downloads\metamorph_seasonspring.zip
2012-10-11 06:24 - 2012-10-11 06:24 - 00893578 ____A C:\Users\user\Downloads\metamorph_newstyle.zip
2012-10-11 06:21 - 2012-10-11 06:21 - 02221362 ____A C:\Users\user\Downloads\metamorph_seasonfall.zip
2012-10-11 06:18 - 2012-10-11 06:18 - 01848617 ____A C:\Users\user\Downloads\metamorph_clearsky.zip
2012-10-11 06:15 - 2012-10-11 06:14 - 02088624 ____A C:\Users\user\Downloads\FW272.zip
2012-10-10 22:01 - 2012-10-10 22:01 - 00373448 ____A (Softonic) C:\Users\user\Downloads\SoftonicDownloader_for_windows-8-charms-bar-skin.exe
2012-10-10 03:04 - 2012-10-10 03:04 - 03025006 ____A C:\Users\user\Downloads\setup_seeandtype.exe
2012-10-10 02:13 - 2012-10-10 01:49 - 85547188 ____A (Broderbund Software ) C:\Users\user\Downloads\MBTT Dlx 17 Setup.exe
2012-10-10 01:47 - 2012-10-10 01:45 - 08819669 ____A C:\Users\user\Downloads\RapidTyping_Setup_4.exe
2012-10-10 01:34 - 2012-10-10 01:34 - 01512056 ____A (NCH Software) C:\Users\user\Downloads\kbsetup.exe
2012-10-10 00:23 - 2012-01-22 06:29 - 65309168 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-10-09 09:03 - 2011-12-06 03:00 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-10-09 09:03 - 2011-12-06 03:00 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-10-09 04:01 - 2012-10-09 04:00 - 04157360 ____A (http://yourfiledownloader.com) C:\Users\user\Downloads\Cbt_Gx6102S01_A6V4_FACY4_2012_05_19.rar_downloader_224 (1).exe
2012-10-09 03:53 - 2012-10-09 03:52 - 04157360 ____A (http://yourfiledownloader.com) C:\Users\user\Downloads\Cbt_Gx6102S01_A6V4_FACY4_2012_05_19.rar_downloader_224.exe
2012-10-08 22:30 - 2012-03-29 21:29 - 00696760 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-10-08 22:30 - 2011-07-02 17:36 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-10-08 22:13 - 2012-10-08 22:13 - 00015888 ____A C:\Users\user\Documents\LA LIGA spain.xlsx_2012-10-09_09-13-41.enc
2012-10-08 22:02 - 2012-10-08 22:02 - 00009428 ____A C:\Users\user\Documents\kitchen.xlsx_2012-10-09_09-02-36.enc
2012-10-08 21:25 - 2012-10-08 21:25 - 00763424 ____A (Google Inc.) C:\Users\user\Downloads\GoogleEarthPluginSetup.exe
2012-10-07 21:07 - 2012-05-30 01:10 - 00000632 _RASH C:\Users\user\ntuser.pol
2012-10-03 05:42 - 2012-10-03 05:42 - 01200623 ____A C:\Users\user\Downloads\ezsplitter.exe
2012-10-03 02:03 - 2012-10-03 01:58 - 31192520 ____A (Any-Video-Converter.com ) C:\Users\user\Downloads\avc-free (1).exe
2012-10-02 12:35 - 2012-10-02 12:35 - 00168268 ____A C:\Users\user\Documents\my logo.tlc
2012-10-01 03:33 - 2012-01-22 02:11 - 00002006 ____A C:\aqua_bitmap.cpp
2012-09-30 21:56 - 2012-09-30 21:56 - 00000846 ____A C:\Users\user\Downloads\HighLowGUI (1).java
2012-09-30 21:53 - 2012-09-30 21:53 - 00012036 ____A C:\Users\user\Downloads\SimplePaint2.java
2012-09-30 21:39 - 2012-09-30 21:39 - 00045679 ____A C:\ComboFix.txt
2012-09-30 21:37 - 2009-07-13 18:34 - 00000272 ____A C:\Windows\system.ini
2012-09-30 21:14 - 2012-09-14 05:45 - 04759143 ___RA (Swearware) C:\Users\user\Downloads\ComboFix.exe
2012-09-28 02:29 - 2012-09-28 02:29 - 00008553 ____A C:\Users\user\Documents\result.xlsx
2012-09-27 23:38 - 2012-09-27 23:38 - 00000222 ____A C:\Users\user\Documents\code 1.txt
2012-09-26 23:27 - 2012-06-06 01:32 - 00012907 ____A C:\Users\user\Documents\LTS.xlsx
2012-09-26 22:03 - 2012-01-23 09:49 - 00020992 ____A C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-09-26 21:37 - 2012-09-26 21:37 - 00012643 ____A C:\Users\user\Documents\FARMER BOOK DISTRIBUTION FORM.xlsx
2012-09-26 21:22 - 2012-01-22 22:33 - 00001945 ____A C:\Windows\epplauncher.mif
2012-09-26 06:18 - 2012-09-26 06:18 - 01497598 ____A C:\Users\user\Documents\Mpanda.zip
2012-09-25 22:08 - 2012-09-25 22:08 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe
2012-09-25 08:35 - 2012-09-25 08:35 - 00501248 ____A (Facebook Inc.) C:\Users\user\Downloads\FacebookVideoCallSetup_v1.2.205.0.exe
2012-09-24 12:16 - 2012-10-19 22:50 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2012-09-24 12:08 - 2012-10-19 22:50 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-09-24 12:07 - 2012-10-19 22:50 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-09-24 06:16 - 2012-09-24 06:11 - 00001588 ____A C:\Users\user\Documents\SortNumbers.java
2012-09-24 06:06 - 2012-09-24 06:05 - 00002758 ____A C:\Users\user\Documents\Stroking.java
2012-09-24 06:03 - 2012-02-01 05:47 - 00010780 ____A C:\Users\user\_viminfo
2012-09-24 05:50 - 2012-09-24 05:49 - 00000713 ____A C:\Users\user\Documents\Reverse.java
2012-09-24 05:42 - 2012-09-24 05:34 - 00001892 ____A C:\Users\user\Documents\Factorial4.java
2012-09-23 21:47 - 2012-09-23 21:46 - 00716800 ____A (Blue Label Soft ) C:\Users\user\Downloads\blspeesetup.exe
2012-09-21 07:39 - 2012-09-21 07:38 - 04539792 ____A (www.orbitdownloader.com ) C:\Users\user\Downloads\OrbitDownloaderSetup (1).exe
2012-09-21 07:38 - 2012-09-21 07:30 - 03438630 ____A (www.orbitdownloader.com ) C:\Users\user\Downloads\OrbitDownloaderSetup.exe
2012-09-18 02:03 - 2012-09-18 02:03 - 00032640 ____A C:\Users\user\Documents\phone contacts.spb
2012-09-17 23:52 - 2012-09-17 23:52 - 01055987 ____A C:\Users\user\Documents\patl-amis-odk-v1.2-1c.apk
2012-09-15 11:12 - 2011-04-18 04:43 - 00003026 ____A C:\Windows\System32\Drivers\ztectx.txt
2012-09-14 11:19 - 2012-10-09 21:21 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-09-14 10:28 - 2012-10-09 21:21 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-09-14 06:19 - 2012-09-14 06:17 - 13739104 ____A (Kingsoft Corporation) C:\Users\user\Downloads\kav_setup.exe
2012-09-12 06:22 - 2012-01-25 01:29 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1301686803-1442502241-2597133401-1000UA.job
2012-09-12 06:22 - 2012-01-25 01:29 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1301686803-1442502241-2597133401-1000Core.job
2012-09-11 04:11 - 2012-09-11 04:12 - 00018296 ____A (Kingsoft Corporation) C:\Windows\System32\Drivers\kusbquery64.sys
2012-09-11 04:11 - 2012-09-11 04:12 - 00014200 ____A (Kingsoft Corporation) C:\Windows\System32\Drivers\kusbquery.sys
2012-09-10 21:43 - 2012-09-10 21:43 - 00112176 ____A C:\Users\user\Downloads\Snippage.air
2012-09-10 01:21 - 2012-09-10 01:21 - 00505442 ____A C:\Users\user\Downloads\WorldClock.gadget
2012-09-09 21:51 - 2012-03-25 07:28 - 00038912 ____A C:\Users\user\Documents\Seed Distribution Form_2011_10_01.xls
2012-09-07 21:30 - 2012-09-07 21:29 - 05903754 ____A (SibCode) C:\Users\user\Downloads\junior-icon-editor.exe
2012-09-03 05:37 - 2012-09-03 05:37 - 05562248 ____A (XWidget Software ) C:\Users\user\Documents\xlaunchpad_setup108.exe
2012-09-03 05:09 - 2012-09-03 05:09 - 00012632 ____A C:\Users\user\Documents\Tablets ID.xlsx
2012-09-03 02:52 - 2012-09-03 02:52 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_ggsemc_01009.Wdf
2012-09-03 02:52 - 2012-09-03 02:52 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_ggflt_01009.Wdf
2012-09-03 01:39 - 2012-09-03 01:39 - 01721576 ____A (Microsoft Corporation) C:\Windows\System32\WdfCoInstaller01009.dll
2012-09-03 01:39 - 2012-09-03 01:39 - 00027760 ____A (Sony Ericsson Mobile Communications) C:\Windows\System32\Drivers\ggsemc.sys
2012-09-03 01:39 - 2012-09-03 01:39 - 00014448 ____A (Sony Ericsson Mobile Communications) C:\Windows\System32\Drivers\ggflt.sys
2012-09-03 01:30 - 2012-09-03 01:17 - 27237672 ____A (Sony Mobile Communications ) C:\Users\user\Downloads\Sony PC Companion_2.10.094_Web.exe
2012-08-31 23:22 - 2012-08-31 23:17 - 00038529 ____A C:\Users\user\Documents\INFUSTRACTURE MPANDA.xlsx
2012-08-31 21:38 - 2012-08-31 21:24 - 82308090 ____A C:\Users\user\Downloads\k3d-setup-0.8.0.1.exe
2012-08-31 21:22 - 2012-08-31 21:22 - 00159461 ____A C:\Users\user\Downloads\CharMaker.zip
2012-08-31 10:19 - 2012-10-09 21:23 - 01659760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2012-08-31 06:50 - 2012-08-31 06:49 - 09098180 ____A C:\Users\user\Downloads\wings-1.4.1.exe
2012-08-31 06:33 - 2012-08-31 06:32 - 05554508 ____A C:\Users\user\Downloads\pencil-0.4.4b-win.zip
2012-08-31 06:18 - 2012-08-31 06:18 - 00000207 ____A C:\Users\user\Downloads\cachee55bedbac24f6eaebd9e85adc1a25fcb.wcm
2012-08-31 06:14 - 2012-08-31 06:13 - 05694948 ____A (Web Cartoon Maker ) C:\Users\user\Downloads\wcm_desktop_setup.exe
2012-08-31 05:30 - 2012-02-16 07:32 - 00821736 ____A (Oracle Corporation) C:\Windows\SysWOW64\npdeployJava1.dll
2012-08-31 05:30 - 2012-01-30 23:49 - 00746984 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2012-08-31 02:41 - 2012-08-31 02:39 - 10217672 ____A (Adobe Systems Incorporated) C:\Users\user\Downloads\install_flash_player.exe
2012-08-31 02:18 - 2012-08-31 02:16 - 03866528 ____A (Adobe Systems, Inc.) C:\Users\user\Downloads\flash.ocx
2012-08-31 02:06 - 2012-08-31 01:58 - 22550656 ____A C:\Users\user\Downloads\setup_pfm_free.exe
2012-08-30 22:02 - 2012-08-30 22:02 - 00447126 ____A C:\Users\user\Downloads\Windows 7 Start Button Animator.zip
2012-08-30 21:48 - 2012-08-30 21:47 - 03431179 ____A C:\Users\user\Downloads\concept_8_boot_animation_for_7_by_anunkasan-d469ud0.rar
2012-08-30 21:45 - 2012-08-30 21:45 - 00676960 ____A (OptimumInstaller) C:\Users\user\Downloads\Setup (2).exe
2012-08-30 11:03 - 2012-08-30 11:03 - 00228768 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MpFilter.sys
2012-08-30 11:03 - 2010-10-24 10:25 - 00128456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\NisDrvWFP.sys
2012-08-30 10:03 - 2012-10-09 21:22 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-08-30 09:12 - 2012-10-09 21:22 - 03968880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-08-30 09:12 - 2012-10-09 21:22 - 03914096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-08-30 01:55 - 2012-08-30 01:55 - 00000341 ____A C:\Users\user\Documents\CODE SALE.txt
2012-08-30 00:04 - 2012-08-29 23:51 - 00023290 ____A C:\Users\user\Documents\Mpda farm profile summary.xlsx
2012-08-29 00:47 - 2012-08-29 00:46 - 03198742 ____A C:\Users\user\Downloads\bootchanger_manual_and__ppm_by_artas182x-d45ns22.zip
2012-08-27 21:24 - 2012-08-27 21:24 - 00429775 ____A C:\Users\user\Downloads\Longhorn_Media_Player_by_Ludacris1990.rar
2012-08-27 06:14 - 2012-08-27 05:57 - 74789265 ____A (Studio V5 ) C:\Users\user\Downloads\uk-logomaker-2-web-full.exe
2012-08-24 23:42 - 2012-02-10 23:14 - 00001366 ____A C:\user.js
2012-08-24 23:40 - 2012-08-24 23:39 - 04124080 ____A (http://yourfiledownloader.com) C:\Users\user\Downloads\the_road_less_traveled_pdf_downloader_352 (1).exe
2012-08-24 23:37 - 2012-08-24 23:36 - 04124080 ____A (http://yourfiledownloader.com) C:\Users\user\Downloads\the_road_less_traveled_pdf_downloader_352.exe
2012-08-24 10:05 - 2012-10-09 21:21 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-08-24 08:57 - 2012-10-09 21:21 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-08-24 03:43 - 2012-08-24 01:36 - 00023420 ____A C:\Users\user\Documents\FARM PROFILE 2012.xlsx
2012-08-24 03:15 - 2012-09-23 21:26 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-24 02:31 - 2012-09-23 21:26 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-08-24 02:22 - 2012-09-23 21:26 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-24 02:21 - 2012-09-23 21:26 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-24 02:18 - 2012-09-23 21:26 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-24 02:17 - 2012-09-23 21:26 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-24 02:14 - 2012-09-23 21:26 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-08-24 02:14 - 2012-09-23 21:26 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-08-24 02:13 - 2012-09-23 21:26 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-08-24 02:12 - 2012-09-23 21:26 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-24 02:11 - 2012-09-23 21:26 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-08-24 02:10 - 2012-09-23 21:26 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-24 02:09 - 2012-09-23 21:26 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-24 02:04 - 2012-09-23 21:26 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-23 23:27 - 2012-09-23 21:26 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-08-23 23:03 - 2012-09-23 21:26 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-08-23 22:59 - 2012-09-23 21:26 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-08-23 22:51 - 2012-09-23 21:26 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-08-23 22:51 - 2012-09-23 21:26 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-08-23 22:51 - 2012-09-23 21:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-08-23 22:49 - 2012-09-23 21:26 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-08-23 22:48 - 2012-09-23 21:26 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-08-23 22:47 - 2012-09-23 21:26 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-08-23 22:47 - 2012-09-23 21:26 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-08-23 22:47 - 2012-09-23 21:26 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-08-23 22:45 - 2012-09-23 21:26 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-08-23 22:44 - 2012-09-23 21:26 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-08-23 22:44 - 2012-09-23 21:26 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-08-23 22:43 - 2012-09-23 21:26 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-08-23 22:40 - 2012-09-23 21:26 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-08-22 22:04 - 2012-08-22 22:01 - 06977936 ____A C:\Users\user\Downloads\applocker.wmv
2012-08-22 21:44 - 2012-08-22 21:44 - 00025745 ____A C:\Users\user\Documents\COP - PATL - 2013 Crop.xlsx
2012-08-22 21:41 - 2012-08-22 21:38 - 09735080 ____A (Hewlett-Packard ) C:\Users\user\Downloads\sp56099.exe
2012-08-22 21:14 - 2012-07-11 08:35 - 00210296 ____A (Kingsoft Corporation) C:\Windows\System32\Drivers\kisknl.sys
2012-08-22 10:12 - 2012-09-12 04:37 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-08-22 10:12 - 2012-09-12 04:37 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2012-08-22 10:12 - 2012-09-12 04:37 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2012-08-22 10:12 - 2012-09-12 04:37 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2012-08-21 22:42 - 2012-08-21 05:03 - 00028605 ____A C:\Users\user\Documents\Ukonongo Payments.xlsx
2012-08-20 21:40 - 2012-07-12 05:46 - 00012092 ____A C:\Users\user\Documents\SCHOOLS2.xlsx
2012-08-20 10:48 - 2012-10-09 21:22 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-08-20 10:48 - 2012-10-09 21:22 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-08-20 10:48 - 2012-10-09 21:22 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2012-08-20 10:48 - 2012-10-09 21:22 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2012-08-20 10:48 - 2012-10-09 21:22 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-08-20 10:48 - 2012-10-09 21:22 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2012-08-20 10:48 - 2012-10-09 21:22 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2012-08-20 10:46 - 2012-10-09 21:22 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2012-08-20 10:38 - 2012-10-09 21:22 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 21:22 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 21:22 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 21:22 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 21:22 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 21:22 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 21:22 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 21:22 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 21:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 21:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 21:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 21:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 21:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 21:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 21:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 21:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 21:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 21:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 21:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 21:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 21:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 21:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 21:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 21:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 21:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 21:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 21:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-08-20 10:38 - 2012-10-09 21:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-08-20 09:40 - 2012-10-09 21:22 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2012-08-20 09:38 - 2012-10-09 21:22 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2012-08-20 09:37 - 2012-10-09 21:22 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2012-08-20 09:37 - 2012-10-09 21:22 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2012-08-20 09:37 - 2012-10-09 21:22 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2012-08-20 09:32 - 2012-10-09 21:22 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 21:22 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 21:22 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 21:22 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 21:22 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 21:22 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 21:22 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 21:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 21:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 21:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 21:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 21:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 21:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 21:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 21:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 21:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 21:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 21:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 21:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 21:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 21:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 21:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 21:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-08-20 09:32 - 2012-10-09 21:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2012-08-20 07:38 - 2012-10-09 21:22 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2012-08-20 07:38 - 2012-10-09 21:22 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2012-08-20 07:33 - 2012-10-09 21:22 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2012-08-20 07:33 - 2012-10-09 21:22 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 07:33 - 2012-10-09 21:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 07:33 - 2012-10-09 21:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2012-08-17 03:13 - 2012-08-17 03:09 - 20928200 ____A (Audacity Team ) C:\Users\user\Downloads\audacity-win-2.0.1 (1).exe
2012-08-17 01:58 - 2012-08-17 01:55 - 11383789 ____A (Audacity Team ) C:\Users\user\Downloads\audacity-win-2.0.1.exe
2012-08-17 01:36 - 2012-08-17 01:34 - 03814935 ____A (Pianosoft ) C:\Users\user\Downloads\vocrem11.exe
2012-08-17 01:33 - 2012-08-17 01:33 - 00431288 ____A C:\Users\user\Downloads\Afreecodec_downloader_For_Vocal_Remover.exe
2012-08-17 01:14 - 2012-08-17 01:14 - 00360520 ____A (AnalogX, LLC) C:\Users\user\Downloads\vremover(1).exe
2012-08-17 01:12 - 2012-08-17 01:12 - 00431312 ____A C:\Users\user\Downloads\Afreecodec_downloader_For_Vocal_Remover_DirectX_.exe
2012-08-17 01:07 - 2012-08-17 01:07 - 00360520 ____A (AnalogX, LLC) C:\Users\user\Downloads\vremover (1).exe
2012-08-16 23:29 - 2012-08-16 23:26 - 16476616 ____A (Microsoft Corporation) C:\Users\user\Downloads\Windows-KB890830-V4.11.exe
2012-08-16 23:15 - 2012-08-16 23:15 - 01448809 ____A (DOSBox Team) C:\Users\user\Downloads\DOSBox0.74-win32-installer.exe
2012-08-16 22:41 - 2012-08-16 22:41 - 00292184 ____A (Microsoft Corporation) C:\Users\user\Downloads\dxwebsetup.exe
2012-08-16 22:33 - 2012-08-16 22:29 - 17335648 ____A (Nullsoft, Inc.) C:\Users\user\Downloads\winamp563_full_emusic-7plus_all.exe
2012-08-16 22:14 - 2012-08-16 22:14 - 00360520 ____A (AnalogX, LLC) C:\Users\user\Downloads\vremover.exe
2012-08-15 07:42 - 2012-08-15 07:42 - 00000051 ____A C:\Users\user\.eyrc
2012-08-14 22:30 - 2012-08-14 22:29 - 06519568 ____A ( ) C:\Users\user\Downloads\Sublime Text 2.0.1 x64 Setup.exe
2012-08-14 21:40 - 2012-08-14 21:40 - 00000993 ____A C:\Windows\gvimdiff.bat
2012-08-14 21:40 - 2012-08-14 21:40 - 00000993 ____A C:\Windows\gview.bat
2012-08-14 21:40 - 2012-08-14 21:40 - 00000993 ____A C:\Windows\evim.bat
2012-08-14 21:40 - 2012-08-14 21:40 - 00000985 ____A C:\Windows\gvim.bat
2012-08-14 21:40 - 2012-08-14 21:40 - 00000668 ____A C:\Windows\vimdiff.bat
2012-08-14 21:40 - 2012-08-14 21:40 - 00000668 ____A C:\Windows\view.bat
2012-08-14 21:40 - 2012-08-14 21:40 - 00000664 ____A C:\Windows\vim.bat
2012-08-14 21:40 - 2012-02-01 05:41 - 00000694 ____A C:\Windows\vimtutor.bat
2012-08-14 21:38 - 2012-08-14 21:36 - 09585439 ____A C:\Users\user\Downloads\gvim73_46.exe
2012-08-14 21:33 - 2012-08-14 21:33 - 00809840 ____A (AirInstaller Inc.) C:\Users\user\Downloads\setup (1).exe
2012-08-14 03:43 - 2012-08-14 03:38 - 22975511 ____A (Igor Pavlov) C:\Users\user\Downloads\DevKit-tdm-32-4.5.2-20111229-1559-sfx.exe
2012-08-14 03:37 - 2012-08-14 03:34 - 18025816 ____A (RubyInstaller Team ) C:\Users\user\Downloads\rubyinstaller-1.9.3-p194.exe
2012-08-13 22:07 - 2012-08-13 22:07 - 00064000 ____A C:\Users\user\Documents\OFFSITE BALES.xls
2012-08-13 02:31 - 2012-08-13 02:10 - 96847848 ____A (Oracle Corporation) C:\Users\user\Downloads\jdk-7u5-windows-x64 (1).exe
2012-08-13 00:56 - 2012-08-13 00:41 - 83345288 ____A C:\Users\user\Desktop\jdk-7-windows-i586.exe
2012-08-12 22:46 - 2012-08-12 22:41 - 21865936 ____A (Oracle Corporation) C:\Users\user\Downloads\jre-7u4-windows-x64.exe
2012-08-12 22:29 - 2012-08-12 22:24 - 16451497 ____A C:\Users\user\Downloads\jdk-7u5-windows-x64-demos.zip
2012-08-12 22:22 - 2012-08-12 21:55 - 85423313 ____A (Oracle Corporation) C:\Users\user\Downloads\jdk-7u5-windows-x64.exe
2012-08-12 21:37 - 2012-08-12 21:37 - 00352968 ____A (Softonic) C:\Users\user\Downloads\SoftonicDownloader_for_java-development-kit.exe
2012-08-11 08:58 - 2012-08-11 08:55 - 00001071 ____A C:\Users\user\Documents\FizzBuzz2.class
2012-08-11 08:57 - 2012-08-11 08:57 - 00001268 ____A C:\Users\user\Documents\Averager$Test.class
2012-08-11 08:57 - 2012-08-11 08:57 - 00001092 ____A C:\Users\user\Documents\Averager.class
2012-08-11 08:57 - 2012-08-11 08:46 - 00001277 ____A C:\Users\user\Documents\FactComputer.java
2012-08-11 08:57 - 2012-08-11 07:49 - 00001963 ____A C:\Users\user\Documents\Averager.java
2012-08-11 08:55 - 2012-08-11 08:53 - 00001222 ____A C:\Users\user\Documents\FizzBuzz2.java
2012-08-11 07:56 - 2012-08-11 07:56 - 00000450 ____A C:\Users\user\Documents\Hello.java
2012-08-11 07:42 - 2012-08-11 07:36 - 00011330 ____A C:\Users\user\Documents\HighLowWithImages.java
2012-08-11 07:39 - 2012-08-11 07:37 - 00000468 ____A C:\Users\user\Documents\HighLowWithImages.class
2012-08-11 07:20 - 2012-08-11 07:20 - 00022910 ____A C:\Users\user\Downloads\PaintWithOffScreenCanvas.java
2012-08-11 07:19 - 2012-08-11 07:19 - 00011238 ____A C:\Users\user\Downloads\HighLowWithImages.java
2012-08-11 07:18 - 2012-08-11 07:18 - 00000846 ____A C:\Users\user\Downloads\HighLowGUI.java
2012-08-11 00:24 - 2012-08-11 00:23 - 02893191 ____A C:\Users\user\Downloads\1302981014_nbruby041611.zip
2012-08-10 22:34 - 2012-08-10 22:34 - 00662689 ____A (MinGW ) C:\Users\user\Downloads\mingw-get-inst-20120426 (1).exe
2012-08-10 22:24 - 2012-08-10 22:24 - 00000044 ____A C:\Windows\MSYS.INI
2012-08-10 22:03 - 2012-08-10 06:10 - 00662689 ____A (MinGW ) C:\Users\user\Downloads\mingw-get-inst-20120426.exe
2012-08-10 16:56 - 2012-10-09 21:20 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2012-08-10 15:56 - 2012-10-09 21:20 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2012-08-08 21:42 - 2012-08-08 21:24 - 00070983 ____A C:\Users\user\Documents\Reconcialtion Ukonongo.xlsx
2012-08-07 01:21 - 2012-08-07 01:21 - 00208406 ____A C:\Users\user\Downloads\ehep-1.0.0.zip
2012-08-06 23:57 - 2012-08-06 23:53 - 18595693 ____A (Leapconverter Software, Inc. ) C:\Users\user\Downloads\freemp3_to_m4a_aac_converter.exe
2012-08-06 21:39 - 2012-08-06 21:39 - 00189424 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-08-06 21:39 - 2012-08-06 21:39 - 00188912 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-08-06 21:16 - 2012-08-06 21:15 - 05443429 ____A C:\Users\user\Downloads\winpathed.zip
2012-08-06 12:39 - 2012-08-06 12:39 - 00000906 ___RA C:\Windows\System32\BitLocker Recovery Key 4B504857-FDB6-4525-B947-5B217B24205B.txt
2012-08-06 05:55 - 2012-08-06 05:55 - 00008765 ____A C:\Users\user\Documents\Inputs.xlsx
2012-08-06 00:29 - 2012-08-06 00:27 - 00338609 ____A C:\Users\user\Downloads\Pulmon Beta 1.rar
2012-08-06 00:14 - 2012-08-06 00:14 - 00205772 ____A C:\Users\user\Downloads\Pulmon Start.rar
2012-08-05 21:23 - 2012-08-05 21:12 - 27669608 ____A (IObit ) C:\Users\user\Downloads\asc-setup.exe
2012-08-03 21:19 - 2012-08-03 21:19 - 00012073 ____A C:\Users\user\Documents\Offsite Bales.xlsx
2012-08-02 09:58 - 2012-09-12 04:37 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2012-08-02 08:57 - 2012-09-12 04:37 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll

==================== Known DLLs (Whitelisted) =================

[2009-07-13 16:18] - [2009-07-13 17:41] - 0083456 ____A (Microsoft Corporation) C:\Windows\System32\msacm32.dll
[2009-07-13 16:03] - [2009-07-13 17:15] - 0072192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msacm32.dll
[2009-07-13 15:21] - [2009-07-13 17:41] - 0006656 ____A (Microsoft Corporation) C:\Windows\System32\shimeng.dll
[2009-07-13 15:12] - [2009-07-13 17:16] - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
[2009-07-13 15:55] - [2012-01-23 03:06] - 0332288 ____A (Microsoft Corporation) C:\Windows\System32\uxtheme.dll
[2009-07-13 15:39] - [2009-07-13 17:11] - 0245760 ____A (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-10-11 21:31:23
Restore point made on: 2012-10-11 21:37:04
Restore point made on: 2012-10-12 21:59:57
Restore point made on: 2012-10-14 21:16:16
Restore point made on: 2012-10-17 00:36:02
Restore point made on: 2012-10-18 02:00:18
Restore point made on: 2012-10-19 22:48:54
Restore point made on: 2012-10-19 23:26:06
Restore point made on: 2012-10-19 23:57:18
Restore point made on: 2012-10-21 21:15:46
Restore point made on: 2012-10-24 21:25:48

==================== Memory info ===========================

Percentage of memory in use: 17%
Total physical RAM: 4043.86 MB
Available physical RAM: 3346.02 MB
Total Pagefile: 4042.01 MB
Available Pagefile: 3341.36 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:445.7 GB) (Free:103.83 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive e: (Recovery) (Fixed) (Total:15.9 GB) (Free:1.72 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive f: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:1.08 GB) FAT32
5 Drive h: () (Removable) (Total:7.5 GB) (Free:7.27 GB) NTFS
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
7 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 7680 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 199 MB 1024 KB
Partition 2 Primary 445 GB 200 MB
Partition 3 Primary 15 GB 445 GB
Partition 4 Primary 4063 MB 461 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 445 GB Healthy

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E Recovery NTFS Partition 15 GB Healthy

=========================================================

Disk: 0
Partition 4
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F HP_TOOLS FAT32 Partition 4063 MB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7678 MB 1032 KB

==================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H NTFS Removable 7678 MB Healthy

=========================================================

Last Boot: 2012-10-17 11:49

==================== End Of Log =============================

#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:44 AM

Posted 30 October 2012 - 01:50 PM

Do you happen to what was the last thing you did before the system got the boot problem?

We need a couple of logs to check everything we have not checked yet.

  • Please download MBRFix. Save and extract its contents to the desktop. Once extracted, there will be three files in the folder. Copy just the MBRFix64 application to the USB drive. You don't need to run the tool. FRST will use the tool automatically.
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

    SaveMbr: Drive=0
  • Now please enter System Recovery Options and select "Command Prompt".

    Run FRST64 and press the Fix button just once and wait.

    When you get a popup that the fix is done close it, but don't exit FRST64.
  • Firs uncheck "Drivers MD5", "List Files and Folder" and "List Partitions". Press Scan.

    There will be two logs on the flashdrive (Fixlog.txt and FRST.txt) please post its contents in your reply. It will also produce another file, MBRDUMP.txt, on the flash drive that although it may look a text file, it is a hex file. You must attach this report on your reply instead of posting its contents.


#11 thegonga

thegonga
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Katavi
  • Local time:02:44 AM

Posted 31 October 2012 - 01:04 AM

what I do remember, it was running microsoft outlook 2007, and I was watching one of the series using VLC media player, these programs were not closed, VLC was in Pause mode
in hurry I pulled down the laptop screen to put it in sleep, when opened later from sleep mode I continued watching the paused series form vlc, at the end I shut down,
problem started in when booted later.

FIX LOG

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-10-2012
Ran by SYSTEM at 2012-10-31 08:26:11 Run:3
Running from H:\

==============================================

MBRDUMP.txt is made successfully.

==== End of Fixlog ====



FRST LOG

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-10-2012
Ran by SYSTEM at 31-10-2012 08:27:14
Running from H:\
Windows 7 Ultimate (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-06-07] (IDT, Inc.)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1289704 2012-09-12] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [x]
HKLM\...\Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [42808 2011-06-27] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HPUsageTracking] "C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT\" [30264 2009-10-06] (Hewlett-Packard Company)
HKLM-x32\...\Run: [KSafeTray] "C:\Program Files (x86)\Kingsoft\PcDoctor\KSafeTray.exe" -autorun [1308064 2012-04-10] (Kingsoft Corporation)
HKLM-x32\...\Run: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey [1858152 2012-03-30] (Microsoft Corp.)
HKLM-x32\...\Run: [kxesc] "c:\program files (x86)\kingsoft\kingsoft antivirus\kxetray.exe" -autorun [1595056 2012-10-07] (Kingsoft Corporation)
HKLM-x32\...\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [318520 2011-01-27] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [FileFort] "C:\Program Files (x86)\NCH Software\FileFort\filefort.exe" -logon [964720 2012-09-19] (NCH Software)
HKLM-x32\...\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot [296056 2012-05-23] (RealNetworks, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-02] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [724576 2012-09-25] (Sony Corporation)
HKU\Default\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1668664 2009-10-25] (Hewlett-Packard)
HKU\Default User\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1668664 2009-10-25] (Hewlett-Packard)
HKU\user\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-12-06] (Google Inc.)
HKU\user\...\Run: [Facebook Update] "C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-09-25] (Facebook Inc.)
HKU\user\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
HKU\user\...\Run: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart [288128 2012-05-28] (IObit)
HKU\user\...\Run: [XLaunchPad] C:\Program Files (x86)\XLaunchPad\XLaunchPad.exe [2368000 2012-07-31] (xwidget.com)
HKU\user\...\Policies\system: [DisableLockWorkstation] 0
HKU\user\...\Policies\system: [DisableChangePassword] 0
HKU\user\...\Policies\system: [LogonHoursAction] 2
HKU\user\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Tcpip\Parameters: [DhcpNameServer] 41.72.175.3 41.72.175.4
Tcpip\..\Interfaces\{95C42E44-7667-4E72-BAE0-38FE7E626B77}: [NameServer]202.56.230.2 66.198.145.145
Tcpip\..\Interfaces\{A61C3E57-8416-43E7-B359-74068AE4361C}: [NameServer]8.8.8.8,208.67.222.222,8.8.4.4,208.67.220.220,222.46.120.5,222.46.120.6,211.98.2.4,211.98.2.1
Startup: C:\Users\user\Start Menu\Programs\Startup\Boot BMP Changer.lnk
ShortcutTarget: Boot BMP Changer.lnk -> C:\Program Files (x86)\Boot BMP Changer\BootBMP.exe (No File)
Startup: C:\Users\user\Start Menu\Programs\Startup\XWindows Dock.lnk
ShortcutTarget: XWindows Dock.lnk -> C:\Program Files (x86)\XWindows Dock\XWD.exe (Lichonos Vladimir)

==================== Services (Whitelisted) ===================

2 AdvancedSystemCareService5; C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [913792 2012-05-26] (IObit)
2 BingDesktopUpdate; "C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe" [151656 2012-03-30] (Microsoft Corp.)
3 ExpressAccountsService; "C:\Program Files (x86)\NCH Software\ExpressAccounts\expressaccounts.exe" -service [3051632 2012-09-25] (NCH Software)
3 ExpressInvoiceService; "C:\Program Files (x86)\NCH Software\ExpressInvoice\expressinvoice.exe" -service [2158192 2012-09-17] (NCH Software)
2 HPAuto; "C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe" [682040 2011-02-16] (Hewlett-Packard)
3 hpCMSrv; "C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe" [1098296 2011-06-14] (Hewlett-Packard Development Company L.P.)
3 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [821592 2012-01-09] (IObit)
3 iprip; C:\Windows\System32\iprip.dll [35328 2009-07-13] (Microsoft Corporation)
2 KSafeSvc; "C:\Program Files (x86)\Kingsoft\PcDoctor\KSafeSvc.exe" -svc [452512 2012-04-10] (Kingsoft Corporation)
2 kxescore; "C:\program files (x86)\kingsoft\kingsoft antivirus\kxescore.exe" /service kxescore [123992 2012-07-11] (Kingsoft Corporation)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [22072 2012-09-12] (Microsoft Corporation)
4 msvsmon80; "C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x64\msvsmon.exe" /service msvsmon80 [4476096 2005-09-22] (Microsoft Corporation)
2 MWAgent; C:\PROGRA~2\COMMON~1\MICROW~1\Agent\MWASER.EXE [845320 2010-03-10] (MicroWorld Technologies Inc.)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [368896 2012-09-12] (Microsoft Corporation)
2 PMBDeviceInfoProvider; "C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe" [474208 2012-09-25] (Sony Corporation)
3 UI Assistant Service; C:\Program Files (x86)\Join Air\AssistantServices.exe [246272 2009-07-14] ()
3 UnsignedThemes; C:\Windows\UnsignedThemesSvc.exe [24168 2009-07-12] (The Within Network, LLC)
3 vToolbarUpdater12.1.5; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.1.5\ToolbarUpdater.exe [830048 2012-07-27] ()
3 wampapache; "C:\wamp\bin\apache\apache2.2.21\bin\httpd.exe" -k runservice [21504 2011-09-26] (Apache Software Foundation)
3 wampmysqld; C:\wamp\bin\mysql\mysql5.5.16\bin\mysqld.exe wampmysqld [9665536 2011-09-26] ()
2 Web Assistant Updater; C:\Program Files\Web Assistant\ExtensionUpdaterService.exe [185856 2012-05-01] ()
3 Applications Manager; "C:\Program Files (x86)\ManageEngine\AppManager10\working\wrapper.exe" -s conf\wrapper.conf [x]
2 WinDefend; C:\Program Files (x86)\Windows Defender\mpsvc.dll [x]

==================== Drivers (Whitelisted) =====================

3 athr; C:\Windows\System32\DRIVERS\athrx.sys [3678720 2012-06-19] (Qualcomm Atheros Communications, Inc.)
1 avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys [31080 2012-07-27] (AVG Technologies)
3 bdfsfltr; C:\Windows\System32\Drivers\bdfsfltr.sys [340488 2009-07-24] (BitDefender S.R.L. Bucharest, ROMANIA)
3 dgderdrv; C:\Windows\System32\Drivers\dgderdrv.sys [20552 2010-09-13] (Devguru Co., Ltd)
3 FileMonitor; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [21384 2012-01-05] (IObit)
0 kavbootc; C:\Windows\System32\Drivers\kavbootc.sys [27240 2012-07-11] (Kingsoft Corporation)
1 KDHacker; C:\Windows\System32\Drivers\KDHacker.sys [125784 2012-07-11] (Kingsoft Corporation)
2 kisknl; C:\Windows\System32\Drivers\kisknl.sys [210296 2012-08-22] (Kingsoft Corporation)
1 kmodurl; \??\C:\Program Files (x86)\Kingsoft\PcDoctor\kmodurl64.sys [133096 2011-12-19] (Kingsoft Corporation)
3 ksfmonsys; \??\C:\Program Files (x86)\Kingsoft\PcDoctor\ksfmonsys64.sys [21320 2012-04-10] (Kingsoft Corporation)
4 KUsbGuard; \??\C:\Program Files (x86)\Kingsoft\kingsoft antivirus\kusbquery64.sys [18296 2012-09-11] (Kingsoft Corporation)
0 MpFilter; C:\Windows\System32\Drivers\MpFilter.sys [228768 2012-08-30] (Microsoft Corporation)
2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [128456 2012-08-30] (Microsoft Corporation)
3 PsxDrv; C:\Windows\System32\Drivers\PsxDrv.sys [10240 2009-07-13] (Microsoft Corporation)
3 RegFilter; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [33184 2012-04-28] (IObit.com)
0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [17720 2010-11-26] ()
3 UrlFilter; \??\C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [21872 2012-04-28] (IObit.com)
2 uxpatch; C:\Windows\System32\Drivers\uxpatch.sys [30568 2009-07-12] ()
3 vodafone_K380x-z_dc_enum; C:\Windows\System32\Drivers\vodafone_K380x-z_dc_enum.sys [75776 2010-05-20] (Vodafone)
3 WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-10-31] (OpenLibSys.org)
3 ZTEusbwwan; C:\Windows\System32\Drivers\ZTEusbwwan.sys [235520 2011-04-18] (ZTE Incorporated)
3 catchme; \??\C:\ComboFix\catchme.sys [x]
0 SR; [x]
2 SRService; [x]

========================== Drivers MD5 =======================

C:\Windows\System32\Drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ACPI.sys ==> MD5 is legit
C:\Windows\System32\Drivers\AcpiPmi.sys ==> MD5 is legit
C:\Windows\System32\Drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\System32\Drivers\adpahci.sys ==> MD5 is legit
C:\Windows\System32\Drivers\adpu320.sys ==> MD5 is legit
C:\Windows\System32\Drivers\AFD.sys 1C7857B62DE5994A75B054A9FD4C3825
C:\Windows\System32\Drivers\agp440.sys ==> MD5 is legit
C:\Windows\System32\Drivers\aliide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\amdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\AmdK8.sys ==> MD5 is legit
C:\Windows\System32\Drivers\AmdPPM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\System32\Drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\Drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\System32\Drivers\AppID.sys ==> MD5 is legit
C:\Windows\System32\Drivers\arc.sys ==> MD5 is legit
C:\Windows\System32\Drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\Drivers\AsyncMac.sys ==> MD5 is legit
C:\Windows\System32\Drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\athrx.sys B4421D8CDADC441F76BA39532A3E3414
C:\Windows\system32\drivers\avgtpx64.sys E1B8EC60C85A266CB604CD46921606B4
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\Drivers\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bcmwl664.sys 9E84A931DBEE0292E38ED672F6293A99
C:\Windows\System32\Drivers\bdfsfltr.sys 151390D51A96867F5142BA708D044B6B
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\Drivers\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\Drivers\bowser.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bridge.sys 5C2F352A4E961D72518261257AAE204B
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BTHMODEM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cdfs.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cdrom.sys ==> MD5 is legit
C:\Windows\System32\Drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\System32\Drivers\clwvd.sys 50F92C943F18B070F166D019DFAB3D9A
C:\Windows\System32\Drivers\CmBatt.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\CNG.sys 9AC4F97C2D3E93367E2148EA940CD2CD
C:\Windows\System32\Drivers\Compbatt.sys ==> MD5 is legit
C:\Windows\System32\Drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\System32\Drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\CSC.sys ==> MD5 is legit
C:\Windows\System32\Drivers\DfsC.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dgderdrv.sys DEF365F0F6E017888C4B869D3BA4B8E0
C:\Windows\System32\Drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Disk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\Drivers\DXGKrnl.sys ==> MD5 is legit
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\System32\Drivers\elxstor.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ErrDev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\Drivers\FileInfo.sys ==> MD5 is legit
C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys 060CC45CECAE2FEAFF9C8C52D8FAFAA8
C:\Windows\System32\Drivers\Filetrace.sys ==> MD5 is legit
C:\Windows\System32\Drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\FltMgr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fssfltr.sys 07DA62C960DDCCC2D35836AEAB4FC578
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\Drivers\fvevol.sys ==> MD5 is legit
C:\Windows\System32\Drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\Drivers\GEARAspiWDM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ggflt.sys 16C2A6BCDDA8952C2035DEC861492A19
C:\Windows\System32\Drivers\ggsemc.sys 6B503DF845EABF3457E49FBBDA26C10E
C:\Windows\System32\Drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\System32\Drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\System32\Drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\System32\Drivers\HidBth.sys ==> MD5 is legit
C:\Windows\System32\Drivers\HidIr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\HidUsb.sys ==> MD5 is legit
C:\Windows\System32\drivers\hpfx64bulk.sys DBD2BB97A574FC565B1EB5C0A03F917A
C:\Windows\System32\Drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\Drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\Drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\Drivers\iaStor.sys 26CF4275034214ECEDD8EC17B0A18A99
C:\Windows\System32\Drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\System32\DRIVERS\igdkmd64.sys 6383899C5F964D71B0F96B81FBE59BB8
C:\Windows\System32\Drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\IntcDAud.sys FC727061C0F47C8059E88E05D5C8E381
C:\Windows\System32\Drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\System32\Drivers\IPMIDRV.sys ==> MD5 is legit
C:\Windows\System32\Drivers\IPNAT.sys ==> MD5 is legit
C:\Windows\System32\Drivers\IRENUM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\Drivers\kavbootc.sys A16B3C62473F0EB6B25D3FE01D94D20A
C:\Windows\System32\Drivers\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\Drivers\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\KDHacker.sys 19A32BA59DF059B4DCBE28C5B5431ABA
C:\Windows\System32\Drivers\kisknl.sys 9B64685E594265EE5CD168CA7A513E08
C:\Program Files (x86)\Kingsoft\PcDoctor\kmodurl64.sys 5D5017ACEBE26E166EA64D143F3EE3B8
C:\Windows\System32\Drivers\KSecDD.sys 97A7070AEA4C058B6418519E869A63B4
C:\Windows\System32\Drivers\KSecPkg.sys 26C43A7C2862447EC59DEDA188D1DA07
C:\Program Files (x86)\Kingsoft\PcDoctor\ksfmonsys64.sys 35CD2C996A599FC21DB70A9483F6A0E1
C:\Windows\System32\Drivers\ksthunk.sys ==> MD5 is legit
C:\Program Files (x86)\Kingsoft\kingsoft antivirus\kusbquery64.sys 2D838D0AB6CEF453F690E3D22C2F443C
C:\Windows\System32\Drivers\lltdio.sys ==> MD5 is legit
C:\Windows\System32\Drivers\LSI_FC.sys ==> MD5 is legit
C:\Windows\System32\Drivers\LSI_SAS.sys ==> MD5 is legit
C:\Windows\System32\Drivers\LSI_SAS2.sys ==> MD5 is legit
C:\Windows\System32\Drivers\LSI_SCSI.sys ==> MD5 is legit
C:\Windows\System32\Drivers\luafv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\MarvinBus64.sys 024DA28053D57E9E32BEE52600576BBB
C:\Windows\System32\Drivers\massfilter.sys FAA4F845D478F4CEDF95981AFF859712
C:\Windows\System32\Drivers\megasas.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HECIx64.sys A6518DCC42F7A6E999BB3BEA8FD87567
C:\Windows\System32\Drivers\Modem.sys ==> MD5 is legit
C:\Windows\System32\Drivers\monitor.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mouclass.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mouhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MpFilter.sys 05BF204EC0E82CC4A054DB189C8A3D84
C:\Windows\System32\Drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MRxDAV.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\Drivers\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\Drivers\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\System32\Drivers\msahci.sys ==> MD5 is legit
C:\Windows\System32\Drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\Drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDIS.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\Drivers\NdisCap.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NdisTapi.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ndisuio.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NdisWan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NetBIOS.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NetBT.sys ==> MD5 is legit
C:\Windows\System32\Drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\NisDrvWFP.sys 5FF89F20317309D28AC1EDEB0CD1BA72
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\Drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys E453ACF4E7D44E5530B5D5F2B9CA8563
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nvm62x64.sys A85B4F2EF3A7304A5399EF0526423040
C:\Windows\System32\Drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\System32\Drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\System32\Drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Parport.sys ==> MD5 is legit
C:\Windows\System32\Drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\DRIVERS\pccsmcfdx64.sys BC0018C2D29F655188A0ED3FA94FDB24
C:\Windows\System32\Drivers\pci.sys ==> MD5 is legit
C:\Windows\System32\Drivers\pciide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\Drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\Drivers\PEAUTH.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\System32\Drivers\PsxDrv.sys FDA6EFB7014E8C4524CB6B5B885E8A95
C:\Windows\System32\Drivers\PxHlpa64.sys 87B04878A6D59D6C79251DC960C674C1
C:\Windows\System32\Drivers\ql2300.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\System32\Drivers\QWAVEdrv.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RasAcd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RasPppoe.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RasSstp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\rdbss.sys ==> MD5 is legit
C:\Windows\System32\Drivers\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPDR.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPENCDD.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPREFMP.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RdpVideoMiniport.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\Drivers\rdyboost.sys ==> MD5 is legit
C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys C3B79061634FBC3BA3379F557AD952C7
C:\Windows\System32\DRIVERS\RtsPStor.sys 546D7F426776090B90EF5F195B6AE662
C:\Windows\System32\Drivers\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Rt64win7.sys EE082E06A82FF630351D1E0EBBD3D8D0
C:\Windows\System32\Drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\Drivers\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\sdbus.sys 111E0EBC0AD79CB0FA014B907B231CF0
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Serenum.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Serial.sys ==> MD5 is legit
C:\Windows\System32\Drivers\sermouse.sys ==> MD5 is legit
C:\Windows\System32\Drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\System32\Drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\System32\Drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Sftfslh.sys C6CC9297BD53E5229653303E556AA539
C:\Windows\System32\DRIVERS\Sftplaylh.sys 390AA7BC52CEE43F6790CDEA1E776703
C:\Windows\System32\DRIVERS\Sftredirlh.sys 617E29A0B0A2807466560D4C4E338D3E
C:\Windows\System32\DRIVERS\Sftvollh.sys 8F571F016FA1976F445147E9E6C8AE9B
C:\Windows\System32\Drivers\silabenm.sys 720088AAD691FF1D90BE8EC28727F6CA
C:\Windows\System32\Drivers\silabser.sys 3A639FC33AD3D4897C301130214D7FF0
C:\Windows\System32\Drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\System32\Drivers\SiSRaid4.sys ==> MD5 is legit
C:\Windows\System32\Drivers\SmartDefragDriver.sys DD0443BC6CC78A19FD399817F8C51401
C:\Windows\System32\Drivers\Smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\Drivers\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\VSTAZL6.SYS 0C4540311E11664B245A263E1154CEF8
C:\Windows\System32\DRIVERS\VSTDPV6.SYS 02071D207A9858FBE3A48CBFD59C4A04
C:\Windows\System32\DRIVERS\VSTCNXT6.SYS 18E40C245DBFAF36FD0134A7EF2DF396
C:\Windows\System32\Drivers\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\System32\Drivers\ssadbus.sys 8F8324ED1DE63FFC7B1A02CD2D963C72
C:\Windows\System32\Drivers\ssadmdfl.sys 58221EFCB74167B73667F0024C661CE0
C:\Windows\System32\Drivers\ssadmdm.sys 4DA7C71BFAC5AD71255B7E4CAB980163
C:\Windows\System32\Drivers\ss_bus.sys D21FF3592DAEE244EE8376830A672B52
C:\Windows\System32\Drivers\ss_mdfl.sys 451DB3D10E6112E06B4506D4A7BECEC1
C:\Windows\System32\Drivers\ss_mdm.sys EF40C8A268A5263A0EF48FED8E57CBED
C:\Windows\System32\Drivers\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\stwrt64.sys EBA98394A7D58F7552C52192BD8FA7E6
C:\Windows\System32\Drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\Drivers\SynTP.sys AC3CC98B1BDB6540021D3FFB105AC2B9
C:\Windows\System32\Drivers\Tcpip.sys F782CAD3CEDBB3F9FFE3BF2775D92DDC
C:\Windows\System32\DRIVERS\tcpip.sys F782CAD3CEDBB3F9FFE3BF2775D92DDC
C:\Windows\System32\Drivers\tcpipreg.sys ==> MD5 is legit
C:\Windows\System32\Drivers\TDPIPE.sys ==> MD5 is legit
C:\Windows\System32\Drivers\TDTCP.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\Drivers\tdx.sys ==> MD5 is legit
C:\Windows\System32\Drivers\TermDD.sys ==> MD5 is legit
C:\Windows\System32\Drivers\TFsExDisk.sys CE4B6956E4E12492715A53076E58761F
C:\Windows\SysWow64\Drivers\TFsExDisk.sys CE4B6956E4E12492715A53076E58761F
C:\Windows\System32\Drivers\tssecsrv.sys ==> MD5 is legit
C:\Windows\System32\Drivers\TsUsbFlt.sys ==> MD5 is legit
C:\Windows\System32\Drivers\TsUsbGD.sys 9CC2CCAE8A84820EAECB886D477CBCB8
C:\Windows\System32\Drivers\tunnel.sys ==> MD5 is legit
C:\Windows\System32\Drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\Drivers\udfs.sys ==> MD5 is legit
C:\Windows\System32\Drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\Drivers\umbus.sys ==> MD5 is legit
C:\Windows\System32\Drivers\UmPass.sys ==> MD5 is legit
C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys 401984715693B87FDF4F600FBBEBD366
C:\Windows\System32\Drivers\usbccgp.sys 6F1A3157A1C89435352CEB543CDB359C
C:\Windows\System32\Drivers\usbcir.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbehci.sys C025055FE7B87701EB042095DF1A2D7B
C:\Windows\System32\Drivers\usbhub.sys 287C6C9410B111B68B52CA298F7B8C24
C:\Windows\System32\Drivers\usbohci.sys 9840FC418B4CBD632D3D0A667A725C31
C:\Windows\System32\Drivers\usbprint.sys ==> MD5 is legit
C:\Windows\System32\Drivers\USBSTOR.sys FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\System32\Drivers\usbuhci.sys 62069A34518BCF9C1FD9E74B3F6DB7CD
C:\Windows\System32\Drivers\usbvideo.sys 454800C2BC7F3927CE030141EE4F4C50
C:\Windows\System32\Drivers\uxpatch.sys 297EE9C666FC8BB96A232DB0DDBA1E49
C:\Windows\System32\Drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\Drivers\vga.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\System32\Drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\vodafone_K380x-z_dc_enum.sys 63A26AD5494933FE99B1FF3B0660F45A
C:\Windows\System32\Drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys ==> MD5 is legit
C:\Windows\System32\Drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\Drivers\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\Drivers\WacomPen.sys ==> MD5 is legit
C:\Windows\System32\Drivers\WANARP.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Wd.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Wdf01000.sys ==> MD5 is legit
C:\Windows\System32\Drivers\WfpLwf.sys ==> MD5 is legit
C:\Windows\System32\Drivers\WIMMount.sys ==> MD5 is legit
C:\Windows\SysWow64\Drivers\WIMMount.sys ==> MD5 is legit
C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys 0C0195C48B6B8582FA6F6373032118DA
C:\Windows\System32\Drivers\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\System32\Drivers\WmiAcpi.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\Drivers\WudfPf.sys ==> MD5 is legit
C:\Windows\System32\Drivers\WUDFRd.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ZTEusbmdm6k.sys 31DB70A61814E4F33181D48190D46845
C:\Windows\System32\Drivers\ZTEusbnet.sys 38FA421A5255E0D611BB9D5E4100FA3E
C:\Windows\System32\Drivers\ZTEusbnmea.sys C9ADA887BF326D8413E81FE80B1BE7EB
C:\Windows\System32\Drivers\ZTEusbser6k.sys 31DB70A61814E4F33181D48190D46845
C:\Windows\System32\Drivers\ZTEusbvoice.sys 8A9E7E6169F92E64D5B5305562E363BB
C:\Windows\System32\Drivers\ZTEusbwwan.sys B685EB7AAC37E980E33A84E263D92110

==================== NetSvcs (Whitelisted) ====================


==================== Known DLLs (Whitelisted) =================

[2009-07-13 16:18] - [2009-07-13 17:41] - 0083456 ____A (Microsoft Corporation) C:\Windows\System32\msacm32.dll
[2009-07-13 16:03] - [2009-07-13 17:15] - 0072192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msacm32.dll
[2009-07-13 15:21] - [2009-07-13 17:41] - 0006656 ____A (Microsoft Corporation) C:\Windows\System32\shimeng.dll
[2009-07-13 15:12] - [2009-07-13 17:16] - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
[2009-07-13 15:55] - [2012-01-23 03:06] - 0332288 ____A (Microsoft Corporation) C:\Windows\System32\uxtheme.dll
[2009-07-13 15:39] - [2009-07-13 17:11] - 0245760 ____A (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-10-11 21:31:23
Restore point made on: 2012-10-11 21:37:04
Restore point made on: 2012-10-12 21:59:57
Restore point made on: 2012-10-14 21:16:16
Restore point made on: 2012-10-17 00:36:02
Restore point made on: 2012-10-18 02:00:18
Restore point made on: 2012-10-19 22:48:54
Restore point made on: 2012-10-19 23:26:06
Restore point made on: 2012-10-19 23:57:18
Restore point made on: 2012-10-21 21:15:46
Restore point made on: 2012-10-24 21:25:48


Last Boot: 2012-10-17 11:49

==================== End Of Log =============================

Attached Files



#12 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:44 AM

Posted 31 October 2012 - 06:35 AM

There is no clue about the boot issue.

Before we try a fix please boot to System Recovery Options, select System Restore and restore the system to one of the earlier restore points than 2012-10-21.

Please try first the restore point made on 2012-10-21. If it didn't worked please try one of the two restore points made on 2012-10-11.

Let me know if there is a change in the way the system boots.

#13 thegonga

thegonga
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Katavi
  • Local time:02:44 AM

Posted 31 October 2012 - 09:08 AM

the restore point 2012-10-21 failed and brought this error message "An Unspecified error occured durring system restore.(0x8000ffff)"
But
the restore point 2012-10-11 was succesfully restored, when I rebooted, again system start repair automatically at end repair fail

#14 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,714 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:09:44 AM

Posted 31 October 2012 - 12:33 PM

Let see if the system could be restored before going to for a factory restore.

Please download Attached File  fixlist.txt   823bytes   25 downloads
Save it to your flash drive.
Boot to System Recovery Options and select "Command Prompt".

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Also restart, let it boot normally and tell me if there is a change.

#15 thegonga

thegonga
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Katavi
  • Local time:02:44 AM

Posted 01 November 2012 - 12:45 AM

thanks a lot and lot, the system is booting normally,
there are words on screen right bottom says "Test Mode window 7 Build 7601"

what is the next move!
thanks!

FIX LOG

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-10-2012
Ran by SYSTEM at 2012-11-01 08:30:41 Run:4
Running from H:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AdvancedSystemCareService5 was disabled.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IMFservice was disabled.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\KSafeSvc was disabled.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kxescore was disabled.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MsMpSvc was disabled.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NisSrv was disabled.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinDefend was disabled.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\avgtp was disabled.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FileMonitor was disabled.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kavbootc was disabled.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\KDHacker was disabled.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kisknl was disabled.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kmodurl was disabled.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MpFilter was disabled.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NisDrv was disabled.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RegFilter was disabled.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SmartDefragDriver was disabled.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\UrlFilter was disabled.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinRing0_1_2_0 was disabled.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ksfmonsys was disabled.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\KUsbGuard was disabled.

========= bcdedit /enum all /store y:\boot\bcd =========


Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=Y:
description Windows Boot Manager
locale en-US
inherit {globalsettings}
extendedinput Yes
default {default}
resumeobject {158181c0-9a00-11db-8a1d-b11d19fd3102}
displayorder {default}
toolsdisplayorder {memdiag}
timeout 10
customactions 0x1000085000001
0x5400000f
custom:5400000f {818ed974-765c-11e1-9ed5-9bf0fcba73fd}

Windows Boot Loader
-------------------
identifier {default}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale en-US
inherit {bootloadersettings}
recoverysequence {818ed974-765c-11e1-9ed5-9bf0fcba73fd}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {158181c0-9a00-11db-8a1d-b11d19fd3102}
nx OptIn

Windows Boot Loader
-------------------
identifier {572bcd60-ffa7-11d9-aae0-0007e994107d}
device ramdisk=[boot]\sources\boot.wim,{ramdiskoptions}
path \windows\system32\boot\winload.exe
description Microsoft Windows PE 2.0
osdevice ramdisk=[boot]\sources\boot.wim,{ramdiskoptions}
systemroot \windows
detecthal Yes
winpe Yes
ems Yes

Windows Boot Loader
-------------------
identifier {818ed974-765c-11e1-9ed5-9bf0fcba73fd}
device ramdisk=[E:]\Recovery\WindowsRE\Winre.wim,{818ed975-765c-11e1-9ed5-9bf0fcba73fd}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {bootloadersettings}
osdevice ramdisk=[E:]\Recovery\WindowsRE\Winre.wim,{818ed975-765c-11e1-9ed5-9bf0fcba73fd}
systemroot \windows
nx OptIn
winpe Yes

Resume from Hibernate
---------------------
identifier {158181c0-9a00-11db-8a1d-b11d19fd3102}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {memdiag}
device partition=Y:
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {globalsettings}
badmemoryaccess Yes

EMS Settings
------------
identifier {emssettings}
bootems Yes

Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {badmemory}

Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}

Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}

Hypervisor Settings
-------------------
identifier {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}

Device options
--------------
identifier {818ed975-765c-11e1-9ed5-9bf0fcba73fd}
description Ramdisk Options
ramdisksdidevice partition=E:
ramdisksdipath \Recovery\WindowsRE\boot.sdi

Setup Ramdisk Options
---------------------
identifier {ramdiskoptions}
description Ramdisk Options
ramdisksdidevice boot
ramdisksdipath \boot\boot.sdi

========= End of CMD: =========


The operation completed successfully.

========= bcdedit /store Y:\Boot\bcd /set {default} testsigning on =========

The operation completed successfully.

========= End of CMD: =========


========= bcdedit /store Y:\Boot\bcd /set {default} nointegritychecks ON =========

The operation completed successfully.

========= End of CMD: =========


========= bcdedit /enum all /store y:\boot\bcd =========


Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=Y:
description Windows Boot Manager
locale en-US
inherit {globalsettings}
extendedinput Yes
default {default}
resumeobject {158181c0-9a00-11db-8a1d-b11d19fd3102}
displayorder {default}
toolsdisplayorder {memdiag}
timeout 10
customactions 0x1000085000001
0x5400000f
custom:5400000f {818ed974-765c-11e1-9ed5-9bf0fcba73fd}

Windows Boot Loader
-------------------
identifier {default}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale en-US
inherit {bootloadersettings}
recoverysequence {818ed974-765c-11e1-9ed5-9bf0fcba73fd}
recoveryenabled Yes
nointegritychecks Yes
testsigning Yes
osdevice partition=C:
systemroot \Windows
resumeobject {158181c0-9a00-11db-8a1d-b11d19fd3102}
nx OptIn

Windows Boot Loader
-------------------
identifier {572bcd60-ffa7-11d9-aae0-0007e994107d}
device ramdisk=[boot]\sources\boot.wim,{ramdiskoptions}
path \windows\system32\boot\winload.exe
description Microsoft Windows PE 2.0
osdevice ramdisk=[boot]\sources\boot.wim,{ramdiskoptions}
systemroot \windows
detecthal Yes
winpe Yes
ems Yes

Windows Boot Loader
-------------------
identifier {818ed974-765c-11e1-9ed5-9bf0fcba73fd}
device ramdisk=[E:]\Recovery\WindowsRE\Winre.wim,{818ed975-765c-11e1-9ed5-9bf0fcba73fd}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {bootloadersettings}
osdevice ramdisk=[E:]\Recovery\WindowsRE\Winre.wim,{818ed975-765c-11e1-9ed5-9bf0fcba73fd}
systemroot \windows
nx OptIn
winpe Yes

Resume from Hibernate
---------------------
identifier {158181c0-9a00-11db-8a1d-b11d19fd3102}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {memdiag}
device partition=Y:
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {globalsettings}
badmemoryaccess Yes

EMS Settings
------------
identifier {emssettings}
bootems Yes

Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {badmemory}

Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}

Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}

Hypervisor Settings
-------------------
identifier {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}

Device options
--------------
identifier {818ed975-765c-11e1-9ed5-9bf0fcba73fd}
description Ramdisk Options
ramdisksdidevice partition=E:
ramdisksdipath \Recovery\WindowsRE\boot.sdi

Setup Ramdisk Options
---------------------
identifier {ramdiskoptions}
description Ramdisk Options
ramdisksdidevice boot
ramdisksdipath \boot\boot.sdi

========= End of CMD: =========


==== End of Fixlog ====




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users