Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help my restore points are gone and I have to click 3 times to get anything done


  • This topic is locked This topic is locked
74 replies to this topic

#1 nycpsychic

nycpsychic

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:02:18 PM

Posted 29 March 2013 - 03:15 PM

Help my restore points are gone and I have to click 3 times to get anything done. can't download programs b/c it says can't unpack dll. can anyone help?

 

 

here is my hijack log

 

 

Attached Files


Edited by nycpsychic, 29 March 2013 - 03:20 PM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:18 PM

Posted 03 April 2013 - 03:20 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

=http://www.bleepstatic.com/images/site/icons/steps/step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/490192 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gif If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,407 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:18 PM

Posted 06 April 2013 - 10:49 PM

Greetings and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me about it.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Please do this for me.

===================================================

Farbar's Recovery Scan Tool

--------------------

For this step you will need a USB flash drive and start on a clean computer.
  • Please download Farbar Recovery Scan Tool and save it to a flash drive. You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Plug the flashdrive into the infected PC and follow the 2 step process below to enter the System Recovery Options using one of the three options listed, then running Farbar's Recover Scan Tool
----------

Entering into the System Recovery Options

Option #1

To enter System Recovery Options in Windows 8:Option #2

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
Option #3

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next
----------

Running Farbar's Recovery Scan Tool in System Recovery
  • Once you are in the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

  • Select Command Prompt
  • In the command window type in Notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select Computer and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    • Note: Replace letter e with the drive letter of your flash drive.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:
  • FRST log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 nycpsychic

nycpsychic
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:02:18 PM

Posted 07 April 2013 - 08:17 AM

here's my log, thank you

Log posted by Oh My!

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-03-2013 (ATTENTION: FRST version is 25 days old)
Ran by SYSTEM at 07-04-2013 08:57:39
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [8060960 2009-08-05] (Realtek Semiconductor)
HKLM\...\Run: [Seagate Scheduler2 Service] "C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedhlp.exe" [136472 2008-06-24] (Seagate)
HKLM\...\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [LenovoFSC] C:\Program Files (x86)\Lenovo\FanSpeedControl\LenovoFSC.exe [49152 2009-07-29] (Lenovo (Shenzhen) Electronic Co., Ltd.)
HKLM-x32\...\Run: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery" [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe" [352976 2010-10-04] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [38872 2012-07-31] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-09] (Hewlett-Packard)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)
HKU\cyg_server\...\Run: [Best Buy pc app] C:\Users\cyg_server\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms [398 2013-03-06] ()
HKU\cyg_server\...\Policies\system: [LogonHoursAction] 2
HKU\cyg_server\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\JB\...\Run: [IBP] [x]
HKU\JB\...\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme [4354048 2011-01-13] (SRS Labs, Inc.)
HKU\JB\...\Run: [SansaDispatch] C:\Users\JB\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe [79872 2012-07-03] (SanDisk Corporation)
HKU\JB\...\Run: [BitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe" [400760 2011-03-24] (BitTorrent, Inc.)
HKU\JB\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized [15146376 2011-04-18] (Skype Technologies S.A.)
HKU\JB\...\RunOnce: [FlashPlayerUpdate] C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_Plugin.exe -update plugin [692152 2012-10-26] (Adobe Systems Incorporated)
HKU\JB\...\Policies\system: [LogonHoursAction] 2
HKU\JB\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Winlogon\Notify\klogon: %SystemRoot%\System32\klogon.dll (Kaspersky Lab ZAO)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Lsa: [Authentication Packages] msv1_0 relog_ap
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)

==================== Services (Whitelisted) ===================

2 ABBYY.Licensing.FineReader.Sprint.9.0; "C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe" -service [759048 2009-05-14] (ABBYY)
2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
2 AVP; "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe" -r [352976 2010-10-04] (Kaspersky Lab ZAO)
2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" [398184 2012-12-14] (Malwarebytes Corporation)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [682344 2012-12-14] (Malwarebytes Corporation)
2 mcmscsvc; C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe [865832 2009-10-29] (McAfee, Inc.)
2 McNASvc; "C:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe" [2482848 2009-07-07] (McAfee, Inc.)
2 MpfService; "C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe" [895696 2009-10-27] (McAfee, Inc.)
2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-08] (Nuance Communications, Inc.)
2 SbieSvc; "C:\Program Files\Sandboxie\SbieSvc.exe" [123664 2012-08-25] (SANDBOXIE L.T.D)
2 sshd; C:\cygwin\bin\cygrunsrv.exe [x]

==================== Drivers (Whitelisted) =====================

0 KL1; C:\Windows\System32\Drivers\KL1.sys [460888 2010-06-09] (Kaspersky Lab ZAO)
1 kl2; C:\Windows\System32\Drivers\kl2.sys [11864 2010-06-09] (Kaspersky Lab ZAO)
1 KLIF; C:\Windows\System32\Drivers\KLIF.sys [556120 2010-10-04] (Kaspersky Lab)
1 KLIM6; C:\Windows\System32\Drivers\KLIM6.sys [27736 2010-04-22] (Kaspersky Lab ZAO)
3 klmouflt; C:\Windows\System32\Drivers\klmouflt.sys [22544 2009-11-02] (Kaspersky Lab)
3 MBAMProtector; \??\C:\windows\system32\drivers\mbam.sys [24176 2012-12-14] (Malwarebytes Corporation)
1 MPFP; C:\Windows\System32\Drivers\MPFP.sys [176144 2009-07-16] (McAfee, Inc.)
3 RTL8023x64; C:\Windows\System32\DRIVERS\Rtnic64.sys [51712 2009-06-10] (Realtek Semiconductor Corporation )
3 SbieDrv; \??\C:\Program Files\Sandboxie\SbieDrv.sys [202632 2012-08-25] (SANDBOXIE L.T.D)
0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2011-04-21] (Duplex Secure Ltd.)
3 SRS_SSCFilter; C:\Windows\System32\drivers\srs_sscfilter_amd64.sys [55040 2007-07-26] ()
3 SuperIO; C:\Windows\System32\DRIVERS\spio.sys [11848 2009-06-05] ()
3 RtsUIR; C:\Windows\System32\DRIVERS\Rts516xIR.sys [x]
3 USBCCID; C:\Windows\System32\DRIVERS\RtsUCcid.sys [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2013-04-07 03:32 - 2013-04-07 03:32 - 00000000 ____D C:\FRST
2013-04-04 05:54 - 2013-04-04 05:54 - 00000000 ____D C:\Users\JB\Desktop\upd
2013-04-04 04:33 - 2013-04-04 04:33 - 00001586 ____A C:\Users\JB\Documents\hummingbird-newyorkpsychic-followed-users.xml
2013-04-04 04:14 - 2013-04-04 04:16 - 07483450 ____A C:\Users\JB\Desktop\UDesign 1.8.0 + Plugins.zip
2013-04-01 06:11 - 2013-04-01 06:11 - 00710504 ____A C:\Windows\is-1738N.exe
2013-04-01 06:11 - 2013-04-01 06:11 - 00011277 ____A C:\Windows\is-1738N.msg
2013-04-01 06:11 - 2013-04-01 06:11 - 00000392 ____A C:\Windows\is-1738N.lst
2013-03-21 14:42 - 2013-03-21 14:42 - 00000000 ____A C:\Windows\SysWOW64\FAP745D.tmp
2013-03-21 14:42 - 2013-03-21 14:42 - 00000000 ____A C:\Windows\SysWOW64\FAP72C2.tmp
2013-03-21 14:12 - 2013-03-21 14:12 - 00000000 ____A C:\Windows\SysWOW64\FAP11C9.tmp
2013-03-21 14:11 - 2013-03-21 14:11 - 00000000 ____A C:\Windows\SysWOW64\FAPEA47.tmp
2013-03-21 14:11 - 2013-03-21 14:11 - 00000000 ____A C:\Windows\SysWOW64\FAPE61D.tmp
2013-03-21 14:10 - 2013-03-21 14:10 - 00000000 ____A C:\Windows\SysWOW64\FAPC0BD.tmp
2013-03-21 14:09 - 2013-03-21 14:09 - 00000000 ____A C:\Windows\SysWOW64\FAPBE77.tmp
2013-03-21 14:08 - 2013-03-21 14:08 - 00000000 ____A C:\Windows\SysWOW64\FAP7793.tmp
2013-03-21 14:08 - 2013-03-21 14:08 - 00000000 ____A C:\Windows\SysWOW64\FAP76E3.tmp
2013-03-21 13:57 - 2013-03-21 13:57 - 00000000 ____A C:\Windows\SysWOW64\FAPEE77.tmp
2013-03-21 13:57 - 2013-03-21 13:57 - 00000000 ____A C:\Windows\SysWOW64\FAP11B5.tmp
2013-03-21 13:56 - 2013-03-21 13:56 - 00000000 ____A C:\Windows\SysWOW64\FAPF8DA.tmp
2013-03-21 13:56 - 2013-03-21 13:56 - 00000000 ____A C:\Windows\SysWOW64\FAPF740.tmp
2013-03-21 13:56 - 2013-03-21 13:56 - 00000000 ____A C:\Windows\SysWOW64\FAPDB.tmp
2013-03-21 13:56 - 2013-03-21 13:56 - 00000000 ____A C:\Windows\SysWOW64\FAP265.tmp
2013-03-21 13:56 - 2013-03-21 13:56 - 00000000 ____A C:\Windows\SysWOW64\FAP212.tmp
2013-03-21 13:56 - 2013-03-21 13:56 - 00000000 ____A C:\Windows\SysWOW64\FAP1BF.tmp
2013-03-21 13:56 - 2013-03-21 13:56 - 00000000 ____A C:\Windows\SysWOW64\FAP14D.tmp
2013-03-21 13:56 - 2013-03-21 13:56 - 00000000 ____A C:\Windows\SysWOW64\FAP118C.tmp
2013-03-21 13:56 - 2013-03-21 13:56 - 00000000 ____A C:\Windows\SysWOW64\FAP10CC.tmp
2013-03-21 13:55 - 2013-03-21 13:55 - 00000000 ____A C:\Windows\SysWOW64\FAP7465.tmp
2013-03-21 13:55 - 2013-03-21 13:55 - 00000000 ____A C:\Windows\SysWOW64\FAP73A5.tmp
2013-03-21 13:50 - 2013-03-21 13:50 - 00000000 ____A C:\Windows\SysWOW64\FAPFD0A.tmp
2013-03-21 13:49 - 2013-03-21 13:49 - 00000000 ____A C:\Windows\SysWOW64\FAPDDC2.tmp
2013-03-21 13:49 - 2013-03-21 13:49 - 00000000 ____A C:\Windows\SysWOW64\FAPDCD3.tmp
2013-03-21 13:46 - 2013-03-21 13:46 - 00000000 ____A C:\Windows\SysWOW64\FAPCE58.tmp
2013-03-21 13:46 - 2013-03-21 13:46 - 00000000 ____A C:\Windows\SysWOW64\FAP5B31.tmp
2013-03-21 13:46 - 2013-03-21 13:46 - 00000000 ____A C:\Windows\SysWOW64\FAP5AFD.tmp
2013-03-21 13:46 - 2013-03-21 13:46 - 00000000 ____A C:\Windows\SysWOW64\FAP5AD9.tmp
2013-03-21 13:46 - 2013-03-21 13:46 - 00000000 ____A C:\Windows\SysWOW64\FAP484D.tmp
2013-03-21 13:43 - 2013-03-21 13:43 - 00000000 ____A C:\Windows\SysWOW64\FAP8E19.tmp
2013-03-21 13:43 - 2013-03-21 13:43 - 00000000 ____A C:\Windows\SysWOW64\FAP55C5.tmp
2013-03-21 13:43 - 2013-03-21 13:43 - 00000000 ____A C:\Windows\SysWOW64\FAP5582.tmp
2013-03-21 13:43 - 2013-03-21 13:43 - 00000000 ____A C:\Windows\SysWOW64\FAP54F1.tmp
2013-03-21 13:43 - 2013-03-21 13:43 - 00000000 ____A C:\Windows\SysWOW64\FAP19C0.tmp
2013-03-21 13:42 - 2013-03-21 13:42 - 00000000 ____A C:\Windows\SysWOW64\FAPE218.tmp
2013-03-21 13:42 - 2013-03-21 13:42 - 00000000 ____A C:\Windows\SysWOW64\FAPB49D.tmp
2013-03-21 13:42 - 2013-03-21 13:42 - 00000000 ____A C:\Windows\SysWOW64\FAP9361.tmp
2013-03-21 13:42 - 2013-03-21 13:42 - 00000000 ____A C:\Windows\SysWOW64\FAP90DD.tmp
2013-03-21 13:42 - 2013-03-21 13:42 - 00000000 ____A C:\Windows\SysWOW64\FAP7D58.tmp
2013-03-21 13:42 - 2013-03-21 13:42 - 00000000 ____A C:\Windows\SysWOW64\FAP74AB.tmp
2013-03-21 13:41 - 2013-03-21 13:41 - 00000000 ____A C:\Windows\SysWOW64\FAPA5D4.tmp
2013-03-21 13:41 - 2013-03-21 13:41 - 00000000 ____A C:\Windows\SysWOW64\FAP953C.tmp
2013-03-21 13:41 - 2013-03-21 13:41 - 00000000 ____A C:\Windows\SysWOW64\FAP82CE.tmp
2013-03-21 13:41 - 2013-03-21 13:41 - 00000000 ____A C:\Windows\SysWOW64\FAP7E08.tmp
2013-03-21 13:38 - 2013-03-21 13:38 - 00000000 ____A C:\Windows\SysWOW64\FAP9B34.tmp
2013-03-21 13:38 - 2013-03-21 13:38 - 00000000 ____A C:\Windows\SysWOW64\FAP9AC2.tmp
2013-03-21 12:58 - 2013-03-21 12:58 - 00000000 ____A C:\Windows\SysWOW64\FAP3150.tmp
2013-03-21 12:58 - 2013-03-21 12:58 - 00000000 ____A C:\Windows\SysWOW64\FAP2FF4.tmp
2013-03-21 12:55 - 2013-03-21 12:55 - 00000000 ____A C:\Windows\SysWOW64\FAP97F4.tmp
2013-03-21 12:46 - 2013-03-21 12:46 - 00000000 ____A C:\Windows\SysWOW64\FAPA94D.tmp
2013-03-21 12:46 - 2013-03-21 12:46 - 00000000 ____A C:\Windows\SysWOW64\FAPA6B9.tmp
2013-03-21 12:44 - 2013-03-21 12:44 - 00000000 ____A C:\Windows\SysWOW64\FAPB8FC.tmp
2013-03-21 12:44 - 2013-03-21 12:44 - 00000000 ____A C:\Windows\SysWOW64\FAPB501.tmp
2013-03-21 12:34 - 2013-03-21 12:34 - 00000000 ____A C:\Windows\SysWOW64\FAP812F.tmp
2013-03-21 12:34 - 2013-03-21 12:34 - 00000000 ____A C:\Windows\SysWOW64\FAP7FB4.tmp
2013-03-21 12:34 - 2013-03-21 12:34 - 00000000 ____A C:\Windows\SysWOW64\FAP64FE.tmp
2013-03-21 12:33 - 2013-03-21 12:33 - 00000000 ____A C:\Windows\SysWOW64\FAP19B7.tmp
2013-03-21 12:30 - 2013-03-21 12:30 - 00000000 ____A C:\Windows\SysWOW64\FAP3EBF.tmp
2013-03-21 12:30 - 2013-03-21 12:30 - 00000000 ____A C:\Windows\SysWOW64\FAP3E2D.tmp
2013-03-21 12:29 - 2013-03-21 12:29 - 00000000 ____A C:\Windows\SysWOW64\FAPB828.tmp
2013-03-21 12:29 - 2013-03-21 12:29 - 00000000 ____A C:\Windows\SysWOW64\FAPB352.tmp
2013-03-21 12:22 - 2013-03-21 12:22 - 00000000 ____A C:\Windows\SysWOW64\FAPFF26.tmp
2013-03-21 12:22 - 2013-03-21 12:22 - 00000000 ____A C:\Windows\SysWOW64\FAPA2.tmp
2013-03-21 12:17 - 2013-03-21 12:17 - 00000000 ____A C:\Windows\SysWOW64\FAPFB16.tmp
2013-03-21 12:17 - 2013-03-21 12:17 - 00000000 ____A C:\Windows\SysWOW64\FAPF585.tmp
2013-03-21 12:10 - 2013-03-21 12:10 - 00000000 ____A C:\Windows\SysWOW64\FAP9B35.tmp
2013-03-21 12:00 - 2013-03-21 12:00 - 00000000 ____A C:\Windows\SysWOW64\FAP880D.tmp
2013-03-21 12:00 - 2013-03-21 12:00 - 00000000 ____A C:\Windows\SysWOW64\FAP7EC5.tmp
2013-03-21 11:58 - 2013-03-21 11:58 - 00000000 ____A C:\Windows\SysWOW64\FAPBF29.tmp
2013-03-21 11:57 - 2013-03-21 11:57 - 00000000 ____A C:\Windows\SysWOW64\FAP1E63.tmp
2013-03-21 11:55 - 2013-03-21 11:55 - 00000000 ____A C:\Windows\SysWOW64\FAPC2C7.tmp
2013-03-21 11:54 - 2013-03-21 11:54 - 00000000 ____A C:\Windows\SysWOW64\FAP4EAC.tmp
2013-03-21 11:41 - 2013-03-21 11:41 - 00000000 ____A C:\Windows\SysWOW64\FAPBBDB.tmp
2013-03-21 11:41 - 2013-03-21 11:41 - 00000000 ____A C:\Windows\SysWOW64\FAPB438.tmp
2013-03-21 11:41 - 2013-03-21 11:41 - 00000000 ____A C:\Windows\SysWOW64\FAP9AD8.tmp
2013-03-21 11:41 - 2013-03-21 11:41 - 00000000 ____A C:\Windows\SysWOW64\FAP901A.tmp
2013-03-21 11:41 - 2013-03-21 11:41 - 00000000 ____A C:\Windows\SysWOW64\FAP8AC7.tmp
2013-03-21 11:41 - 2013-03-21 11:41 - 00000000 ____A C:\Windows\SysWOW64\FAP8891.tmp
2013-03-21 11:41 - 2013-03-21 11:41 - 00000000 ____A C:\Windows\SysWOW64\FAP8409.tmp
2013-03-21 11:41 - 2013-03-21 11:41 - 00000000 ____A C:\Windows\SysWOW64\FAP7DCD.tmp
2013-03-21 11:41 - 2013-03-21 11:41 - 00000000 ____A C:\Windows\SysWOW64\FAP72EF.tmp
2013-03-21 11:41 - 2013-03-21 11:41 - 00000000 ____A C:\Windows\SysWOW64\FAP6EF4.tmp
2013-03-21 11:41 - 2013-03-21 11:41 - 00000000 ____A C:\Windows\SysWOW64\FAP6B09.tmp
2013-03-21 11:41 - 2013-03-21 11:41 - 00000000 ____A C:\Windows\SysWOW64\FAP694F.tmp
2013-03-21 11:41 - 2013-03-21 11:41 - 00000000 ____A C:\Windows\SysWOW64\FAP6860.tmp
2013-03-21 11:39 - 2013-03-21 11:39 - 00000000 ____A C:\Windows\SysWOW64\FAPC173.tmp
2013-03-21 11:39 - 2013-03-21 11:39 - 00000000 ____A C:\Windows\SysWOW64\FAPBE71.tmp
2013-03-21 11:34 - 2013-03-21 11:34 - 00000000 ____A C:\Windows\SysWOW64\FAPF850.tmp
2013-03-21 11:34 - 2013-03-21 11:34 - 00000000 ____A C:\Windows\SysWOW64\FAPF58D.tmp
2013-03-21 11:32 - 2013-03-21 11:32 - 00000000 ____A C:\Windows\SysWOW64\FAP3381.tmp
2013-03-21 09:01 - 2013-03-21 09:01 - 00000000 ____A C:\Windows\SysWOW64\FAPF5A0.tmp
2013-03-21 09:01 - 2013-03-21 09:01 - 00000000 ____A C:\Windows\SysWOW64\FAPF1F3.tmp
2013-03-21 09:00 - 2013-03-21 09:00 - 00000000 ____A C:\Windows\SysWOW64\FAPAA15.tmp
2013-03-21 08:59 - 2013-03-21 08:59 - 00000000 ____A C:\Windows\SysWOW64\FAP6C74.tmp
2013-03-21 08:59 - 2013-03-21 08:59 - 00000000 ____A C:\Windows\SysWOW64\FAP69C1.tmp
2013-03-21 08:59 - 2013-03-21 08:59 - 00000000 ____A C:\Windows\SysWOW64\FAP5A70.tmp
2013-03-21 08:59 - 2013-03-21 08:59 - 00000000 ____A C:\Windows\SysWOW64\FAP4EE7.tmp
2013-03-21 08:59 - 2013-03-21 08:59 - 00000000 ____A C:\Windows\SysWOW64\FAP4D9A.tmp
2013-03-21 08:59 - 2013-03-21 08:59 - 00000000 ____A C:\Windows\SysWOW64\FAP46A3.tmp
2013-03-21 08:53 - 2013-03-21 08:53 - 00000000 ____A C:\Windows\SysWOW64\FAP407.tmp
2013-03-21 08:52 - 2013-03-21 08:52 - 00000000 ____A C:\Windows\SysWOW64\FAP5912.tmp
2013-03-21 08:52 - 2013-03-21 08:52 - 00000000 ____A C:\Windows\SysWOW64\FAP5871.tmp
2013-03-21 08:52 - 2013-03-21 08:52 - 00000000 ____A C:\Windows\SysWOW64\FAP563B.tmp
2013-03-21 08:52 - 2013-03-21 08:52 - 00000000 ____A C:\Windows\SysWOW64\FAP4841.tmp
2013-03-21 08:52 - 2013-03-21 08:52 - 00000000 ____A C:\Windows\SysWOW64\FAP455F.tmp
2013-03-21 08:52 - 2013-03-21 08:52 - 00000000 ____A C:\Windows\SysWOW64\FAP3C45.tmp
2013-03-21 08:50 - 2013-03-21 08:50 - 00000000 ____A C:\Windows\SysWOW64\FAP691A.tmp
2013-03-21 08:48 - 2013-03-21 08:48 - 00000000 ____A C:\Windows\SysWOW64\FAP1931.tmp
2013-03-21 08:45 - 2013-03-21 08:45 - 00000000 ____A C:\Windows\SysWOW64\FAPCBE.tmp
2013-03-21 08:45 - 2013-03-21 08:45 - 00000000 ____A C:\Windows\SysWOW64\FAP3A5D.tmp
2013-03-21 08:45 - 2013-03-21 08:45 - 00000000 ____A C:\Windows\SysWOW64\FAP39CC.tmp
2013-03-21 08:44 - 2013-03-21 08:44 - 00000000 ____A C:\Windows\SysWOW64\FAP9E91.tmp
2013-03-21 08:44 - 2013-03-21 08:44 - 00000000 ____A C:\Windows\SysWOW64\FAP9D26.tmp
2013-03-21 08:44 - 2013-03-21 08:44 - 00000000 ____A C:\Windows\SysWOW64\FAP9CC3.tmp
2013-03-21 08:44 - 2013-03-21 08:44 - 00000000 ____A C:\Windows\SysWOW64\FAP9C12.tmp
2013-03-21 08:44 - 2013-03-21 08:44 - 00000000 ____A C:\Windows\SysWOW64\FAP8F51.tmp
2013-03-21 08:44 - 2013-03-21 08:44 - 00000000 ____A C:\Windows\SysWOW64\FAP8F0E.tmp
2013-03-21 08:44 - 2013-03-21 08:44 - 00000000 ____A C:\Windows\SysWOW64\FAP8EBB.tmp
2013-03-21 08:44 - 2013-03-21 08:44 - 00000000 ____A C:\Windows\SysWOW64\FAP67F4.tmp
2013-03-21 08:44 - 2013-03-21 08:44 - 00000000 ____A C:\Windows\SysWOW64\FAP65EC.tmp
2013-03-21 08:44 - 2013-03-21 08:44 - 00000000 ____A C:\Windows\SysWOW64\FAP651C.tmp
2013-03-21 08:44 - 2013-03-21 08:44 - 00000000 ____A C:\Windows\SysWOW64\FAP6391.tmp
2013-03-21 08:44 - 2013-03-21 08:44 - 00000000 ____A C:\Windows\SysWOW64\FAP5099.tmp
2013-03-21 08:44 - 2013-03-21 08:44 - 00000000 ____A C:\Windows\SysWOW64\FAP5046.tmp
2013-03-21 08:44 - 2013-03-21 08:44 - 00000000 ____A C:\Windows\SysWOW64\FAP4F47.tmp
2013-03-21 08:43 - 2013-03-21 08:43 - 00000000 ____A C:\Windows\SysWOW64\FAPF40E.tmp
2013-03-21 08:43 - 2013-03-21 08:43 - 00000000 ____A C:\Windows\SysWOW64\FAPF0BF.tmp
2013-03-21 08:43 - 2013-03-21 08:43 - 00000000 ____A C:\Windows\SysWOW64\FAPE0E.tmp
2013-03-21 08:43 - 2013-03-21 08:43 - 00000000 ____A C:\Windows\SysWOW64\FAPD4E.tmp
2013-03-21 08:40 - 2013-03-21 08:40 - 00000000 ____A C:\Windows\SysWOW64\FAPC537.tmp
2013-03-21 08:40 - 2013-03-21 08:40 - 00000000 ____A C:\Windows\SysWOW64\FAPC34F.tmp
2013-03-21 07:58 - 2013-03-21 07:58 - 00000000 ____A C:\Windows\SysWOW64\FAP6878.tmp
2013-03-21 07:58 - 2013-03-21 07:58 - 00000000 ____A C:\Windows\SysWOW64\FAP673B.tmp
2013-03-21 07:58 - 2013-03-21 07:58 - 00000000 ____A C:\Windows\SysWOW64\FAP132D.tmp
2013-03-21 07:48 - 2013-03-21 07:48 - 00000000 ____A C:\Windows\SysWOW64\FAP68E7.tmp
2013-03-21 07:48 - 2013-03-21 07:48 - 00000000 ____A C:\Windows\SysWOW64\FAP6671.tmp
2013-03-21 07:48 - 2013-03-21 07:48 - 00000000 ____A C:\Windows\SysWOW64\FAP63FC.tmp
2013-03-21 07:47 - 2013-03-21 07:47 - 00000000 ____A C:\Windows\SysWOW64\FAP6C6F.tmp
2013-03-21 07:47 - 2013-03-21 07:47 - 00000000 ____A C:\Windows\SysWOW64\FAP6C0C.tmp
2013-03-21 07:47 - 2013-03-21 07:47 - 00000000 ____A C:\Windows\SysWOW64\FAP662D.tmp
2013-03-21 07:47 - 2013-03-21 07:47 - 00000000 ____A C:\Windows\SysWOW64\FAP654D.tmp
2013-03-21 07:45 - 2013-03-21 07:45 - 00000000 ____A C:\Windows\SysWOW64\FAPA73D.tmp
2013-03-21 07:45 - 2013-03-21 07:45 - 00000000 ____A C:\Windows\SysWOW64\FAP9F4A.tmp
2013-03-21 07:45 - 2013-03-21 07:45 - 00000000 ____A C:\Windows\SysWOW64\FAP9E6A.tmp
2013-03-21 07:45 - 2013-03-21 07:45 - 00000000 ____A C:\Windows\SysWOW64\FAP9947.tmp
2013-03-21 07:45 - 2013-03-21 07:45 - 00000000 ____A C:\Windows\SysWOW64\FAP9674.tmp
2013-03-21 07:42 - 2013-03-21 07:42 - 00000000 ____A C:\Windows\SysWOW64\FAPFFDE.tmp
2013-03-21 07:42 - 2013-03-21 07:42 - 00000000 ____A C:\Windows\SysWOW64\FAPFE82.tmp
2013-03-21 07:42 - 2013-03-21 07:42 - 00000000 ____A C:\Windows\SysWOW64\FAPC90.tmp
2013-03-21 07:42 - 2013-03-21 07:42 - 00000000 ____A C:\Windows\SysWOW64\FAPB72.tmp
2013-03-21 07:42 - 2013-03-21 07:42 - 00000000 ____A C:\Windows\SysWOW64\FAP9A9.tmp
2013-03-21 07:42 - 2013-03-21 07:42 - 00000000 ____A C:\Windows\SysWOW64\FAP8E9.tmp
2013-03-21 07:42 - 2013-03-21 07:42 - 00000000 ____A C:\Windows\SysWOW64\FAP8B5.tmp
2013-03-21 07:42 - 2013-03-21 07:42 - 00000000 ____A C:\Windows\SysWOW64\FAP787.tmp
2013-03-21 07:42 - 2013-03-21 07:42 - 00000000 ____A C:\Windows\SysWOW64\FAP58F.tmp
2013-03-21 07:41 - 2013-03-21 07:41 - 00000000 ____A C:\Windows\SysWOW64\FAP7560.tmp
2013-03-21 07:41 - 2013-03-21 07:41 - 00000000 ____A C:\Windows\SysWOW64\FAP7404.tmp
2013-03-21 07:41 - 2013-03-21 07:41 - 00000000 ____A C:\Windows\SysWOW64\FAP1627.tmp
2013-03-21 07:41 - 2013-03-21 07:41 - 00000000 ____A C:\Windows\SysWOW64\FAP140E.tmp
2013-03-21 07:41 - 2013-03-21 07:41 - 00000000 ____A C:\Windows\SysWOW64\FAP117A.tmp
2013-03-21 07:41 - 2013-03-21 07:41 - 00000000 ____A C:\Windows\SysWOW64\FAP105C.tmp
2013-03-21 07:40 - 2013-03-21 07:40 - 00000000 ____A C:\Windows\SysWOW64\FAPDBC0.tmp
2013-03-21 07:40 - 2013-03-21 07:40 - 00000000 ____A C:\Windows\SysWOW64\FAPBDC0.tmp
2013-03-21 07:38 - 2013-03-21 07:38 - 00000000 ____A C:\Windows\SysWOW64\FAPF07B.tmp
2013-03-21 07:38 - 2013-03-21 07:38 - 00000000 ____A C:\Windows\SysWOW64\FAPEC22.tmp
2013-03-21 07:37 - 2013-03-21 07:37 - 00000000 ____A C:\Windows\SysWOW64\FAPFBD8.tmp
2013-03-21 07:37 - 2013-03-21 07:37 - 00000000 ____A C:\Windows\SysWOW64\FAPF770.tmp
2013-03-21 07:37 - 2013-03-21 07:37 - 00000000 ____A C:\Windows\SysWOW64\FAPF51A.tmp
2013-03-21 07:37 - 2013-03-21 07:37 - 00000000 ____A C:\Windows\SysWOW64\FAPDBB9.tmp
2013-03-21 07:37 - 2013-03-21 07:37 - 00000000 ____A C:\Windows\SysWOW64\FAPD83B.tmp
2013-03-21 07:37 - 2013-03-21 07:37 - 00000000 ____A C:\Windows\SysWOW64\FAPD72C.tmp
2013-03-21 07:37 - 2013-03-21 07:37 - 00000000 ____A C:\Windows\SysWOW64\FAPD351.tmp
2013-03-21 07:37 - 2013-03-21 07:37 - 00000000 ____A C:\Windows\SysWOW64\FAP985.tmp
2013-03-21 07:36 - 2013-03-21 07:36 - 00000000 ____A C:\Windows\SysWOW64\FAP1A2F.tmp
2013-03-21 07:36 - 2013-03-21 07:36 - 00000000 ____A C:\Windows\SysWOW64\FAP14CD.tmp
2013-03-21 07:36 - 2013-03-21 07:36 - 00000000 ____A C:\Windows\SysWOW64\FAP13AF.tmp
2013-03-21 07:36 - 2013-03-21 07:36 - 00000000 ____A C:\Windows\SysWOW64\FAP136C.tmp
2013-03-21 07:35 - 2013-03-21 07:35 - 00000000 ____A C:\Windows\SysWOW64\FAPFF8C.tmp
2013-03-21 07:35 - 2013-03-21 07:35 - 00000000 ____A C:\Windows\SysWOW64\FAPF9EA.tmp
2013-03-21 07:35 - 2013-03-21 07:35 - 00000000 ____A C:\Windows\SysWOW64\FAPF821.tmp
2013-03-21 07:35 - 2013-03-21 07:35 - 00000000 ____A C:\Windows\SysWOW64\FAP35D.tmp
2013-03-21 07:35 - 2013-03-21 07:35 - 00000000 ____A C:\Windows\SysWOW64\FAP339.tmp
2013-03-21 07:23 - 2013-03-21 07:23 - 00000000 ____A C:\Windows\SysWOW64\FAPA5D8.tmp
2013-03-21 07:23 - 2013-03-21 07:23 - 00000000 ____A C:\Windows\SysWOW64\FAPA546.tmp
2013-03-21 06:59 - 2013-03-21 06:59 - 00000000 ____A C:\Windows\SysWOW64\FAPC8B.tmp
2013-03-21 06:57 - 2013-03-21 06:57 - 00000000 ____A C:\Windows\SysWOW64\FAP67CF.tmp
2013-03-21 06:56 - 2013-03-21 06:56 - 00000000 ____A C:\Windows\SysWOW64\FAP52B4.tmp
2013-03-21 06:56 - 2013-03-21 06:56 - 00000000 ____A C:\Windows\SysWOW64\FAP50BC.tmp
2013-03-21 06:55 - 2013-03-21 06:55 - 00000000 ____A C:\Windows\SysWOW64\FAP8AE9.tmp
2013-03-21 06:54 - 2013-03-21 06:54 - 00000000 ____A C:\Windows\SysWOW64\FAPFB87.tmp
2013-03-21 06:54 - 2013-03-21 06:54 - 00000000 ____A C:\Windows\SysWOW64\FAPEB8B.tmp
2013-03-21 06:54 - 2013-03-21 06:54 - 00000000 ____A C:\Windows\SysWOW64\FAP477.tmp
2013-03-21 06:54 - 2013-03-21 06:54 - 00000000 ____A C:\Windows\SysWOW64\FAP3E5.tmp
2013-03-21 06:54 - 2013-03-21 06:54 - 00000000 ____A C:\Windows\SysWOW64\FAP2A9C.tmp
2013-03-21 06:54 - 2013-03-21 06:54 - 00000000 ____A C:\Windows\SysWOW64\FAP29BC.tmp
2013-03-21 06:54 - 2013-03-21 06:54 - 00000000 ____A C:\Windows\SysWOW64\FAP20C2.tmp
2013-03-21 06:52 - 2013-03-21 06:52 - 00000000 ____A C:\Windows\SysWOW64\FAPFE12.tmp
2013-03-21 06:52 - 2013-03-21 06:52 - 00000000 ____A C:\Windows\SysWOW64\FAP6D62.tmp
2013-03-21 06:52 - 2013-03-21 06:52 - 00000000 ____A C:\Windows\SysWOW64\FAP6BE6.tmp
2013-03-21 06:11 - 2013-03-21 06:11 - 00000000 ____A C:\Windows\SysWOW64\FAP624A.tmp
2013-03-21 06:11 - 2013-03-21 06:11 - 00000000 ____A C:\Windows\SysWOW64\FAP60B0.tmp
2013-03-21 05:22 - 2013-03-21 05:22 - 00000000 ____A C:\Windows\SysWOW64\FAP2752.tmp
2013-03-21 05:16 - 2013-03-21 05:16 - 00000000 ____A C:\Windows\SysWOW64\FAPA3CC.tmp
2013-03-21 05:16 - 2013-03-21 05:16 - 00000000 ____A C:\Windows\SysWOW64\FAPA167.tmp
2013-03-21 05:13 - 2013-03-21 05:13 - 00000000 ____A C:\Windows\SysWOW64\FAPB188.tmp
2013-03-21 05:13 - 2013-03-21 05:13 - 00000000 ____A C:\Windows\SysWOW64\FAPA7A3.tmp
2013-03-21 05:13 - 2013-03-21 05:13 - 00000000 ____A C:\Windows\SysWOW64\FAP9B40.tmp
2013-03-21 05:11 - 2013-03-21 05:11 - 00000000 ____A C:\Windows\SysWOW64\FAPA3A3.tmp
2013-03-21 05:06 - 2013-03-21 05:06 - 00000000 ____A C:\Windows\SysWOW64\FAP5A7E.tmp
2013-03-21 05:06 - 2013-03-21 05:06 - 00000000 ____A C:\Windows\SysWOW64\FAP5599.tmp
2013-03-21 05:02 - 2013-03-21 05:02 - 00000000 ____A C:\Windows\SysWOW64\FAP21E7.tmp
2013-03-21 05:00 - 2013-03-21 05:00 - 00000000 ____A C:\Windows\SysWOW64\FAP1E0B.tmp
2013-03-21 04:33 - 2013-03-21 04:33 - 00000000 ____A C:\Windows\SysWOW64\FAPA73C.tmp
2013-03-21 04:33 - 2013-03-21 04:33 - 00000000 ____A C:\Windows\SysWOW64\FAP3E62.tmp
2013-03-21 04:28 - 2013-03-21 04:28 - 00000000 ____A C:\Windows\SysWOW64\FAPFE5B.tmp
2013-03-21 04:27 - 2013-03-21 04:27 - 00000000 ____A C:\Windows\SysWOW64\FAP7691.tmp
2013-03-21 04:27 - 2013-03-21 04:27 - 00000000 ____A C:\Windows\SysWOW64\FAP75F0.tmp
2013-03-21 04:26 - 2013-03-21 04:26 - 00000000 ____A C:\Windows\SysWOW64\FAP9B08.tmp
2013-03-21 04:25 - 2013-03-21 04:25 - 00000000 ____A C:\Windows\SysWOW64\FAP12A2.tmp
2013-03-21 04:24 - 2013-03-21 04:24 - 00000000 ____A C:\Windows\SysWOW64\FAP5A94.tmp
2013-03-21 04:23 - 2013-03-21 04:23 - 00000000 ____A C:\Windows\SysWOW64\FAP957D.tmp
2013-03-21 04:22 - 2013-03-21 04:22 - 00000000 ____A C:\Windows\SysWOW64\FAPF044.tmp
2013-03-21 04:21 - 2013-03-21 04:21 - 00000000 ____A C:\Windows\SysWOW64\FAP5C69.tmp
2013-03-21 04:16 - 2013-03-21 04:16 - 00000000 ____A C:\Windows\SysWOW64\FAP67D9.tmp
2013-03-21 04:13 - 2013-03-21 04:13 - 00000000 ____A C:\Windows\SysWOW64\FAPD343.tmp
2013-03-21 04:08 - 2013-03-21 04:08 - 00000000 ____A C:\Windows\SysWOW64\FAPBFCD.tmp
2013-03-21 04:07 - 2013-03-21 04:07 - 00000000 ____A C:\Windows\SysWOW64\FAP9159.tmp
2013-03-21 04:07 - 2013-03-21 04:07 - 00000000 ____A C:\Windows\SysWOW64\FAP90E7.tmp
2013-03-21 04:05 - 2013-03-21 04:05 - 00000000 ____A C:\Windows\SysWOW64\FAP3135.tmp
2013-03-21 04:05 - 2013-03-21 04:05 - 00000000 ____A C:\Windows\SysWOW64\FAP3046.tmp
2013-03-21 04:04 - 2013-03-21 04:04 - 00000000 ____A C:\Windows\SysWOW64\FAP472B.tmp
2013-03-21 04:04 - 2013-03-21 04:04 - 00000000 ____A C:\Windows\SysWOW64\FAP45FE.tmp
2013-03-20 13:43 - 2013-03-20 13:43 - 00000000 ____A C:\Windows\SysWOW64\FAPD7DB.tmp
2013-03-20 13:42 - 2013-03-20 13:42 - 00000000 ____A C:\Windows\SysWOW64\FAP89A7.tmp
2013-03-20 13:41 - 2013-03-20 13:41 - 00000000 ____A C:\Windows\SysWOW64\FAP8FF9.tmp
2013-03-20 13:41 - 2013-03-20 13:41 - 00000000 ____A C:\Windows\SysWOW64\FAP8D64.tmp
2013-03-20 12:40 - 2013-03-20 12:40 - 00000000 ____A C:\Windows\SysWOW64\FAPC1D6.tmp
2013-03-20 12:40 - 2013-03-20 12:40 - 00000000 ____A C:\Windows\SysWOW64\FAPBF42.tmp
2013-03-20 12:38 - 2013-03-20 12:38 - 00000000 ____A C:\Windows\SysWOW64\FAP81C0.tmp
2013-03-20 12:37 - 2013-03-20 12:37 - 00000000 ____A C:\Windows\SysWOW64\FAPCD1C.tmp
2013-03-20 12:26 - 2013-03-20 12:26 - 00000000 ____A C:\Windows\SysWOW64\FAPF432.tmp
2013-03-20 12:26 - 2013-03-20 12:26 - 00000000 ____A C:\Windows\SysWOW64\FAPDC59.tmp
2013-03-20 12:26 - 2013-03-20 12:26 - 00000000 ____A C:\Windows\SysWOW64\FAPCD08.tmp
2013-03-20 12:26 - 2013-03-20 12:26 - 00000000 ____A C:\Windows\SysWOW64\FAP151.tmp
2013-03-20 12:15 - 2013-03-20 12:15 - 00000000 ____A C:\Windows\SysWOW64\FAPF357.tmp
2013-03-20 12:13 - 2013-03-20 12:13 - 00000000 ____A C:\Windows\SysWOW64\FAPB72D.tmp
2013-03-20 12:13 - 2013-03-20 12:13 - 00000000 ____A C:\Windows\SysWOW64\FAPB18D.tmp
2013-03-20 12:13 - 2013-03-20 12:13 - 00000000 ____A C:\Windows\SysWOW64\FAPA806.tmp
2013-03-20 12:13 - 2013-03-20 12:13 - 00000000 ____A C:\Windows\SysWOW64\FAP9AC8.tmp
2013-03-20 12:13 - 2013-03-20 12:13 - 00000000 ____A C:\Windows\SysWOW64\FAP9622.tmp
2013-03-20 12:10 - 2013-03-20 12:10 - 00000000 ____A C:\Windows\SysWOW64\FAP346E.tmp
2013-03-20 12:10 - 2013-03-20 12:10 - 00000000 ____A C:\Windows\SysWOW64\FAP33BD.tmp
2013-03-20 11:49 - 2013-03-20 11:49 - 00000000 ____A C:\Windows\SysWOW64\FAP34FF.tmp
2013-03-20 11:49 - 2013-03-20 11:49 - 00000000 ____A C:\Windows\SysWOW64\FAP3384.tmp
2013-03-20 11:42 - 2013-03-20 11:42 - 00000000 ____A C:\Windows\SysWOW64\FAP6863.tmp
2013-03-20 11:42 - 2013-03-20 11:42 - 00000000 ____A C:\Windows\SysWOW64\FAP62A4.tmp
2013-03-20 11:41 - 2013-03-20 11:41 - 00000000 ____A C:\Windows\SysWOW64\FAPA460.tmp
2013-03-20 11:41 - 2013-03-20 11:41 - 00000000 ____A C:\Windows\SysWOW64\FAPA1CB.tmp
2013-03-20 11:38 - 2013-03-20 11:38 - 00000000 ____A C:\Windows\SysWOW64\FAP5F0C.tmp
2013-03-20 11:30 - 2013-03-20 11:30 - 00000000 ____A C:\Windows\SysWOW64\FAP3327.tmp
2013-03-20 11:22 - 2013-03-20 11:22 - 00000000 ____A C:\Windows\SysWOW64\FAPDCF7.tmp
2013-03-20 11:19 - 2013-03-20 11:19 - 00000000 ____A C:\Windows\SysWOW64\FAP6959.tmp
2013-03-20 11:12 - 2013-03-20 11:12 - 00000000 ____A C:\Windows\SysWOW64\FAP4FDB.tmp
2013-03-20 11:11 - 2013-03-20 11:11 - 00000000 ____A C:\Windows\SysWOW64\FAPEBC7.tmp
2013-03-20 11:10 - 2013-03-20 11:10 - 00000000 ____A C:\Windows\SysWOW64\FAPC385.tmp
2013-03-20 11:10 - 2013-03-20 11:10 - 00000000 ____A C:\Windows\SysWOW64\FAPA22B.tmp
2013-03-20 11:10 - 2013-03-20 11:10 - 00000000 ____A C:\Windows\SysWOW64\FAP6D01.tmp
2013-03-20 11:10 - 2013-03-20 11:10 - 00000000 ____A C:\Windows\SysWOW64\FAP69A2.tmp
2013-03-20 11:10 - 2013-03-20 11:10 - 00000000 ____A C:\Windows\SysWOW64\FAP40BA.tmp
2013-03-20 11:10 - 2013-03-20 11:10 - 00000000 ____A C:\Windows\SysWOW64\FAP4095.tmp
2013-03-20 11:09 - 2013-03-20 11:09 - 00000000 ____A C:\Windows\SysWOW64\FAPE0C1.tmp
2013-03-20 11:09 - 2013-03-20 11:09 - 00000000 ____A C:\Windows\SysWOW64\FAPB826.tmp
2013-03-20 11:09 - 2013-03-20 11:09 - 00000000 ____A C:\Windows\SysWOW64\FAP620A.tmp
2013-03-20 11:09 - 2013-03-20 11:09 - 00000000 ____A C:\Windows\SysWOW64\FAP31C2.tmp
2013-03-20 11:08 - 2013-03-20 11:08 - 00000000 ____A C:\Windows\SysWOW64\FAP610C.tmp
2013-03-20 11:02 - 2013-03-20 11:02 - 00000000 ____A C:\Windows\SysWOW64\FAPEDBC.tmp
2013-03-20 10:55 - 2013-03-20 10:55 - 00000000 ____A C:\Windows\SysWOW64\FAP89FA.tmp
2013-03-20 10:55 - 2013-03-20 10:55 - 00000000 ____A C:\Windows\SysWOW64\FAP735.tmp
2013-03-20 10:55 - 2013-03-20 10:55 - 00000000 ____A C:\Windows\SysWOW64\FAP6CE4.tmp
2013-03-20 10:55 - 2013-03-20 10:55 - 00000000 ____A C:\Windows\SysWOW64\FAP53F2.tmp
2013-03-20 10:47 - 2013-03-20 10:47 - 00000000 ____A C:\Windows\SysWOW64\FAP2544.tmp
2013-03-20 10:47 - 2013-03-20 10:47 - 00000000 ____A C:\Windows\SysWOW64\FAP23B9.tmp
2013-03-20 10:01 - 2013-03-20 10:01 - 00000000 ____D C:\Users\JB\AppData\Roaming\Dropbox
2013-03-20 06:15 - 2012-02-24 12:28 - 00010566 ____A C:\Users\JB\Desktop\index.php
2013-03-20 06:14 - 2013-03-20 06:16 - 00000000 ____D C:\Users\JB\Desktop\site
2013-03-11 11:57 - 2013-03-11 11:57 - 00000000 ____D C:\Users\cyg_server\AppData\Roaming\HpUpdate
2013-03-08 12:26 - 2013-03-08 12:26 - 01063792 ____A C:\Users\JB\Documents\jamilahassan-googleemailwithbestfriend.htm
2013-03-08 12:26 - 2013-03-08 12:26 - 00000000 ____D C:\Users\JB\Documents\jamilahassan-googleemailwithbestfriend_files
2013-03-08 10:29 - 2013-03-08 10:29 - 00000042 ____A C:\Users\JB\Documents\jannaweddings.txt

==================== One Month Modified Files and Folders =======

2013-04-07 04:49 - 2010-07-22 13:08 - 01119740 ____A C:\Windows\WindowsUpdate.log
2013-04-07 04:48 - 2012-10-14 18:02 - 00000404 ____A C:\Windows\Tasks\Final Media Player Update Checker.job
2013-04-07 04:48 - 2012-04-14 03:59 - 00000844 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2783456457-3716096558-3553906738-1001Core.job
2013-04-07 04:48 - 2011-05-18 05:39 - 00000000 ____D C:\Users\JB\AppData\Roaming\Skype
2013-04-07 04:42 - 2010-10-04 06:16 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-04-07 04:20 - 2011-01-14 10:22 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-04-07 04:09 - 2012-04-14 03:59 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2783456457-3716096558-3553906738-1001UA.job
2013-04-07 04:04 - 2012-06-12 05:06 - 00000000 ____D C:\Users\JB\Documents\Outlook Files
2013-04-07 04:01 - 2011-05-18 05:41 - 00000000 ____D C:\Users\JB\AppData\Roaming\skypePM
2013-04-07 03:33 - 2013-01-16 07:53 - 00000000 ____D C:\Users\JB\Desktop\w3b
2013-04-07 03:33 - 2009-07-13 21:13 - 00779700 ____A C:\Windows\System32\PerfStringBackup.INI
2013-04-07 03:32 - 2013-04-07 03:32 - 00000000 ____D C:\FRST
2013-04-07 00:29 - 2010-07-22 13:27 - 00005179 ____A C:\Windows\System32\Config.MPF
2013-04-06 16:32 - 2010-10-25 15:41 - 00000000 ____D C:\Users\JB\AppData\Roaming\BitTorrent
2013-04-06 10:47 - 2012-07-06 07:47 - 00000000 ____D C:\Users\JB\Desktop\Scrape
2013-04-06 06:20 - 2011-01-14 10:22 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-04-05 14:26 - 2010-10-03 08:37 - 00000000 ____D C:\Users\JB\AppData\Local\VirtualStore
2013-04-04 20:01 - 2011-05-18 05:41 - 00000000 ____D C:\ProgramData\Skype Extras
2013-04-04 05:54 - 2013-04-04 05:54 - 00000000 ____D C:\Users\JB\Desktop\upd
2013-04-04 04:33 - 2013-04-04 04:33 - 00001586 ____A C:\Users\JB\Documents\hummingbird-newyorkpsychic-followed-users.xml
2013-04-04 04:33 - 2013-03-04 15:24 - 00002607 ____A C:\Users\JB\Documents\hummingbird-newyorkpsychic-mutual-followers.xml
2013-04-04 04:33 - 2013-03-04 15:24 - 00000916 ____A C:\Users\JB\Documents\hummingbird-newyorkpsychic-unfollowed_users.xml
2013-04-04 04:16 - 2013-04-04 04:14 - 07483450 ____A C:\Users\JB\Desktop\UDesign 1.8.0 + Plugins.zip
2013-04-02 14:45 - 2012-06-26 18:16 - 00395776 __ASH C:\Users\JB\Desktop\Thumbs.db
2013-04-02 14:45 - 2010-10-27 13:11 - 00000000 ____D C:\Users\JB\AppData\Roaming\SoftGrid Client
2013-04-02 12:07 - 2009-07-13 20:45 - 00017952 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-04-02 12:07 - 2009-07-13 20:45 - 00017952 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-04-02 11:59 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-04-02 11:59 - 2009-07-13 20:51 - 00067776 ____A C:\Windows\setupact.log
2013-04-02 04:10 - 2012-10-26 15:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-04-01 06:12 - 2012-08-22 11:04 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-04-01 06:11 - 2013-04-01 06:11 - 00710504 ____A C:\Windows\is-1738N.exe
2013-04-01 06:11 - 2013-04-01 06:11 - 00011277 ____A C:\Windows\is-1738N.msg
2013-04-01 06:11 - 2013-04-01 06:11 - 00000392 ____A C:\Windows\is-1738N.lst
2013-04-01 06:11 - 2012-08-22 11:04 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-04-01 06:06 - 2010-07-22 13:35 - 00543342 ____A C:\Windows\PFRO.log
2013-03-31 21:00 - 2010-10-03 08:38 - 00000320 ____A C:\Windows\Tasks\McQcTask.job
2013-03-31 14:05 - 2013-01-03 06:29 - 00005699 ____A C:\Users\JB\Desktop\sayings.txt
2013-03-21 14:42 - 2013-03-21 14:42 - 00000000 ____A C:\Windows\SysWOW64\FAP745D.tmp
2013-03-21 14:42 - 2013-03-21 14:42 - 00000000 ____A C:\Windows\SysWOW64\FAP72C2.tmp
2013-03-21 14:12 - 2013-03-21 14:12 - 00000000 ____A C:\Windows\SysWOW64\FAP11C9.tmp
2013-03-21 14:11 - 2013-03-21 14:11 - 00000000 ____A C:\Windows\SysWOW64\FAPEA47.tmp
2013-03-21 14:11 - 2013-03-21 14:11 - 00000000 ____A C:\Windows\SysWOW64\FAPE61D.tmp
2013-03-21 14:10 - 2013-03-21 14:10 - 00000000 ____A C:\Windows\SysWOW64\FAPC0BD.tmp
2013-03-21 14:09 - 2013-03-21 14:09 - 00000000 ____A C:\Windows\SysWOW64\FAPBE77.tmp
2013-03-21 14:08 - 2013-03-21 14:08 - 00000000 ____A C:\Windows\SysWOW64\FAP7793.tmp
2013-03-21 14:08 - 2013-03-21 14:08 - 00000000 ____A C:\Windows\SysWOW64\FAP76E3.tmp
2013-03-21 13:57 - 2013-03-21 13:57 - 00000000 ____A C:\Windows\SysWOW64\FAPEE77.tmp
2013-03-21 13:57 - 2013-03-21 13:57 - 00000000 ____A C:\Windows\SysWOW64\FAP11B5.tmp
2013-03-21 13:56 - 2013-03-21 13:56 - 00000000 ____A C:\Windows\SysWOW64\FAPF8DA.tmp
2013-03-21 13:56 - 2013-03-21 13:56 - 00000000 ____A C:\Windows\SysWOW64\FAPF740.tmp
2013-03-21 13:56 - 2013-03-21 13:56 - 00000000 ____A C:\Windows\SysWOW64\FAPDB.tmp
2013-03-21 13:56 - 2013-03-21 13:56 - 00000000 ____A C:\Windows\SysWOW64\FAP265.tmp
2013-03-21 13:56 - 2013-03-21 13:56 - 00000000 ____A C:\Windows\SysWOW64\FAP212.tmp
2013-03-21 13:56 - 2013-03-21 13:56 - 00000000 ____A C:\Windows\SysWOW64\FAP1BF.tmp
2013-03-21 13:56 - 2013-03-21 13:56 - 00000000 ____A C:\Windows\SysWOW64\FAP14D.tmp
2013-03-21 13:56 - 2013-03-21 13:56 - 00000000 ____A C:\Windows\SysWOW64\FAP118C.tmp
2013-03-21 13:56 - 2013-03-21 13:56 - 00000000 ____A C:\Windows\SysWOW64\FAP10CC.tmp
2013-03-21 13:55 - 2013-03-21 13:55 - 00000000 ____A C:\Windows\SysWOW64\FAP7465.tmp
2013-03-21 13:55 - 2013-03-21 13:55 - 00000000 ____A C:\Windows\SysWOW64\FAP73A5.tmp
2013-03-21 13:50 - 2013-03-21 13:50 - 00000000 ____A C:\Windows\SysWOW64\FAPFD0A.tmp
2013-03-21 13:49 - 2013-03-21 13:49 - 00000000 ____A C:\Windows\SysWOW64\FAPDDC2.tmp
2013-03-21 13:49 - 2013-03-21 13:49 - 00000000 ____A C:\Windows\SysWOW64\FAPDCD3.tmp
2013-03-21 13:46 - 2013-03-21 13:46 - 00000000 ____A C:\Windows\SysWOW64\FAPCE58.tmp
2013-03-21 13:46 - 2013-03-21 13:46 - 00000000 ____A C:\Windows\SysWOW64\FAP5B31.tmp
2013-03-21 13:46 - 2013-03-21 13:46 - 00000000 ____A C:\Windows\SysWOW64\FAP5AFD.tmp
2013-03-21 13:46 - 2013-03-21 13:46 - 00000000 ____A C:\Windows\SysWOW64\FAP5AD9.tmp
2013-03-21 13:46 - 2013-03-21 13:46 - 00000000 ____A C:\Windows\SysWOW64\FAP484D.tmp
2013-03-21 13:43 - 2013-03-21 13:43 - 00000000 ____A C:\Windows\SysWOW64\FAP8E19.tmp
2013-03-21 13:43 - 2013-03-21 13:43 - 00000000 ____A C:\Windows\SysWOW64\FAP55C5.tmp
2013-03-21 13:43 - 2013-03-21 13:43 - 00000000 ____A C:\Windows\SysWOW64\FAP5582.tmp
2013-03-21 13:43 - 2013-03-21 13:43 - 00000000 ____A C:\Windows\SysWOW64\FAP54F1.tmp
2013-03-21 13:43 - 2013-03-21 13:43 - 00000000 ____A C:\Windows\SysWOW64\FAP19C0.tmp
2013-03-21 13:42 - 2013-03-21 13:42 - 00000000 ____A C:\Windows\SysWOW64\FAPE218.tmp
2013-03-21 13:42 - 2013-03-21 13:42 - 00000000 ____A C:\Windows\SysWOW64\FAPB49D.tmp
2013-03-21 13:42 - 2013-03-21 13:42 - 00000000 ____A C:\Windows\SysWOW64\FAP9361.tmp
2013-03-21 13:42 - 2013-03-21 13:42 - 00000000 ____A C:\Windows\SysWOW64\FAP90DD.tmp
2013-03-21 13:42 - 2013-03-21 13:42 - 00000000 ____A C:\Windows\SysWOW64\FAP7D58.tmp
2013-03-21 13:42 - 2013-03-21 13:42 - 00000000 ____A C:\Windows\SysWOW64\FAP74AB.tmp
2013-03-21 13:41 - 2013-03-21 13:41 - 00000000 ____A C:\Windows\SysWOW64\FAPA5D4.tmp
2013-03-21 13:41 - 2013-03-21 13:41 - 00000000 ____A C:\Windows\SysWOW64\FAP953C.tmp
2013-03-21 13:41 - 2013-03-21 13:41 - 00000000 ____A C:\Windows\SysWOW64\FAP82CE.tmp
2013-03-21 13:41 - 2013-03-21 13:41 - 00000000 ____A C:\Windows\SysWOW64\FAP7E08.tmp
2013-03-21 13:38 - 2013-03-21 13:38 - 00000000 ____A C:\Windows\SysWOW64\FAP9B34.tmp
2013-03-21 13:38 - 2013-03-21 13:38 - 00000000 ____A C:\Windows\SysWOW64\FAP9AC2.tmp
2013-03-21 12:58 - 2013-03-21 12:58 - 00000000 ____A C:\Windows\SysWOW64\FAP3150.tmp
2013-03-21 12:58 - 2013-03-21 12:58 - 00000000 ____A C:\Windows\SysWOW64\FAP2FF4.tmp
2013-03-21 12:55 - 2013-03-21 12:55 - 00000000 ____A C:\Windows\SysWOW64\FAP97F4.tmp
2013-03-21 12:46 - 2013-03-21 12:46 - 00000000 ____A C:\Windows\SysWOW64\FAPA94D.tmp
2013-03-21 12:46 - 2013-03-21 12:46 - 00000000 ____A C:\Windows\SysWOW64\FAPA6B9.tmp
2013-03-21 12:44 - 2013-03-21 12:44 - 00000000 ____A C:\Windows\SysWOW64\FAPB8FC.tmp
2013-03-21 12:44 - 2013-03-21 12:44 - 00000000 ____A C:\Windows\SysWOW64\FAPB501.tmp
2013-03-21 12:34 - 2013-03-21 12:34 - 00000000 ____A C:\Windows\SysWOW64\FAP812F.tmp
2013-03-21 12:34 - 2013-03-21 12:34 - 00000000 ____A C:\Windows\SysWOW64\FAP7FB4.tmp
2013-03-21 12:34 - 2013-03-21 12:34 - 00000000 ____A C:\Windows\SysWOW64\FAP64FE.tmp
2013-03-21 12:33 - 2013-03-21 12:33 - 00000000 ____A C:\Windows\SysWOW64\FAP19B7.tmp
2013-03-21 12:30 - 2013-03-21 12:30 - 00000000 ____A C:\Windows\SysWOW64\FAP3EBF.tmp
2013-03-21 12:30 - 2013-03-21 12:30 - 00000000 ____A C:\Windows\SysWOW64\FAP3E2D.tmp
2013-03-21 12:29 - 2013-03-21 12:29 - 00000000 ____A C:\Windows\SysWOW64\FAPB828.tmp
2013-03-21 12:29 - 2013-03-21 12:29 - 00000000 ____A C:\Windows\SysWOW64\FAPB352.tmp
2013-03-21 12:22 - 2013-03-21 12:22 - 00000000 ____A C:\Windows\SysWOW64\FAPFF26.tmp
2013-03-21 12:22 - 2013-03-21 12:22 - 00000000 ____A C:\Windows\SysWOW64\FAPA2.tmp
2013-03-21 12:17 - 2013-03-21 12:17 - 00000000 ____A C:\Windows\SysWOW64\FAPFB16.tmp
2013-03-21 12:17 - 2013-03-21 12:17 - 00000000 ____A C:\Windows\SysWOW64\FAPF585.tmp
2013-03-21 12:10 - 2013-03-21 12:10 - 00000000 ____A C:\Windows\SysWOW64\FAP9B35.tmp
2013-03-21 12:00 - 2013-03-21 12:00 - 00000000 ____A C:\Windows\SysWOW64\FAP880D.tmp
2013-03-21 12:00 - 2013-03-21 12:00 - 00000000 ____A C:\Windows\SysWOW64\FAP7EC5.tmp
2013-03-21 11:58 - 2013-03-21 11:58 - 00000000 ____A C:\Windows\SysWOW64\FAPBF29.tmp
2013-03-21 11:57 - 2013-03-21 11:57 - 00000000 ____A C:\Windows\SysWOW64\FAP1E63.tmp
2013-03-21 11:55 - 2013-03-21 11:55 - 00000000 ____A C:\Windows\SysWOW64\FAPC2C7.tmp
2013-03-21 11:54 - 2013-03-21 11:54 - 00000000 ____A C:\Windows\SysWOW64\FAP4EAC.tmp
2013-03-21 11:41 - 2013-03-21 11:41 - 00000000 ____A C:\Windows\SysWOW64\FAPBBDB.tmp
2013-03-21 11:41 - 2013-03-21 11:41 - 00000000 ____A C:\Windows\SysWOW64\FAPB438.tmp
2013-03-21 11:41 - 2013-03-21 11:41 - 00000000 ____A C:\Windows\SysWOW64\FAP9AD8.tmp
2013-03-21 11:41 - 2013-03-21 11:41 - 00000000 ____A C:\Windows\SysWOW64\FAP901A.tmp
2013-03-21 11:41 - 2013-03-21 11:41 - 00000000 ____A C:\Windows\SysWOW64\FAP8AC7.tmp
2013-03-21 11:41 - 2013-03-21 11:41 - 00000000 ____A C:\Windows\SysWOW64\FAP8891.tmp
2013-03-21 11:41 - 2013-03-21 11:41 - 00000000 ____A C:\Windows\SysWOW64\FAP8409.tmp
2013-03-21 11:41 - 2013-03-21 11:41 - 00000000 ____A C:\Windows\SysWOW64\FAP7DCD.tmp
2013-03-21 11:41 - 2013-03-21 11:41 - 00000000 ____A C:\Windows\SysWOW64\FAP72EF.tmp
2013-03-21 11:41 - 2013-03-21 11:41 - 00000000 ____A C:\Windows\SysWOW64\FAP6EF4.tmp
2013-03-21 11:41 - 2013-03-21 11:41 - 00000000 ____A C:\Windows\SysWOW64\FAP6B09.tmp
2013-03-21 11:41 - 2013-03-21 11:41 - 00000000 ____A C:\Windows\SysWOW64\FAP694F.tmp
2013-03-21 11:41 - 2013-03-21 11:41 - 00000000 ____A C:\Windows\SysWOW64\FAP6860.tmp
2013-03-21 11:39 - 2013-03-21 11:39 - 00000000 ____A C:\Windows\SysWOW64\FAPC173.tmp
2013-03-21 11:39 - 2013-03-21 11:39 - 00000000 ____A C:\Windows\SysWOW64\FAPBE71.tmp
2013-03-21 11:34 - 2013-03-21 11:34 - 00000000 ____A C:\Windows\SysWOW64\FAPF850.tmp
2013-03-21 11:34 - 2013-03-21 11:34 - 00000000 ____A C:\Windows\SysWOW64\FAPF58D.tmp
2013-03-21 11:32 - 2013-03-21 11:32 - 00000000 ____A C:\Windows\SysWOW64\FAP3381.tmp
2013-03-21 09:01 - 2013-03-21 09:01 - 00000000 ____A C:\Windows\SysWOW64\FAPF5A0.tmp
2013-03-21 09:01 - 2013-03-21 09:01 - 00000000 ____A C:\Windows\SysWOW64\FAPF1F3.tmp
2013-03-21 09:00 - 2013-03-21 09:00 - 00000000 ____A C:\Windows\SysWOW64\FAPAA15.tmp
2013-03-21 08:59 - 2013-03-21 08:59 - 00000000 ____A C:\Windows\SysWOW64\FAP6C74.tmp
2013-03-21 08:59 - 2013-03-21 08:59 - 00000000 ____A C:\Windows\SysWOW64\FAP69C1.tmp
2013-03-21 08:59 - 2013-03-21 08:59 - 00000000 ____A C:\Windows\SysWOW64\FAP5A70.tmp
2013-03-21 08:59 - 2013-03-21 08:59 - 00000000 ____A C:\Windows\SysWOW64\FAP4EE7.tmp
2013-03-21 08:59 - 2013-03-21 08:59 - 00000000 ____A C:\Windows\SysWOW64\FAP4D9A.tmp
2013-03-21 08:59 - 2013-03-21 08:59 - 00000000 ____A C:\Windows\SysWOW64\FAP46A3.tmp
2013-03-21 08:53 - 2013-03-21 08:53 - 00000000 ____A C:\Windows\SysWOW64\FAP407.tmp
2013-03-21 08:52 - 2013-03-21 08:52 - 00000000 ____A C:\Windows\SysWOW64\FAP5912.tmp
2013-03-21 08:52 - 2013-03-21 08:52 - 00000000 ____A C:\Windows\SysWOW64\FAP5871.tmp
2013-03-21 08:52 - 2013-03-21 08:52 - 00000000 ____A C:\Windows\SysWOW64\FAP563B.tmp
2013-03-21 08:52 - 2013-03-21 08:52 - 00000000 ____A C:\Windows\SysWOW64\FAP4841.tmp
2013-03-21 08:52 - 2013-03-21 08:52 - 00000000 ____A C:\Windows\SysWOW64\FAP455F.tmp
2013-03-21 08:52 - 2013-03-21 08:52 - 00000000 ____A C:\Windows\SysWOW64\FAP3C45.tmp
2013-03-21 08:50 - 2013-03-21 08:50 - 00000000 ____A C:\Windows\SysWOW64\FAP691A.tmp
2013-03-21 08:48 - 2013-03-21 08:48 - 00000000 ____A C:\Windows\SysWOW64\FAP1931.tmp
2013-03-21 08:45 - 2013-03-21 08:45 - 00000000 ____A C:\Windows\SysWOW64\FAPCBE.tmp
2013-03-21 08:45 - 2013-03-21 08:45 - 00000000 ____A C:\Windows\SysWOW64\FAP3A5D.tmp
2013-03-21 08:45 - 2013-03-21 08:45 - 00000000 ____A C:\Windows\SysWOW64\FAP39CC.tmp
2013-03-21 08:44 - 2013-03-21 08:44 - 00000000 ____A C:\Windows\SysWOW64\FAP9E91.tmp
2013-03-21 08:44 - 2013-03-21 08:44 - 00000000 ____A C:\Windows\SysWOW64\FAP9D26.tmp
2013-03-21 08:44 - 2013-03-21 08:44 - 00000000 ____A C:\Windows\SysWOW64\FAP9CC3.tmp
2013-03-21 08:44 - 2013-03-21 08:44 - 00000000 ____A C:\Windows\SysWOW64\FAP9C12.tmp
2013-03-21 08:44 - 2013-03-21 08:44 - 00000000 ____A C:\Windows\SysWOW64\FAP8F51.tmp
2013-03-21 08:44 - 2013-03-21 08:44 - 00000000 ____A C:\Windows\SysWOW64\FAP8F0E.tmp
2013-03-21 08:44 - 2013-03-21 08:44 - 00000000 ____A C:\Windows\SysWOW64\FAP8EBB.tmp
2013-03-21 08:44 - 2013-03-21 08:44 - 00000000 ____A C:\Windows\SysWOW64\FAP67F4.tmp
2013-03-21 08:44 - 2013-03-21 08:44 - 00000000 ____A C:\Windows\SysWOW64\FAP65EC.tmp
2013-03-21 08:44 - 2013-03-21 08:44 - 00000000 ____A C:\Windows\SysWOW64\FAP651C.tmp
2013-03-21 08:44 - 2013-03-21 08:44 - 00000000 ____A C:\Windows\SysWOW64\FAP6391.tmp
2013-03-21 08:44 - 2013-03-21 08:44 - 00000000 ____A C:\Windows\SysWOW64\FAP5099.tmp
2013-03-21 08:44 - 2013-03-21 08:44 - 00000000 ____A C:\Windows\SysWOW64\FAP5046.tmp
2013-03-21 08:44 - 2013-03-21 08:44 - 00000000 ____A C:\Windows\SysWOW64\FAP4F47.tmp
2013-03-21 08:43 - 2013-03-21 08:43 - 00000000 ____A C:\Windows\SysWOW64\FAPF40E.tmp
2013-03-21 08:43 - 2013-03-21 08:43 - 00000000 ____A C:\Windows\SysWOW64\FAPF0BF.tmp
2013-03-21 08:43 - 2013-03-21 08:43 - 00000000 ____A C:\Windows\SysWOW64\FAPE0E.tmp
2013-03-21 08:43 - 2013-03-21 08:43 - 00000000 ____A C:\Windows\SysWOW64\FAPD4E.tmp
2013-03-21 08:40 - 2013-03-21 08:40 - 00000000 ____A C:\Windows\SysWOW64\FAPC537.tmp
2013-03-21 08:40 - 2013-03-21 08:40 - 00000000 ____A C:\Windows\SysWOW64\FAPC34F.tmp
2013-03-21 07:58 - 2013-03-21 07:58 - 00000000 ____A C:\Windows\SysWOW64\FAP6878.tmp
2013-03-21 07:58 - 2013-03-21 07:58 - 00000000 ____A C:\Windows\SysWOW64\FAP673B.tmp
2013-03-21 07:58 - 2013-03-21 07:58 - 00000000 ____A C:\Windows\SysWOW64\FAP132D.tmp
2013-03-21 07:48 - 2013-03-21 07:48 - 00000000 ____A C:\Windows\SysWOW64\FAP68E7.tmp
2013-03-21 07:48 - 2013-03-21 07:48 - 00000000 ____A C:\Windows\SysWOW64\FAP6671.tmp
2013-03-21 07:48 - 2013-03-21 07:48 - 00000000 ____A C:\Windows\SysWOW64\FAP63FC.tmp
2013-03-21 07:47 - 2013-03-21 07:47 - 00000000 ____A C:\Windows\SysWOW64\FAP6C6F.tmp
2013-03-21 07:47 - 2013-03-21 07:47 - 00000000 ____A C:\Windows\SysWOW64\FAP6C0C.tmp
2013-03-21 07:47 - 2013-03-21 07:47 - 00000000 ____A C:\Windows\SysWOW64\FAP662D.tmp
2013-03-21 07:47 - 2013-03-21 07:47 - 00000000 ____A C:\Windows\SysWOW64\FAP654D.tmp
2013-03-21 07:45 - 2013-03-21 07:45 - 00000000 ____A C:\Windows\SysWOW64\FAPA73D.tmp
2013-03-21 07:45 - 2013-03-21 07:45 - 00000000 ____A C:\Windows\SysWOW64\FAP9F4A.tmp
2013-03-21 07:45 - 2013-03-21 07:45 - 00000000 ____A C:\Windows\SysWOW64\FAP9E6A.tmp
2013-03-21 07:45 - 2013-03-21 07:45 - 00000000 ____A C:\Windows\SysWOW64\FAP9947.tmp
2013-03-21 07:45 - 2013-03-21 07:45 - 00000000 ____A C:\Windows\SysWOW64\FAP9674.tmp
2013-03-21 07:42 - 2013-03-21 07:42 - 00000000 ____A C:\Windows\SysWOW64\FAPFFDE.tmp
2013-03-21 07:42 - 2013-03-21 07:42 - 00000000 ____A C:\Windows\SysWOW64\FAPFE82.tmp
2013-03-21 07:42 - 2013-03-21 07:42 - 00000000 ____A C:\Windows\SysWOW64\FAPC90.tmp
2013-03-21 07:42 - 2013-03-21 07:42 - 00000000 ____A C:\Windows\SysWOW64\FAPB72.tmp
2013-03-21 07:42 - 2013-03-21 07:42 - 00000000 ____A C:\Windows\SysWOW64\FAP9A9.tmp
2013-03-21 07:42 - 2013-03-21 07:42 - 00000000 ____A C:\Windows\SysWOW64\FAP8E9.tmp
2013-03-21 07:42 - 2013-03-21 07:42 - 00000000 ____A C:\Windows\SysWOW64\FAP8B5.tmp
2013-03-21 07:42 - 2013-03-21 07:42 - 00000000 ____A C:\Windows\SysWOW64\FAP787.tmp
2013-03-21 07:42 - 2013-03-21 07:42 - 00000000 ____A C:\Windows\SysWOW64\FAP58F.tmp
2013-03-21 07:41 - 2013-03-21 07:41 - 00000000 ____A C:\Windows\SysWOW64\FAP7560.tmp
2013-03-21 07:41 - 2013-03-21 07:41 - 00000000 ____A C:\Windows\SysWOW64\FAP7404.tmp
2013-03-21 07:41 - 2013-03-21 07:41 - 00000000 ____A C:\Windows\SysWOW64\FAP1627.tmp
2013-03-21 07:41 - 2013-03-21 07:41 - 00000000 ____A C:\Windows\SysWOW64\FAP140E.tmp
2013-03-21 07:41 - 2013-03-21 07:41 - 00000000 ____A C:\Windows\SysWOW64\FAP117A.tmp
2013-03-21 07:41 - 2013-03-21 07:41 - 00000000 ____A C:\Windows\SysWOW64\FAP105C.tmp
2013-03-21 07:40 - 2013-03-21 07:40 - 00000000 ____A C:\Windows\SysWOW64\FAPDBC0.tmp
2013-03-21 07:40 - 2013-03-21 07:40 - 00000000 ____A C:\Windows\SysWOW64\FAPBDC0.tmp
2013-03-21 07:38 - 2013-03-21 07:38 - 00000000 ____A C:\Windows\SysWOW64\FAPF07B.tmp
2013-03-21 07:38 - 2013-03-21 07:38 - 00000000 ____A C:\Windows\SysWOW64\FAPEC22.tmp
2013-03-21 07:37 - 2013-03-21 07:37 - 00000000 ____A C:\Windows\SysWOW64\FAPFBD8.tmp
2013-03-21 07:37 - 2013-03-21 07:37 - 00000000 ____A C:\Windows\SysWOW64\FAPF770.tmp
2013-03-21 07:37 - 2013-03-21 07:37 - 00000000 ____A C:\Windows\SysWOW64\FAPF51A.tmp
2013-03-21 07:37 - 2013-03-21 07:37 - 00000000 ____A C:\Windows\SysWOW64\FAPDBB9.tmp
2013-03-21 07:37 - 2013-03-21 07:37 - 00000000 ____A C:\Windows\SysWOW64\FAPD83B.tmp
2013-03-21 07:37 - 2013-03-21 07:37 - 00000000 ____A C:\Windows\SysWOW64\FAPD72C.tmp
2013-03-21 07:37 - 2013-03-21 07:37 - 00000000 ____A C:\Windows\SysWOW64\FAPD351.tmp
2013-03-21 07:37 - 2013-03-21 07:37 - 00000000 ____A C:\Windows\SysWOW64\FAP985.tmp
2013-03-21 07:36 - 2013-03-21 07:36 - 00000000 ____A C:\Windows\SysWOW64\FAP1A2F.tmp
2013-03-21 07:36 - 2013-03-21 07:36 - 00000000 ____A C:\Windows\SysWOW64\FAP14CD.tmp
2013-03-21 07:36 - 2013-03-21 07:36 - 00000000 ____A C:\Windows\SysWOW64\FAP13AF.tmp
2013-03-21 07:36 - 2013-03-21 07:36 - 00000000 ____A C:\Windows\SysWOW64\FAP136C.tmp
2013-03-21 07:35 - 2013-03-21 07:35 - 00000000 ____A C:\Windows\SysWOW64\FAPFF8C.tmp
2013-03-21 07:35 - 2013-03-21 07:35 - 00000000 ____A C:\Windows\SysWOW64\FAPF9EA.tmp
2013-03-21 07:35 - 2013-03-21 07:35 - 00000000 ____A C:\Windows\SysWOW64\FAPF821.tmp
2013-03-21 07:35 - 2013-03-21 07:35 - 00000000 ____A C:\Windows\SysWOW64\FAP35D.tmp
2013-03-21 07:35 - 2013-03-21 07:35 - 00000000 ____A C:\Windows\SysWOW64\FAP339.tmp
2013-03-21 07:23 - 2013-03-21 07:23 - 00000000 ____A C:\Windows\SysWOW64\FAPA5D8.tmp
2013-03-21 07:23 - 2013-03-21 07:23 - 00000000 ____A C:\Windows\SysWOW64\FAPA546.tmp
2013-03-21 06:59 - 2013-03-21 06:59 - 00000000 ____A C:\Windows\SysWOW64\FAPC8B.tmp
2013-03-21 06:57 - 2013-03-21 06:57 - 00000000 ____A C:\Windows\SysWOW64\FAP67CF.tmp
2013-03-21 06:56 - 2013-03-21 06:56 - 00000000 ____A C:\Windows\SysWOW64\FAP52B4.tmp
2013-03-21 06:56 - 2013-03-21 06:56 - 00000000 ____A C:\Windows\SysWOW64\FAP50BC.tmp
2013-03-21 06:55 - 2013-03-21 06:55 - 00000000 ____A C:\Windows\SysWOW64\FAP8AE9.tmp
2013-03-21 06:54 - 2013-03-21 06:54 - 00000000 ____A C:\Windows\SysWOW64\FAPFB87.tmp
2013-03-21 06:54 - 2013-03-21 06:54 - 00000000 ____A C:\Windows\SysWOW64\FAPEB8B.tmp
2013-03-21 06:54 - 2013-03-21 06:54 - 00000000 ____A C:\Windows\SysWOW64\FAP477.tmp
2013-03-21 06:54 - 2013-03-21 06:54 - 00000000 ____A C:\Windows\SysWOW64\FAP3E5.tmp
2013-03-21 06:54 - 2013-03-21 06:54 - 00000000 ____A C:\Windows\SysWOW64\FAP2A9C.tmp
2013-03-21 06:54 - 2013-03-21 06:54 - 00000000 ____A C:\Windows\SysWOW64\FAP29BC.tmp
2013-03-21 06:54 - 2013-03-21 06:54 - 00000000 ____A C:\Windows\SysWOW64\FAP20C2.tmp
2013-03-21 06:52 - 2013-03-21 06:52 - 00000000 ____A C:\Windows\SysWOW64\FAPFE12.tmp
2013-03-21 06:52 - 2013-03-21 06:52 - 00000000 ____A C:\Windows\SysWOW64\FAP6D62.tmp
2013-03-21 06:52 - 2013-03-21 06:52 - 00000000 ____A C:\Windows\SysWOW64\FAP6BE6.tmp
2013-03-21 06:11 - 2013-03-21 06:11 - 00000000 ____A C:\Windows\SysWOW64\FAP624A.tmp
2013-03-21 06:11 - 2013-03-21 06:11 - 00000000 ____A C:\Windows\SysWOW64\FAP60B0.tmp
2013-03-21 05:22 - 2013-03-21 05:22 - 00000000 ____A C:\Windows\SysWOW64\FAP2752.tmp
2013-03-21 05:16 - 2013-03-21 05:16 - 00000000 ____A C:\Windows\SysWOW64\FAPA3CC.tmp
2013-03-21 05:16 - 2013-03-21 05:16 - 00000000 ____A C:\Windows\SysWOW64\FAPA167.tmp
2013-03-21 05:13 - 2013-03-21 05:13 - 00000000 ____A C:\Windows\SysWOW64\FAPB188.tmp
2013-03-21 05:13 - 2013-03-21 05:13 - 00000000 ____A C:\Windows\SysWOW64\FAPA7A3.tmp
2013-03-21 05:13 - 2013-03-21 05:13 - 00000000 ____A C:\Windows\SysWOW64\FAP9B40.tmp
2013-03-21 05:11 - 2013-03-21 05:11 - 00000000 ____A C:\Windows\SysWOW64\FAPA3A3.tmp
2013-03-21 05:06 - 2013-03-21 05:06 - 00000000 ____A C:\Windows\SysWOW64\FAP5A7E.tmp
2013-03-21 05:06 - 2013-03-21 05:06 - 00000000 ____A C:\Windows\SysWOW64\FAP5599.tmp
2013-03-21 05:02 - 2013-03-21 05:02 - 00000000 ____A C:\Windows\SysWOW64\FAP21E7.tmp
2013-03-21 05:00 - 2013-03-21 05:00 - 00000000 ____A C:\Windows\SysWOW64\FAP1E0B.tmp
2013-03-21 04:33 - 2013-03-21 04:33 - 00000000 ____A C:\Windows\SysWOW64\FAPA73C.tmp
2013-03-21 04:33 - 2013-03-21 04:33 - 00000000 ____A C:\Windows\SysWOW64\FAP3E62.tmp
2013-03-21 04:28 - 2013-03-21 04:28 - 00000000 ____A C:\Windows\SysWOW64\FAPFE5B.tmp
2013-03-21 04:27 - 2013-03-21 04:27 - 00000000 ____A C:\Windows\SysWOW64\FAP7691.tmp
2013-03-21 04:27 - 2013-03-21 04:27 - 00000000 ____A C:\Windows\SysWOW64\FAP75F0.tmp
2013-03-21 04:26 - 2013-03-21 04:26 - 00000000 ____A C:\Windows\SysWOW64\FAP9B08.tmp
2013-03-21 04:25 - 2013-03-21 04:25 - 00000000 ____A C:\Windows\SysWOW64\FAP12A2.tmp
2013-03-21 04:24 - 2013-03-21 04:24 - 00000000 ____A C:\Windows\SysWOW64\FAP5A94.tmp
2013-03-21 04:23 - 2013-03-21 04:23 - 00000000 ____A C:\Windows\SysWOW64\FAP957D.tmp
2013-03-21 04:22 - 2013-03-21 04:22 - 00000000 ____A C:\Windows\SysWOW64\FAPF044.tmp
2013-03-21 04:21 - 2013-03-21 04:21 - 00000000 ____A C:\Windows\SysWOW64\FAP5C69.tmp
2013-03-21 04:16 - 2013-03-21 04:16 - 00000000 ____A C:\Windows\SysWOW64\FAP67D9.tmp
2013-03-21 04:13 - 2013-03-21 04:13 - 00000000 ____A C:\Windows\SysWOW64\FAPD343.tmp
2013-03-21 04:08 - 2013-03-21 04:08 - 00000000 ____A C:\Windows\SysWOW64\FAPBFCD.tmp
2013-03-21 04:07 - 2013-03-21 04:07 - 00000000 ____A C:\Windows\SysWOW64\FAP9159.tmp
2013-03-21 04:07 - 2013-03-21 04:07 - 00000000 ____A C:\Windows\SysWOW64\FAP90E7.tmp
2013-03-21 04:05 - 2013-03-21 04:05 - 00000000 ____A C:\Windows\SysWOW64\FAP3135.tmp
2013-03-21 04:05 - 2013-03-21 04:05 - 00000000 ____A C:\Windows\SysWOW64\FAP3046.tmp
2013-03-21 04:04 - 2013-03-21 04:04 - 00000000 ____A C:\Windows\SysWOW64\FAP472B.tmp
2013-03-21 04:04 - 2013-03-21 04:04 - 00000000 ____A C:\Windows\SysWOW64\FAP45FE.tmp
2013-03-20 13:43 - 2013-03-20 13:43 - 00000000 ____A C:\Windows\SysWOW64\FAPD7DB.tmp
2013-03-20 13:42 - 2013-03-20 13:42 - 00000000 ____A C:\Windows\SysWOW64\FAP89A7.tmp
2013-03-20 13:41 - 2013-03-20 13:41 - 00000000 ____A C:\Windows\SysWOW64\FAP8FF9.tmp
2013-03-20 13:41 - 2013-03-20 13:41 - 00000000 ____A C:\Windows\SysWOW64\FAP8D64.tmp
2013-03-20 12:40 - 2013-03-20 12:40 - 00000000 ____A C:\Windows\SysWOW64\FAPC1D6.tmp
2013-03-20 12:40 - 2013-03-20 12:40 - 00000000 ____A C:\Windows\SysWOW64\FAPBF42.tmp
2013-03-20 12:38 - 2013-03-20 12:38 - 00000000 ____A C:\Windows\SysWOW64\FAP81C0.tmp
2013-03-20 12:37 - 2013-03-20 12:37 - 00000000 ____A C:\Windows\SysWOW64\FAPCD1C.tmp
2013-03-20 12:26 - 2013-03-20 12:26 - 00000000 ____A C:\Windows\SysWOW64\FAPF432.tmp
2013-03-20 12:26 - 2013-03-20 12:26 - 00000000 ____A C:\Windows\SysWOW64\FAPDC59.tmp
2013-03-20 12:26 - 2013-03-20 12:26 - 00000000 ____A C:\Windows\SysWOW64\FAPCD08.tmp
2013-03-20 12:26 - 2013-03-20 12:26 - 00000000 ____A C:\Windows\SysWOW64\FAP151.tmp
2013-03-20 12:15 - 2013-03-20 12:15 - 00000000 ____A C:\Windows\SysWOW64\FAPF357.tmp
2013-03-20 12:13 - 2013-03-20 12:13 - 00000000 ____A C:\Windows\SysWOW64\FAPB72D.tmp
2013-03-20 12:13 - 2013-03-20 12:13 - 00000000 ____A C:\Windows\SysWOW64\FAPB18D.tmp
2013-03-20 12:13 - 2013-03-20 12:13 - 00000000 ____A C:\Windows\SysWOW64\FAPA806.tmp
2013-03-20 12:13 - 2013-03-20 12:13 - 00000000 ____A C:\Windows\SysWOW64\FAP9AC8.tmp
2013-03-20 12:13 - 2013-03-20 12:13 - 00000000 ____A C:\Windows\SysWOW64\FAP9622.tmp
2013-03-20 12:10 - 2013-03-20 12:10 - 00000000 ____A C:\Windows\SysWOW64\FAP346E.tmp
2013-03-20 12:10 - 2013-03-20 12:10 - 00000000 ____A C:\Windows\SysWOW64\FAP33BD.tmp
2013-03-20 11:49 - 2013-03-20 11:49 - 00000000 ____A C:\Windows\SysWOW64\FAP34FF.tmp
2013-03-20 11:49 - 2013-03-20 11:49 - 00000000 ____A C:\Windows\SysWOW64\FAP3384.tmp
2013-03-20 11:42 - 2013-03-20 11:42 - 00000000 ____A C:\Windows\SysWOW64\FAP6863.tmp
2013-03-20 11:42 - 2013-03-20 11:42 - 00000000 ____A C:\Windows\SysWOW64\FAP62A4.tmp
2013-03-20 11:41 - 2013-03-20 11:41 - 00000000 ____A C:\Windows\SysWOW64\FAPA460.tmp
2013-03-20 11:41 - 2013-03-20 11:41 - 00000000 ____A C:\Windows\SysWOW64\FAPA1CB.tmp
2013-03-20 11:38 - 2013-03-20 11:38 - 00000000 ____A C:\Windows\SysWOW64\FAP5F0C.tmp
2013-03-20 11:30 - 2013-03-20 11:30 - 00000000 ____A C:\Windows\SysWOW64\FAP3327.tmp
2013-03-20 11:22 - 2013-03-20 11:22 - 00000000 ____A C:\Windows\SysWOW64\FAPDCF7.tmp
2013-03-20 11:19 - 2013-03-20 11:19 - 00000000 ____A C:\Windows\SysWOW64\FAP6959.tmp
2013-03-20 11:12 - 2013-03-20 11:12 - 00000000 ____A C:\Windows\SysWOW64\FAP4FDB.tmp
2013-03-20 11:11 - 2013-03-20 11:11 - 00000000 ____A C:\Windows\SysWOW64\FAPEBC7.tmp
2013-03-20 11:10 - 2013-03-20 11:10 - 00000000 ____A C:\Windows\SysWOW64\FAPC385.tmp
2013-03-20 11:10 - 2013-03-20 11:10 - 00000000 ____A C:\Windows\SysWOW64\FAPA22B.tmp
2013-03-20 11:10 - 2013-03-20 11:10 - 00000000 ____A C:\Windows\SysWOW64\FAP6D01.tmp
2013-03-20 11:10 - 2013-03-20 11:10 - 00000000 ____A C:\Windows\SysWOW64\FAP69A2.tmp
2013-03-20 11:10 - 2013-03-20 11:10 - 00000000 ____A C:\Windows\SysWOW64\FAP40BA.tmp
2013-03-20 11:10 - 2013-03-20 11:10 - 00000000 ____A C:\Windows\SysWOW64\FAP4095.tmp
2013-03-20 11:09 - 2013-03-20 11:09 - 00000000 ____A C:\Windows\SysWOW64\FAPE0C1.tmp
2013-03-20 11:09 - 2013-03-20 11:09 - 00000000 ____A C:\Windows\SysWOW64\FAPB826.tmp
2013-03-20 11:09 - 2013-03-20 11:09 - 00000000 ____A C:\Windows\SysWOW64\FAP620A.tmp
2013-03-20 11:09 - 2013-03-20 11:09 - 00000000 ____A C:\Windows\SysWOW64\FAP31C2.tmp
2013-03-20 11:08 - 2013-03-20 11:08 - 00000000 ____A C:\Windows\SysWOW64\FAP610C.tmp
2013-03-20 11:02 - 2013-03-20 11:02 - 00000000 ____A C:\Windows\SysWOW64\FAPEDBC.tmp
2013-03-20 10:55 - 2013-03-20 10:55 - 00000000 ____A C:\Windows\SysWOW64\FAP89FA.tmp
2013-03-20 10:55 - 2013-03-20 10:55 - 00000000 ____A C:\Windows\SysWOW64\FAP735.tmp
2013-03-20 10:55 - 2013-03-20 10:55 - 00000000 ____A C:\Windows\SysWOW64\FAP6CE4.tmp
2013-03-20 10:55 - 2013-03-20 10:55 - 00000000 ____A C:\Windows\SysWOW64\FAP53F2.tmp
2013-03-20 10:48 - 2011-05-18 05:38 - 00000000 ____D C:\ProgramData\Skype
2013-03-20 10:47 - 2013-03-20 10:47 - 00000000 ____A C:\Windows\SysWOW64\FAP2544.tmp
2013-03-20 10:47 - 2013-03-20 10:47 - 00000000 ____A C:\Windows\SysWOW64\FAP23B9.tmp
2013-03-20 10:01 - 2013-03-20 10:01 - 00000000 ____D C:\Users\JB\AppData\Roaming\Dropbox
2013-03-20 06:16 - 2013-03-20 06:14 - 00000000 ____D C:\Users\JB\Desktop\site
2013-03-14 21:05 - 2010-10-03 08:38 - 00000342 ____A C:\Windows\Tasks\McDefragTask.job
2013-03-11 11:57 - 2013-03-11 11:57 - 00000000 ____D C:\Users\cyg_server\AppData\Roaming\HpUpdate
2013-03-08 12:26 - 2013-03-08 12:26 - 01063792 ____A C:\Users\JB\Documents\jamilahassan-googleemailwithbestfriend.htm
2013-03-08 12:26 - 2013-03-08 12:26 - 00000000 ____D C:\Users\JB\Documents\jamilahassan-googleemailwithbestfriend_files
2013-03-08 10:29 - 2013-03-08 10:29 - 00000042 ____A C:\Users\JB\Documents\jannaweddings.txt

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-2783456457-3716096558-3553906738-1001\$7b2b2a70dcd9d3882e6ed639b90ec2f7

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$7b2b2a70dcd9d3882e6ed639b90ec2f7

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================


==================== Memory info ===========================

Percentage of memory in use: 15%
Total physical RAM: 4061.18 MB
Available physical RAM: 3426.18 MB
Total Pagefile: 4059.32 MB
Available Pagefile: 3427.07 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:571 GB) (Free:471 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive f: () (Removable) (Total:3.6 GB) (Free:3.56 GB) FAT32
8 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
9 Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 596 GB 0 B
Disk 1 Online 3699 MB 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 No Media 0 B 0 B

Partitions of Disk 0:
===============

Disk ID: B6CB762D

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 571 GB 101 MB
Partition 3 OEM 25 GB 571 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM RESE NTFS Partition 100 MB Healthy

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 571 GB Healthy

=========================================================

Disk: 0
Partition 3
Type : 12
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 8 LENOVO_PART NTFS Partition 25 GB Healthy Hidden

=========================================================

Partitions of Disk 1:
===============

Disk ID: C3072E18

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3698 MB 852 KB

==================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F FAT32 Removable 3698 MB Healthy

=========================================================
============================== MBR Partition Table ==================

==============================
Partitions of Disk 0:
===============
Disk ID: B6CB762D

Partition 1:
=========
Hex: 8020210007DF130C0008000000200300
Active: YES
Type: 07 (NTFS)
Size: 100 MB

Partition 2:
=========
Hex: 00DF140C07FEFFFF0028030000006047
Active: NO
Type: 07 (NTFS)
Size: 571 GB

Partition 3:
=========
Hex: 00FEFFFF12FEFFFF00286347B05A2203
Active: NO
Type: 12
Size: 25 GB

==============================
Partitions of Disk 1:
===============
Disk ID: C3072E18

Partition 1:
=========
Hex: 800101000C7FF6ABA806000058917300
Active: YES
Type: 0C
Size: 4 GB


Last Boot: 2013-03-24 20:30

==================== End Of Log =============================

Attached Files

  • Attached File  FRST.txt   64.85KB   2 downloads

Edited by Oh My, 07 April 2013 - 08:23 AM.


#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,407 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:18 PM

Posted 07 April 2013 - 09:14 PM

Greetings,

Could you tell me who your internet provider is?

There is some stuff we need to clean up but I must first advise you of the following.

===================================================

BACKDOOR WARNING!

--------------------

One or more of the identified infections is a Backdoor Trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation. Please let me know if you have already noticed evidences of financial institution irregularities.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

===================================================

P2P Warning

--------------------

Going over your logs I noticed that you have Bit Torrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall Bit Torrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Farbar's Recovery Scan Tool - Run Fix

--------------------
  • From a clean computer press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it on the flashdrive as fixlist.txt
HKU\JB\...\Run: [IBP] [x]
ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-2783456457-3716096558-3553906738-1001\$7b2b2a70dcd9d3882e6ed639b90ec2f7
ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$7b2b2a70dcd9d3882e6ed639b90ec2f7
  • Insert the USB device into your infected computer
  • Enter the System Recovery Options (press F8 during boot up) and select Command Prompt.
  • Run FRST as you did the first time and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the flashdrive (Fixlog.txt) please post it to your reply.
  • Please attempt to boot your computer into Normal Mode and check your computer performance
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST.txt
  • Who is your internet provider?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 nycpsychic

nycpsychic
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:02:18 PM

Posted 08 April 2013 - 09:59 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2013
Ran by SYSTEM at 2013-04-08 10:50:02 Run:1
Running from F:\

==============================================

HKEY_USERS\JB\Software\Microsoft\Windows\CurrentVersion\Run\\IBP Value deleted successfully.
C:\$Recycle.Bin\S-1-5-21-2783456457-3716096558-3553906738-1001\$7b2b2a70dcd9d3882e6ed639b90ec2f7 moved successfully.
C:\$Recycle.Bin\S-1-5-18\$7b2b2a70dcd9d3882e6ed639b90ec2f7 moved successfully.

==== End of Fixlog ====

 

internet provider time warner cable



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,407 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:18 PM

Posted 08 April 2013 - 10:13 AM

Greetings,

Thanks for the information.

There are numerous temporary files on your computer. Although they can be deleted I am trying to figure out if they are associated with a legitimate program or not.

I will be away from my computer for a bit but if you could look at the string of entries like the one below, and look at the dates/times they were created to see if they make sense to you.

At first glance it appears they may be associated with a Fair Access Policy (FAP) but that is typically a part of HughesNet. Here is an example:

2013-03-21 14:42 - 2013-03-21 14:42 - 00000000 ____A C:\Windows\SysWOW64\FAP745D.tmp
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 nycpsychic

nycpsychic
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:02:18 PM

Posted 08 April 2013 - 10:40 AM

I really don't know about these files b,.c i keep getting my firefox stuck kona5.kontera.com url and my flash goes out too



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,407 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:18 PM

Posted 08 April 2013 - 02:23 PM

Greetings,

Please attempt to run this program.

===================================================

RogueKiller by Tigzy

--------------------
  • Download RogueKiller and save it to your desktop
  • Close all running programs
  • For Vista/7 users right click on the icon and select Run as Administrator
  • For Windows XP simply double click on the icon
  • When prompted, Click Scan
  • When the Status box shows Scan Finished click Delete
  • Click Report
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it winlogon.exe (or winlogon.com) and try again
  • Copy and paste the contents of the report in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • RogueKiller log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 nycpsychic

nycpsychic
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:02:18 PM

Posted 08 April 2013 - 02:49 PM

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : JB [Admin rights]
Mode : Remove -- Date : 04/08/2013 15:46:56
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[STARTUP][SUSP PATH] Best Buy pc app.lnk @Default : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe [-] -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\windows\system32\drivers\etc\hosts

127.0.0.1 serial.alcohol-soft.com
127.0.0.1 www.alcohol-soft.com
127.0.0.1 images.alcohol-soft.com
127.0.0.1 trial.alcohol-soft.com
127.0.0.1 alcohol-soft.com
127.0.0.1 link-assistant.com
127.0.0.1 www.link-assistant.com


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD6400AAKS-08A7B2 ATA Device +++++
--- User ---
[MBR] 9c45d51ac7cdb1422eb2153be6f2848f
[BSP] 9c4449abde75e740e709f36018ba71a6 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 584704 Mo
2 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 1197680640 | Size: 25675 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: USB Device +++++
--- User ---
[MBR] 202134250be6f4fa92a9eef0596ddc8f
[BSP] 33a07a59d299ab4ea9f4ab0156f9d86f : Windows XP MBR Code
Partition table:
0 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 1704 | Size: 3698 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[2]_D_04082013_02d1546.txt >>
RKreport[1]_S_04082013_02d1545.txt ; RKreport[2]_D_04082013_02d1546.txt


 



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,407 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:18 PM

Posted 08 April 2013 - 03:00 PM

Greetings,

Thank you for the log. Can you tell me if this is still true?

I have to click 3 times to get anything done. can't download programs b/c it says can't unpack dll.

Please run the following program for me.

===================================================

Run Combofix in Vista/7

--------------------

Combofix is a very powerful tool and special attention must be taken to allow it to work properly. Please pay careful attention to the following instructions.

sUBs, the author of Combofix, recommends you to uninstall AVG or CA Internet Security before running the program. If you have either of these programs on your computer please uninstall them using AppRemover which can be downloaded here. We will be sure to reinstall the Antivirus program once we are finished using Combofix.
  • Please download ComboFix from one of these locations:

BleepingComputer
ForoSpyware

  • Save Combofix.exe to your Desktop <-- Important!!!
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts. It is important you do not mouseclick while the program is running or it may stall.
Note #1: Often times it may appear as if ComboFix has stopped working. To verify it is still running please do one of the following below. If, based on the below, you have concluded ComboFix has stopped running please stop and advise me.
  • Check your computer clock. If it is still running then so is ComboFix
  • Open Task Manager and select the Applications Tab. If the status of AutoScan is Running, then ComboFix is running
  • Open Task Manager and select the Processes Tab. Under Image Name look for files ending in .3xe. If there are fluctuating numbers under CPU and Mem Usage then ComboFix is running
Note #2: If you receive the following error "Illegal operation attempted on a registery key that has been marked for deletion" please just restart your computer to resolve this issue

If Combofix fails to run properly using the above instructions please attempt the following:
  • Right click on the Combofix icon on your desktop and select Delete
  • Download a new copy but rename it to freshcopy.exe first, then save it to your desktop
  • Now download RKill.exe (or RKill renamed as iExplore.exe if the first one doesn't work properly) and save it to your desktop
  • Restart your computer in Safe Mode
  • Right click on RKill (or iExplore) and select Run as Administrator. If you are using Windows XP simply double click the icon
  • A black DOS screen should flash and disappear. If not, try to launch the program with the second file. If neither works please stop and let me know
  • When RKill is finished running you will be presented with a text file and a copy will be saved on your desktop. Copy and paste the contents of this report in your reply
  • Do not reboot your computer
  • Double click the freshcopy.exe icon (renamed Combofix file)
  • When finished, it will produce a log. Please copy and paste the C:\Combofix.txt log information in your next reply
  • If you disabled your antivirus please enable it again. If you uninstalled it please wait for instructions to reinstall it
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Combofix log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 nycpsychic

nycpsychic
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:02:18 PM

Posted 09 April 2013 - 07:12 AM

the comp won't run the combofix say can't intialize pluggins, so i had to run rkill

 

Rkill 2.4.7 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 04/09/2013 08:04:32 AM in x64 mode.
Windows Version: Windows 7 Home Premium

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * Explorer Policy Removed:  NoActiveDesktopChanges [HKLM]

Backup Registry file created at:
 C:\Users\JB\Desktop\rkill\rkill-04-09-2013-08-04-32.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * Base Filtering Engine (BFE) is not Running.
   Startup Type set to: Automatic

 * DHCP Client (Dhcp) is not Running.
   Startup Type set to: Automatic

 * DNS Client (Dnscache) is not Running.
   Startup Type set to: Automatic

 * COM+ Event System (EventSystem) is not Running.
   Startup Type set to: Automatic

 * Windows Firewall (MpsSvc) is not Running.
   Startup Type set to: Automatic

 * Network Connections (Netman) is not Running.
   Startup Type set to: Manual

 * Network Store Interface Service (nsi) is not Running.
   Startup Type set to: Automatic

 * Security Center (wscsvc) is not Running.
   Startup Type set to: Automatic (Delayed Start)

 * Windows Update (wuauserv) is not Running.
   Startup Type set to: Automatic (Delayed Start)

 * Ancillary Function Driver for Winsock (AFD) is not Running.
   Startup Type set to: System

 * Windows Firewall Authorization Driver (mpsdrv) is not Running.
   Startup Type set to: Manual

 * NetBT (NetBT) is not Running.
   Startup Type set to: System

 * NSI proxy service driver. (nsiproxy) is not Running.
   Startup Type set to: System

 * TCP/IP Protocol Driver (Tcpip) is not Running.
   Startup Type set to: System

 * NetIO Legacy TDI Support Driver (tdx) is not Running.
   Startup Type set to: System

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1 serial.alcohol-soft.com
  127.0.0.1 www.alcohol-soft.com
  127.0.0.1 images.alcohol-soft.com
  127.0.0.1 trial.alcohol-soft.com
  127.0.0.1 alcohol-soft.com
  127.0.0.1 link-assistant.com
  127.0.0.1 www.link-assistant.com

Program finished at: 04/09/2013 08:04:40 AM
Execution time: 0 hours(s), 0 minute(s), and 8 seconds(s)
 



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,407 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:18 PM

Posted 09 April 2013 - 09:17 AM

Greetings,

Let's gather some additional information. Please do this for me.

===================================================

Farbar's Service Scanner

--------------------
  • Please download Farbar Service Scanner, save it to your desktop, and run it.
  • Make sure the following options are checked:

Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender
Other Services

  • Press Scan
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FSS log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 nycpsychic

nycpsychic
  • Topic Starter

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Local time:02:18 PM

Posted 09 April 2013 - 09:33 AM

Farbar Service Scanner Version: 03-03-2013
Ran by JB (administrator) on 09-04-2013 at 10:32:31
Running from "C:\Users\JB\Desktop"
Windows 7 Home Premium  (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Attempt to access Yahoo IP returned error. Yahoo IP is offline
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll
[2012-06-25 03:18] - [2012-04-24 01:59] - 0182272 ____A (Microsoft Corporation) F02786B66375292E58C8777082D4396D

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,407 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:18 PM

Posted 09 April 2013 - 10:44 AM

Thank you for the log. Could you please return to Post #11, consider the question I posed and provide me with an update.

 

Thanks


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users