Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Phantom iexplore.exe processes launching following recent malware infection


  • This topic is locked This topic is locked
21 replies to this topic

#1 9001M

9001M

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:11:23 PM

Posted 18 March 2014 - 10:33 PM

I need your help with getting rid of a strange malware-ish remnant left over from a recent series of serious malware infections on a Win7 Pro laptop.  After completing the most recent malware recovery, I’m seeing the following remaining issue:

 

Within a few minutes of a fresh boot, a pair of iexplore.exe processes start up (with no corresponding IE window).  If connected to the Internet, they’ll continually grow in size (I'm assuming they're downloading something).  Also, if left uninterrupted, a second pair will launch in a few minutes, and finally a third pair.  Again, if connected to the Internet and left uninterrupted, they’ll all continually grow in size.  If I disconnect the laptop from the network, they’ll stay static in size, but you can see them repeatedly making connection attempts.  If I kill the processes, they’ll restart within a few minutes.  After about 9 or 10 process-kills, they finally stop launching.

 

Because of the severity of the last infection, I’m not brave enough to let them run to conclusion to see what they’re up to…

 

I’ve run full scans with the following tools, none of which find any threats:
 

-  Rkill
-  TDSSKiller
-  Malwarebytes AntiMalware
-  Malwarebytes Anti-Rootkit
-  Microsoft Security Essentials

 

Below is the text from the DDS log and I’ve attached the DDS Attach.txt file.

 

If it would be helpful, I can provide the Rkill and MBAM logs from the most recent and previous infections (they were pretty ugly).

 

Thanks!

 

Steve

-------------------------

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16540
Run by Grumpy at 20:15:21 on 2014-03-18
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.6019.4137 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\637\g2ax_service.exe
c:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\637\g2ax_comm_customer.exe
C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\637\g2ax_system_customer.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\637\g2ax_user_customer.exe
C:\Windows\system32\taskeng.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe
C:\Users\Grumpy\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
C:\Windows\System32\regsvr32.exe
C:\Program Files (x86)\Corel\WordPerfect Office 2000\Register\Remind32.exe
C:\Program Files (x86)\Corel\WordPerfect Office 2000\programs\dad9.exe
C:\Program Files (x86)\Palm\Hotsync.exe
C:\Program Files (x86)\Common Files\AOL\1379051753\ee\aolsoftware.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe
C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
C:\Windows\SysWOW64\regsvr32.exe
C:\Users\Grumpy\AppData\Local\Apps\2.0\C51MZHV9.3VV\XW7145QD.M14\dell..tion_0f612f649c4a10af_0005.0004_3ddfe37344028d2c\DellSystemDetect.exe
C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\mobsync.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
C:\Program Files\Intel\TurboBoost\TurboBoost.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/
uURLSearchHooks: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - <orphaned>
mWinlogon: Userinit = userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL
TB: QuickShare Widget: {ae07101b-46d4-4a98-af68-0333ea26e113} -
uRun: [DellSystemDetect] C:\Users\Grumpy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms
uRun: [HP Photosmart 7520 series (NET)] "C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN35S491W805YZ:NW" -scfn "HP Photosmart 7520 series (NET)" -AutoStart 1
uRun: [SkyDrive] "C:\Users\Grumpy\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
uRun: [Ulvmedia] regsvr32.exe C:\Users\Grumpy\AppData\Local\Ulvmedia\NetCommsXx64.dll
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [HostManager] C:\Program Files (x86)\Common Files\AOL\1379051753\ee\AOLSoftware.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
StartupFolder: C:\Users\Grumpy\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\INTEL(~1.LNK - C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe
StartupFolder: C:\Users\Grumpy\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SENDTO~1.LNK - C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CORELR~1.LNK - C:\Program Files (x86)\Corel\WordPerfect Office 2000\Register\Remind32.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DESKTO~1.LNK - C:\Program Files (x86)\Corel\WordPerfect Office 2000\programs\dad9.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HOTSYN~1.LNK - C:\Program Files (x86)\Palm\Hotsync.exe
uPolicies-Explorer: HideSCAHealth = dword:1
uPolicies-Explorer: TaskbarNoNotification = dword:1
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-Explorer: TaskbarNoNotification = dword:1
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
Trusted Zone: dell.com
TCP: NameServer = 10.0.0.1
TCP: Interfaces\{3867EECA-27E4-4413-B7C7-BD86B023F7C3} : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{990B8610-BA27-44BF-BB03-66FD367D5F3B} : DHCPNameServer = 192.168.1.254
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: QuickShare WidgetEngine: {31ad400d-1b06-4e33-a59a-90c2c140cba0} -
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
x64-TB: QuickShare Widget: {ae07101b-46d4-4a98-af68-0333ea26e113} -
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX4
x64-Run: [AthBtTray] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\athbttray.exe"
x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\btvstack.exe"
x64-Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [QuickSet] c:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: GoToAssist Express Customer - C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\637\g2ax_winlogonx64.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2013-8-29 652344]
R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2013-8-29 28216]
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2013-8-29 20464]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2013-8-29 98208]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe [2013-2-6 204928]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
R2 GoToAssist Remote Support Customer;GoToAssist Remote Support Customer;C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\637\g2ax_service.exe [2014-2-11 610888]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-8-29 14904]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-8-29 165760]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2013-6-7 376144]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2013-4-30 16056]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\System32\drivers\LMIRfsDriver.sys [2013-9-6 72216]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-6-18 134944]
R2 OfficeSvc;Microsoft Office Service;C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-12-11 1907896]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2013-8-29 201872]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2013-8-29 1695040]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2012-5-30 16168]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-8-29 364416]
R2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [2013-8-29 81536]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2013-2-6 168064]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2013-2-6 281728]
R3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2013-2-6 551552]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2013-8-29 342528]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2013-8-29 358896]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2013-8-29 792560]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUVStor.sys [2013-8-29 315536]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-8-29 726160]
R3 SmbDrvI;SmbDrvI;C:\Windows\System32\drivers\Smb_driver_Intel.sys [2013-8-29 32136]
R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.6;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2012-5-30 149544]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2013-2-6 36480]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2013-2-6 341120]
S3 btath_avdt;Atheros Bluetooth AVDT Service;C:\Windows\System32\drivers\btath_avdt.sys [2013-2-6 111232]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2013-2-6 68736]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2013-8-29 57856]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-9-12 1512448]
S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2014-3-17 31800]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-9-6 1255736]
.
=============== Created Last 30 ================
.
2014-03-19 02:00:01 -------- d-----w- C:\Windows\Migration
2014-03-19 01:52:38 -------- d-----r- C:\Program Files (x86)\Skype
2014-03-19 01:50:47 163504 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2014-03-19 00:19:00 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2014-03-19 00:17:33 2871808 ----a-w- C:\Windows\explorer.exe
2014-03-18 23:50:30 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2014-03-18 23:50:30 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2014-03-18 23:50:29 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2014-03-18 23:50:29 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2014-03-18 23:35:16 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2014-03-18 23:15:35 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2014-03-18 23:15:35 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2014-03-18 23:15:35 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2014-03-18 23:15:35 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2014-03-18 23:15:34 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2014-03-18 23:15:34 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2014-03-18 23:15:34 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2014-03-18 23:11:22 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2014-03-18 23:11:21 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2014-03-18 23:11:21 5120 ----a-w- C:\Windows\System32\wmi.dll
2014-03-18 23:03:41 723456 ----a-w- C:\Windows\System32\EncDec.dll
2014-03-18 23:03:41 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2014-03-18 23:03:11 362496 ----a-w- C:\Windows\System32\wow64win.dll
2014-03-18 23:03:10 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2014-03-18 23:03:09 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2014-03-18 23:01:59 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-03-18 23:00:59 395776 ----a-w- C:\Windows\System32\webio.dll
2014-03-18 22:59:55 216576 ----a-w- C:\Windows\System32\ncsi.dll
2014-03-18 22:58:59 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2014-03-18 22:57:58 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-03-18 22:56:59 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2014-03-18 03:56:25 -------- d-----w- C:\Users\Grumpy\AppData\Local\VS Revo Group
2014-03-18 03:56:19 -------- d-----w- C:\ProgramData\VS Revo Group
2014-03-18 03:56:18 31800 ----a-w- C:\Windows\System32\drivers\revoflt.sys
2014-03-18 03:56:16 -------- d-----w- C:\Program Files\VS Revo Group
2014-03-18 02:15:15 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-18 02:15:13 119000 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-03-18 02:10:13 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-03-18 01:41:56 10521840 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{966158D3-2626-44E7-B158-38F652A169E8}\mpengine.dll
2014-03-18 01:38:10 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2014-03-18 01:38:10 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2014-03-18 01:38:10 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2014-03-18 01:33:42 -------- d-----w- C:\Users\Grumpy\AppData\Local\Deployment
2014-03-18 01:27:50 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2014-03-18 01:27:21 99840 ----a-w- C:\Windows\System32\wudriver.dll
2014-03-18 01:27:02 36864 ----a-w- C:\Windows\System32\wuapp.exe
2014-03-18 01:27:02 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2014-03-18 01:26:57 -------- d-sh--w- C:\Recovery
2014-03-18 01:13:54 -------- d-----w- C:\Windows\Panther
2014-03-18 01:05:23 -------- d-----w- C:\Program Files\Microsoft Games
2014-03-18 00:52:02 -------- d--h--w- C:\$WINDOWS.~Q
2014-03-18 00:46:00 -------- d--h--w- C:\$INPLACE.~TR
2014-03-18 00:18:43 -------- d-----w- C:\Windows\System32\SRSLabs
2014-03-18 00:18:03 -------- d-----w- C:\Program Files\Realtek
2014-03-18 00:18:01 -------- d-----w- C:\Windows\SysWow64\RTCOM
2014-03-18 00:17:58 56832 ----a-w- C:\Windows\System32\OpenCL.DLL
2014-03-18 00:17:58 56320 ----a-w- C:\Windows\SysWow64\OpenCL.DLL
2014-03-18 00:17:28 -------- d-----w- C:\Program Files\Synaptics
2014-03-17 18:41:09 -------- d-----w- C:\Windows\pss
2014-03-05 19:26:16 1031560 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{411BADEE-6E33-4FB5-8D58-16C62050F8B6}\gapaengine.dll
2014-03-05 19:25:39 10536864 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-02-26 21:56:22 -------- d-----w- C:\Program Files (x86)\DriverUpdate
2014-02-26 05:56:54 -------- d-----w- C:\Users\Grumpy\AppData\Local\SearchProtect
2014-02-22 06:11:55 -------- d-----w- C:\Users\Grumpy\AppData\Roaming\DriverCure
2014-02-22 06:11:03 -------- d-----w- C:\Program Files (x86)\Common Files\ParetoLogic
.
==================== Find3M  ====================
.
2014-03-18 01:39:52 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-03-18 01:39:51 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-23 06:54:58 2334720 ----a-w- C:\Windows\System32\jscript9.dll
2014-02-23 06:48:31 1392128 ----a-w- C:\Windows\System32\wininet.dll
2014-02-23 06:46:42 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-02-23 06:45:36 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-02-23 06:45:27 599040 ----a-w- C:\Windows\System32\vbscript.dll
2014-02-23 05:47:19 1806848 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-02-23 05:40:18 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-02-23 05:39:28 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-02-23 05:38:08 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-02-23 05:37:49 421376 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-02-23 05:36:22 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-02-11 14:18:30 169544 ----a-w- C:\Windows\System32\g2ax_credential_provider64_637.dll
2014-02-07 01:23:30 3156480 ----a-w- C:\Windows\System32\win32k.sys
2014-02-04 02:32:12 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-02-04 02:04:11 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-01-29 02:32:18 484864 ----a-w- C:\Windows\System32\wer.dll
2014-01-29 02:06:47 381440 ----a-w- C:\Windows\SysWow64\wer.dll
2014-01-28 23:30:52 92488 ----a-w- C:\Windows\System32\LMIinit.dll
2014-01-28 23:30:52 35656 ----a-w- C:\Windows\System32\LMIport.dll
2014-01-28 23:30:52 107368 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll
2014-01-28 02:32:46 228864 ----a-w- C:\Windows\System32\wwansvc.dll
2014-01-19 07:33:29 270496 ------w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 20:16:45.62 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:09:23 AM

Posted 20 March 2014 - 12:42 AM

Hello! Welcome to BleepingComputer Forums! :welcome:
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

 

Regards,

Georgi


cXfZ4wS.png


#3 9001M

9001M
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:11:23 PM

Posted 20 March 2014 - 01:39 PM

Hi Georgi, thanks for your help!  I've pasted the contents of the FRST.txt log below.

 

For the life of me, I can't figure out how to attach the Addition.txt file you requested.  I didn't have any problem attaching the first file (Attach.txt) with my initial post.  But now, I can't find an attachment button or link anywhere...

 

Looking forward to the next steps...

 

Steve

--------------------------------

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Grumpy (administrator) on GRUMPY-PC on 20-03-2014 10:56:59
Running from C:\Users\Grumpy\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\637\g2ax_service.exe
(Intel® Corporation) c:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\637\g2ax_comm_customer.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\637\g2ax_system_customer.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\637\g2ax_user_customer.exe
(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe
(Microsoft Corporation) C:\Users\Grumpy\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(IntelliQuest Communications, Inc.) C:\Program Files (x86)\Corel\WordPerfect Office 2000\Register\Remind32.exe
(Corel Corporation Limited) C:\Program Files (x86)\Corel\WordPerfect Office 2000\programs\dad9.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(AOL Inc.) C:\Program Files (x86)\Common Files\AOL\1379051753\ee\aolsoftware.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(PalmSource, Inc) C:\Program Files (x86)\Palm\Hotsync.exe
(Intel® Corporation) C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Dell) C:\Users\Grumpy\AppData\Local\Apps\2.0\C51MZHV9.3VV\XW7145QD.M14\dell..tion_0f612f649c4a10af_0005.0004_3ddfe37344028d2c\DellSystemDetect.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel® Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\system32\wbem\WMIADAP.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6846096 2012-11-19] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1253520 2012-11-19] (Realtek Semiconductor)
HKLM\...\Run: [AthBtTray] - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\athbttray.exe [801920 2013-02-06] (Atheros Commnucations)
HKLM\...\Run: [AtherosBtStack] - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\btvstack.exe [1023104 2013-02-06] (Atheros Commnucations)
HKLM\...\Run: [IntelTBRunOnce] - wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [LogMeIn GUI] - C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2013-04-30] (LogMeIn, Inc.)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [QuickSet] - c:\Program Files\Dell\QuickSet\QuickSet.exe [5762408 2013-03-05] (Dell Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3010952 2012-12-20] (Synaptics Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [HostManager] - C:\Program Files (x86)\Common Files\AOL\1379051753\ee\AOLSoftware.exe [41800 2010-03-08] (AOL Inc.)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [285240 2012-11-19] (Intel Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] - C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-09-17] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl9] - C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2010-10-01] (CyberLink Corp.)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-02-22] (Intel Corporation)
Winlogon\Notify\GoToAssist Express Customer: C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\637\g2ax_winlogonx64.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKU\S-1-5-21-2453122031-3096254195-2089459957-1001\...\Run: [DellSystemDetect] - C:\Users\Grumpy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms
HKU\S-1-5-21-2453122031-3096254195-2089459957-1001\...\Run: [HP Photosmart 7520 series (NET)] - C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-2453122031-3096254195-2089459957-1001\...\Run: [SkyDrive] - C:\Users\Grumpy\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257224 2014-02-19] (Microsoft Corporation)
HKU\S-1-5-21-2453122031-3096254195-2089459957-1001\...\Run: [Ulvmedia] - regsvr32.exe C:\Users\Grumpy\AppData\Local\Ulvmedia\NetCommsXx64.dll <===== ATTENTION
HKU\S-1-5-21-2453122031-3096254195-2089459957-1001\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-2453122031-3096254195-2089459957-1001\...\Policies\Explorer: [TaskbarNoNotification] 1
Startup: C:\Users\Grumpy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.6.lnk
ShortcutTarget: Intel® Turbo Boost Technology Monitor 2.6.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)
Startup: C:\Users\Grumpy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?pc=DCJB
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
URLSearchHook: HKCU - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {25E844D3-D334-481A-8F42-6E751C3B77E9} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=DCJB
SearchScopes: HKLM - {25E844D3-D334-481A-8F42-6E751C3B77E9} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=DCJB
SearchScopes: HKLM-x32 - DefaultScope {25E844D3-D334-481A-8F42-6E751C3B77E9} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=DCJB
SearchScopes: HKLM-x32 - {25E844D3-D334-481A-8F42-6E751C3B77E9} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=DCJB
SearchScopes: HKCU - DefaultScope {25E844D3-D334-481A-8F42-6E751C3B77E9} URL =
SearchScopes: HKCU - {25E844D3-D334-481A-8F42-6E751C3B77E9} URL =
SearchScopes: HKCU - {63515A16-3C58-439F-9B83-21C6A0805F2B} URL = http://search.yahoo.com/search?p={searchTerms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20140103,20028,0,18,0
BHO: QuickShare WidgetEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - QuickShare Widget - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - QuickShare Widget - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {D2C31D2B-35BE-4C2B-ACCB-A78877274E60} -  No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @palmsource.com/installer,version=1.0 - C:\PROGRA~2\Palm\PACKAG~1\NPInstal.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (No Name) - C:\Users\Grumpy\AppData\Local\Google\Chrome\User Data\Default\Extensions\abpgpfeejjkdgbegcmbbiimbefakonej [2014-01-14]

==================== Services (Whitelisted) =================

R2 GoToAssist Remote Support Customer; C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\637\g2ax_service.exe [610888 2014-02-11] (Citrix Online, a division of Citrix Systems, Inc.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376144 2014-01-28] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226640 2014-01-28] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2013-04-30] (LogMeIn, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-10-31] (Microsoft Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201872 2012-11-23] (Realtek Semiconductor)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2013-02-06] (Atheros)

==================== Drivers (Whitelisted) ====================

R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28216 2012-12-04] (Intel Corporation)
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-04-30] (LogMeIn, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [32136 2012-12-20] (Synaptics Incorporated)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-03-20 10:56 - 2014-03-20 10:57 - 00017655 _____ () C:\Users\Grumpy\Desktop\FRST.txt
2014-03-20 10:56 - 2014-03-20 10:56 - 00000000 ____D () C:\FRST
2014-03-20 10:56 - 2014-03-20 10:51 - 02157056 _____ (Farbar) C:\Users\Grumpy\Desktop\FRST64.exe
2014-03-20 10:53 - 2014-03-20 10:53 - 00000000 ____D () C:\Users\Grumpy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2014-03-18 20:17 - 2014-03-18 20:17 - 00047979 _____ () C:\Users\Grumpy\Desktop\attach.txt
2014-03-18 20:17 - 2014-03-18 20:16 - 00025177 _____ () C:\Users\Grumpy\Desktop\dds.txt
2014-03-18 18:52 - 2014-03-18 18:52 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-18 17:19 - 2014-02-22 23:44 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-18 17:18 - 2014-02-23 00:12 - 17847808 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-18 17:18 - 2014-02-22 23:54 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-18 17:18 - 2014-02-22 23:52 - 10926592 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-18 17:18 - 2014-02-22 23:48 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-18 17:18 - 2014-02-22 23:48 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-18 17:18 - 2014-02-22 23:46 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-18 17:18 - 2014-02-22 23:46 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-03-18 17:18 - 2014-02-22 23:46 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-18 17:18 - 2014-02-22 23:45 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-03-18 17:18 - 2014-02-22 23:45 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-03-18 17:18 - 2014-02-22 23:45 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-18 17:18 - 2014-02-22 23:44 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-18 17:18 - 2014-02-22 23:44 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-18 17:18 - 2014-02-22 23:44 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-03-18 17:18 - 2014-02-22 23:43 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-18 17:18 - 2014-02-22 22:50 - 12347904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-18 17:18 - 2014-02-22 22:47 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-18 17:18 - 2014-02-22 22:43 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-18 17:18 - 2014-02-22 22:41 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-18 17:18 - 2014-02-22 22:40 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-18 17:18 - 2014-02-22 22:39 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-18 17:18 - 2014-02-22 22:38 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-03-18 17:18 - 2014-02-22 22:38 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-18 17:18 - 2014-02-22 22:38 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-18 17:18 - 2014-02-22 22:37 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-18 17:18 - 2014-02-22 22:37 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-03-18 17:18 - 2014-02-22 22:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-18 17:18 - 2014-02-22 22:37 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-03-18 17:18 - 2014-02-22 22:36 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-18 17:18 - 2014-02-22 22:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-03-18 17:18 - 2014-02-22 22:35 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-18 17:17 - 2012-07-06 13:07 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2014-03-18 17:17 - 2012-02-10 23:36 - 00559104 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2014-03-18 17:17 - 2012-02-10 23:36 - 00067072 _____ (Microsoft Corporation) C:\Windows\splwow64.exe
2014-03-18 17:17 - 2011-04-27 20:54 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BTHUSB.SYS
2014-03-18 17:17 - 2011-03-10 23:41 - 00410496 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorV.sys
2014-03-18 17:17 - 2011-03-10 23:41 - 00189824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-03-18 17:17 - 2011-03-10 23:41 - 00166272 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstor.sys
2014-03-18 17:17 - 2011-03-10 23:41 - 00148352 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvraid.sys
2014-03-18 17:17 - 2011-03-10 23:41 - 00107904 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdsata.sys
2014-03-18 17:17 - 2011-03-10 23:41 - 00027008 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdxata.sys
2014-03-18 17:17 - 2011-03-10 23:33 - 02565632 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll
2014-03-18 17:17 - 2011-03-10 23:30 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\fsutil.exe
2014-03-18 17:17 - 2011-03-10 22:33 - 01699328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2014-03-18 17:17 - 2011-03-10 22:31 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fsutil.exe
2014-03-18 17:17 - 2011-03-10 21:37 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2014-03-18 17:17 - 2011-02-24 23:19 - 02871808 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2014-03-18 17:17 - 2011-02-24 22:30 - 02616320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2014-03-18 16:52 - 2014-03-18 16:52 - 00000031 _____ () C:\Users\Grumpy\Desktop\kill-IE.bat
2014-03-18 16:50 - 2013-05-09 22:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-03-18 16:50 - 2013-05-09 22:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-03-18 16:50 - 2013-05-09 21:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-03-18 16:50 - 2013-05-09 21:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-03-18 16:17 - 2014-03-02 14:05 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-18 16:15 - 2012-07-25 20:08 - 00744448 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
2014-03-18 16:15 - 2012-07-25 20:08 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2014-03-18 16:15 - 2012-07-25 20:08 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2014-03-18 16:15 - 2012-07-25 20:08 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2014-03-18 16:15 - 2012-07-25 20:08 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
2014-03-18 16:15 - 2012-07-25 19:26 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2014-03-18 16:15 - 2012-07-25 19:26 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2014-03-18 16:15 - 2012-06-02 07:57 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2014-03-18 16:11 - 2012-02-29 23:46 - 00023408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fs_rec.sys
2014-03-18 16:11 - 2012-02-29 23:28 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\wmi.dll
2014-03-18 16:11 - 2012-02-29 22:29 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2014-03-18 16:04 - 2013-10-11 19:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2014-03-18 16:04 - 2013-10-11 19:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2014-03-18 16:04 - 2013-10-11 19:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2014-03-18 16:04 - 2013-10-11 19:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2014-03-18 16:04 - 2013-10-11 19:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2014-03-18 16:04 - 2013-08-28 19:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-03-18 16:04 - 2013-08-28 19:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-03-18 16:04 - 2013-08-28 19:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2014-03-18 16:04 - 2013-08-28 19:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-03-18 16:04 - 2013-08-28 19:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2014-03-18 16:04 - 2013-08-28 18:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-03-18 16:04 - 2013-08-28 18:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-03-18 16:04 - 2013-08-28 18:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-03-18 16:04 - 2013-08-28 18:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2014-03-18 16:04 - 2013-08-28 18:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-03-18 16:04 - 2013-08-28 18:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2014-03-18 16:04 - 2013-08-28 17:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-03-18 16:04 - 2013-08-28 17:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-03-18 16:04 - 2013-08-28 17:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-03-18 16:04 - 2013-08-28 17:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-03-18 16:04 - 2013-08-27 18:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2014-03-18 16:04 - 2011-12-16 01:46 - 00634880 _____ (Microsoft Corporation) C:\Windows\system32\msvcrt.dll
2014-03-18 16:04 - 2011-12-16 00:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll
2014-03-18 16:03 - 2012-11-29 22:45 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-03-18 16:03 - 2012-11-29 22:45 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-03-18 16:03 - 2012-11-29 22:43 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-03-18 16:03 - 2011-10-14 23:31 - 00723456 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2014-03-18 16:03 - 2011-10-14 22:38 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2014-03-18 16:02 - 2014-02-06 18:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-18 16:02 - 2013-12-03 19:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-03-18 16:02 - 2013-12-03 19:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-03-18 16:02 - 2013-12-03 19:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-03-18 16:02 - 2013-12-03 19:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-03-18 16:02 - 2013-12-03 19:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-03-18 16:02 - 2013-12-03 19:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-03-18 16:02 - 2013-12-03 19:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-03-18 16:02 - 2013-12-03 19:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-03-18 16:02 - 2013-12-03 19:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-03-18 16:02 - 2013-12-03 19:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-03-18 16:02 - 2013-12-03 19:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-03-18 16:02 - 2013-12-03 19:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-03-18 16:02 - 2013-12-03 19:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-03-18 16:02 - 2013-12-03 19:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-03-18 16:02 - 2013-12-03 18:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-03-18 16:02 - 2013-12-03 18:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-03-18 16:02 - 2013-12-03 18:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-03-18 16:02 - 2013-12-03 18:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-03-18 16:02 - 2013-09-24 19:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-03-18 16:02 - 2013-09-24 19:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-03-18 16:02 - 2013-09-24 18:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-03-18 16:02 - 2013-07-04 05:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-03-18 16:02 - 2013-05-09 22:49 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2014-03-18 16:02 - 2013-05-09 20:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2014-03-18 16:02 - 2013-04-25 22:51 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2014-03-18 16:02 - 2013-04-25 21:55 - 00492544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2014-03-18 16:02 - 2012-11-21 22:44 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-03-18 16:02 - 2012-11-21 21:45 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-03-18 16:02 - 2012-08-21 14:01 - 00245760 _____ (Microsoft Corporation) C:\Windows\system32\OxpsConverter.exe
2014-03-18 16:02 - 2012-07-04 15:16 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\netapi32.dll
2014-03-18 16:02 - 2012-07-04 15:13 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\browser.dll
2014-03-18 16:02 - 2012-07-04 15:13 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\browcli.dll
2014-03-18 16:02 - 2012-07-04 14:16 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2014-03-18 16:02 - 2012-07-04 14:14 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2014-03-18 16:02 - 2012-01-04 03:44 - 00509952 _____ (Microsoft Corporation) C:\Windows\system32\ntshrui.dll
2014-03-18 16:02 - 2012-01-04 01:58 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll
2014-03-18 16:01 - 2013-11-26 04:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-03-18 16:01 - 2013-09-24 19:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-03-18 16:01 - 2013-09-24 19:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-03-18 16:01 - 2013-09-24 19:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-03-18 16:01 - 2013-09-24 19:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-03-18 16:01 - 2013-09-24 19:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-03-18 16:01 - 2013-09-24 19:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-03-18 16:01 - 2013-09-24 18:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-03-18 16:01 - 2013-09-24 18:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-03-18 16:01 - 2013-09-24 18:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-03-18 16:01 - 2013-09-24 18:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-03-18 16:01 - 2013-09-07 19:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-03-18 16:01 - 2013-08-01 19:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2014-03-18 16:01 - 2013-08-01 19:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-03-18 16:01 - 2013-08-01 19:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-03-18 16:01 - 2013-08-01 19:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2014-03-18 16:01 - 2013-08-01 19:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2014-03-18 16:01 - 2013-08-01 19:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2014-03-18 16:01 - 2013-08-01 19:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2014-03-18 16:01 - 2013-08-01 19:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2014-03-18 16:01 - 2013-08-01 19:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2014-03-18 16:01 - 2013-08-01 19:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2014-03-18 16:01 - 2013-08-01 19:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2014-03-18 16:01 - 2013-08-01 19:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2014-03-18 16:01 - 2013-08-01 19:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2014-03-18 16:01 - 2013-08-01 19:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-03-18 16:01 - 2013-08-01 19:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2014-03-18 16:01 - 2013-08-01 19:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2014-03-18 16:01 - 2013-08-01 19:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2014-03-18 16:01 - 2013-08-01 19:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2014-03-18 16:01 - 2013-08-01 19:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2014-03-18 16:01 - 2013-08-01 19:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2014-03-18 16:01 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2014-03-18 16:01 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2014-03-18 16:01 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2014-03-18 16:01 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2014-03-18 16:01 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2014-03-18 16:01 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2014-03-18 16:01 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2014-03-18 16:01 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2014-03-18 16:01 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2014-03-18 16:01 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2014-03-18 16:01 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2014-03-18 16:01 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2014-03-18 16:01 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2014-03-18 16:01 - 2013-08-01 18:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-03-18 16:01 - 2013-08-01 18:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-03-18 16:01 - 2013-08-01 18:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2014-03-18 16:01 - 2013-08-01 18:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2014-03-18 16:01 - 2013-08-01 18:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2014-03-18 16:01 - 2013-08-01 18:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2014-03-18 16:01 - 2013-08-01 18:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2014-03-18 16:01 - 2013-08-01 18:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2014-03-18 16:01 - 2013-08-01 18:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2014-03-18 16:01 - 2013-08-01 18:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2014-03-18 16:01 - 2013-08-01 18:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2014-03-18 16:01 - 2013-08-01 18:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2014-03-18 16:01 - 2013-08-01 18:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2014-03-18 16:01 - 2013-08-01 18:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2014-03-18 16:01 - 2013-08-01 18:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2014-03-18 16:01 - 2013-08-01 18:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2014-03-18 16:01 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2014-03-18 16:01 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-03-18 16:01 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2014-03-18 16:01 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2014-03-18 16:01 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2014-03-18 16:01 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2014-03-18 16:01 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2014-03-18 16:01 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2014-03-18 16:01 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2014-03-18 16:01 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2014-03-18 16:01 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2014-03-18 16:01 - 2013-08-01 18:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2014-03-18 16:01 - 2013-08-01 17:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2014-03-18 16:01 - 2013-08-01 17:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2014-03-18 16:01 - 2013-08-01 17:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2014-03-18 16:01 - 2013-08-01 17:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2014-03-18 16:01 - 2013-08-01 17:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2014-03-18 16:01 - 2013-07-08 22:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-03-18 16:01 - 2013-07-08 21:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-03-18 16:01 - 2012-12-07 06:20 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
2014-03-18 16:01 - 2012-12-07 06:15 - 02746368 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll
2014-03-18 16:01 - 2012-12-07 05:26 - 00308736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
2014-03-18 16:01 - 2012-12-07 05:20 - 02576384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll
2014-03-18 16:01 - 2012-12-07 04:20 - 00045568 _____ (Microsoft) C:\Windows\system32\oflc-nz.rs
2014-03-18 16:01 - 2012-12-07 04:20 - 00044544 _____ (Microsoft) C:\Windows\system32\pegibbfc.rs
2014-03-18 16:01 - 2012-12-07 04:20 - 00043520 _____ (Microsoft) C:\Windows\system32\csrr.rs
2014-03-18 16:01 - 2012-12-07 04:20 - 00030720 _____ (Microsoft) C:\Windows\system32\usk.rs
2014-03-18 16:01 - 2012-12-07 04:20 - 00023552 _____ (Microsoft) C:\Windows\system32\oflc.rs
2014-03-18 16:01 - 2012-12-07 04:20 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-pt.rs
2014-03-18 16:01 - 2012-12-07 04:20 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-fi.rs
2014-03-18 16:01 - 2012-12-07 04:19 - 00055296 _____ (Microsoft) C:\Windows\system32\cero.rs
2014-03-18 16:01 - 2012-12-07 04:19 - 00051712 _____ (Microsoft) C:\Windows\system32\esrb.rs
2014-03-18 16:01 - 2012-12-07 04:19 - 00046592 _____ (Microsoft) C:\Windows\system32\fpb.rs
2014-03-18 16:01 - 2012-12-07 04:19 - 00040960 _____ (Microsoft) C:\Windows\system32\cob-au.rs
2014-03-18 16:01 - 2012-12-07 04:19 - 00021504 _____ (Microsoft) C:\Windows\system32\grb.rs
2014-03-18 16:01 - 2012-12-07 04:19 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi.rs
2014-03-18 16:01 - 2012-12-07 04:19 - 00015360 _____ (Microsoft) C:\Windows\system32\djctq.rs
2014-03-18 16:01 - 2012-12-07 03:46 - 00055296 _____ (Microsoft) C:\Windows\SysWOW64\cero.rs
2014-03-18 16:01 - 2012-12-07 03:46 - 00051712 _____ (Microsoft) C:\Windows\SysWOW64\esrb.rs
2014-03-18 16:01 - 2012-12-07 03:46 - 00046592 _____ (Microsoft) C:\Windows\SysWOW64\fpb.rs
2014-03-18 16:01 - 2012-12-07 03:46 - 00045568 _____ (Microsoft) C:\Windows\SysWOW64\oflc-nz.rs
2014-03-18 16:01 - 2012-12-07 03:46 - 00044544 _____ (Microsoft) C:\Windows\SysWOW64\pegibbfc.rs
2014-03-18 16:01 - 2012-12-07 03:46 - 00043520 _____ (Microsoft) C:\Windows\SysWOW64\csrr.rs
2014-03-18 16:01 - 2012-12-07 03:46 - 00040960 _____ (Microsoft) C:\Windows\SysWOW64\cob-au.rs
2014-03-18 16:01 - 2012-12-07 03:46 - 00030720 _____ (Microsoft) C:\Windows\SysWOW64\usk.rs
2014-03-18 16:01 - 2012-12-07 03:46 - 00023552 _____ (Microsoft) C:\Windows\SysWOW64\oflc.rs
2014-03-18 16:01 - 2012-12-07 03:46 - 00021504 _____ (Microsoft) C:\Windows\SysWOW64\grb.rs
2014-03-18 16:01 - 2012-12-07 03:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-pt.rs
2014-03-18 16:01 - 2012-12-07 03:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-fi.rs
2014-03-18 16:01 - 2012-12-07 03:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi.rs
2014-03-18 16:01 - 2012-12-07 03:46 - 00015360 _____ (Microsoft) C:\Windows\SysWOW64\djctq.rs
2014-03-18 16:00 - 2013-09-07 19:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2014-03-18 16:00 - 2013-09-07 19:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2014-03-18 16:00 - 2013-07-25 19:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-03-18 16:00 - 2013-07-25 19:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2014-03-18 16:00 - 2013-07-25 18:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-03-18 16:00 - 2013-07-25 18:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2014-03-18 16:00 - 2013-07-04 05:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2014-03-18 16:00 - 2013-07-04 05:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2014-03-18 16:00 - 2013-07-04 04:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2014-03-18 16:00 - 2013-07-04 04:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2014-03-18 16:00 - 2013-07-04 03:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2014-03-18 16:00 - 2013-06-25 15:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2014-03-18 16:00 - 2013-04-12 07:45 - 01656680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-03-18 16:00 - 2013-02-26 23:02 - 00111448 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-03-18 16:00 - 2013-02-26 22:47 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2014-03-18 16:00 - 2012-11-28 15:56 - 00054376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2014-03-18 16:00 - 2012-11-28 15:56 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
2014-03-18 16:00 - 2012-11-28 15:56 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2014-03-18 16:00 - 2012-10-31 22:43 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-03-18 16:00 - 2012-10-31 21:47 - 01389568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-03-18 16:00 - 2011-12-29 23:26 - 00515584 _____ (Microsoft Corporation) C:\Windows\system32\timedate.cpl
2014-03-18 16:00 - 2011-12-29 22:27 - 00478720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl
2014-03-18 16:00 - 2011-11-16 23:35 - 00395776 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2014-03-18 16:00 - 2011-11-16 22:35 - 00314880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2014-03-18 16:00 - 2011-08-26 22:37 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-03-18 16:00 - 2011-08-26 22:37 - 00331776 _____ (Microsoft Corporation) C:\Windows\system32\oleacc.dll
2014-03-18 16:00 - 2011-08-26 21:26 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-03-18 16:00 - 2011-08-26 21:26 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleacc.dll
2014-03-18 16:00 - 2011-04-08 23:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2014-03-18 16:00 - 2011-04-08 22:56 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2014-03-18 16:00 - 2011-03-10 23:34 - 01395712 _____ (Microsoft Corporation) C:\Windows\system32\mfc42.dll
2014-03-18 16:00 - 2011-03-10 23:34 - 01359872 _____ (Microsoft Corporation) C:\Windows\system32\mfc42u.dll
2014-03-18 16:00 - 2011-03-10 22:33 - 01164288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42u.dll
2014-03-18 16:00 - 2011-03-10 22:33 - 01137664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42.dll
2014-03-18 15:59 - 2013-10-18 19:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2014-03-18 15:59 - 2013-10-18 18:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2014-03-18 15:59 - 2013-10-05 13:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-03-18 15:59 - 2013-10-05 12:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-03-18 15:59 - 2013-09-27 18:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-03-18 15:59 - 2013-08-27 02:01 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2014-03-18 15:59 - 2013-08-27 02:01 - 01143296 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2014-03-18 15:59 - 2013-08-27 01:21 - 01077760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2014-03-18 15:59 - 2013-07-08 22:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-03-18 15:59 - 2013-07-08 22:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-03-18 15:59 - 2013-07-08 22:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2014-03-18 15:59 - 2013-07-08 21:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-03-18 15:59 - 2013-07-08 21:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-03-18 15:59 - 2013-07-08 21:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2014-03-18 15:59 - 2013-02-14 23:08 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-03-18 15:59 - 2013-02-14 23:06 - 03717632 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-03-18 15:59 - 2013-02-14 23:02 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-03-18 15:59 - 2013-02-14 21:37 - 03217408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-03-18 15:59 - 2013-02-14 21:34 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-03-18 15:59 - 2013-02-14 20:25 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-03-18 15:59 - 2012-10-03 10:44 - 00303104 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2014-03-18 15:59 - 2012-10-03 10:44 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\netcorehc.dll
2014-03-18 15:59 - 2012-10-03 10:44 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2014-03-18 15:59 - 2012-10-03 10:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2014-03-18 15:59 - 2012-10-03 10:44 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2014-03-18 15:59 - 2012-10-03 10:42 - 00569344 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2014-03-18 15:59 - 2012-10-03 09:42 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll
2014-03-18 15:59 - 2012-10-03 09:42 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2014-03-18 15:59 - 2012-10-03 09:42 - 00018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
2014-03-18 15:59 - 2012-10-03 09:07 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2014-03-18 15:59 - 2012-06-05 23:02 - 01133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2014-03-18 15:59 - 2012-06-05 22:03 - 00805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2014-03-18 15:59 - 2012-05-13 22:26 - 00956928 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-03-18 15:59 - 2012-03-17 00:58 - 00075120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys
2014-03-18 15:59 - 2012-01-13 00:12 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2014-03-18 15:59 - 2011-06-15 03:02 - 00212992 _____ (Microsoft Corporation) C:\Windows\system32\odbctrac.dll
2014-03-18 15:59 - 2011-06-15 03:02 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\odbccp32.dll
2014-03-18 15:59 - 2011-06-15 03:02 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\odbccu32.dll
2014-03-18 15:59 - 2011-06-15 03:02 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\odbccr32.dll
2014-03-18 15:59 - 2011-06-15 01:55 - 00319488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbcjt32.dll
2014-03-18 15:59 - 2011-06-15 01:55 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbctrac.dll
2014-03-18 15:59 - 2011-06-15 01:55 - 00122880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbccp32.dll
2014-03-18 15:59 - 2011-06-15 01:55 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbccu32.dll
2014-03-18 15:59 - 2011-06-15 01:55 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbccr32.dll
2014-03-18 15:59 - 2011-05-03 22:25 - 02315776 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2014-03-18 15:59 - 2011-05-03 22:22 - 02223616 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2014-03-18 15:59 - 2011-05-03 22:22 - 00778752 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2014-03-18 15:59 - 2011-05-03 22:22 - 00491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2014-03-18 15:59 - 2011-05-03 22:22 - 00288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2014-03-18 15:59 - 2011-05-03 22:22 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2014-03-18 15:59 - 2011-05-03 22:19 - 00591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2014-03-18 15:59 - 2011-05-03 22:19 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2014-03-18 15:59 - 2011-05-03 22:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2014-03-18 15:59 - 2011-05-03 21:34 - 01549312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2014-03-18 15:59 - 2011-05-03 21:32 - 01401344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2014-03-18 15:59 - 2011-05-03 21:32 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2014-03-18 15:59 - 2011-05-03 21:32 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2014-03-18 15:59 - 2011-05-03 21:32 - 00197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2014-03-18 15:59 - 2011-05-03 21:32 - 00059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2014-03-18 15:59 - 2011-05-03 21:28 - 00427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2014-03-18 15:59 - 2011-05-03 21:28 - 00164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2014-03-18 15:59 - 2011-05-03 21:28 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2014-03-18 15:59 - 2011-04-22 15:15 - 00027520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-03-18 15:59 - 2011-02-05 10:10 - 00642944 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-03-18 15:59 - 2011-02-05 10:10 - 00020352 _____ (Microsoft Corporation) C:\Windows\system32\kdusb.dll
2014-03-18 15:59 - 2011-02-05 10:10 - 00019328 _____ (Microsoft Corporation) C:\Windows\system32\kd1394.dll
2014-03-18 15:59 - 2011-02-05 10:10 - 00017792 _____ (Microsoft Corporation) C:\Windows\system32\kdcom.dll
2014-03-18 15:59 - 2011-02-05 10:06 - 00605552 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-03-18 15:59 - 2011-02-05 10:06 - 00566208 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-03-18 15:59 - 2011-02-05 10:06 - 00518672 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-03-18 15:58 - 2014-01-28 19:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-18 15:58 - 2014-01-28 19:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-18 15:58 - 2013-12-31 16:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-03-18 15:58 - 2013-12-31 16:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-03-18 15:58 - 2013-12-05 19:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-03-18 15:58 - 2013-12-05 19:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-03-18 15:58 - 2013-12-05 19:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-03-18 15:58 - 2013-12-05 19:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-03-18 15:58 - 2013-10-29 19:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2014-03-18 15:58 - 2013-10-29 19:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2014-03-18 15:58 - 2013-10-03 19:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2014-03-18 15:58 - 2013-10-03 19:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2014-03-18 15:58 - 2013-10-03 19:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-03-18 15:58 - 2013-10-03 18:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2014-03-18 15:58 - 2013-10-03 18:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-03-18 15:58 - 2013-10-03 18:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2014-03-18 15:58 - 2013-08-01 05:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-03-18 15:58 - 2013-07-20 03:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-03-18 15:58 - 2013-07-20 03:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2014-03-18 15:58 - 2013-06-14 21:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-03-18 15:58 - 2013-06-05 22:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2014-03-18 15:58 - 2013-06-05 22:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2014-03-18 15:58 - 2013-06-05 22:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2014-03-18 15:58 - 2013-06-05 22:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2014-03-18 15:58 - 2013-06-05 21:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2014-03-18 15:58 - 2013-06-05 21:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2014-03-18 15:58 - 2013-06-05 21:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2014-03-18 15:58 - 2013-06-05 20:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2014-03-18 15:58 - 2013-06-05 20:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2014-03-18 15:58 - 2013-06-05 20:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2014-03-18 15:58 - 2013-05-12 22:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2014-03-18 15:58 - 2013-05-12 20:43 - 01192448 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2014-03-18 15:58 - 2013-05-12 20:08 - 00903168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2014-03-18 15:58 - 2013-05-12 20:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2014-03-18 15:58 - 2013-04-09 23:01 - 00265064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2014-03-18 15:58 - 2013-01-23 23:01 - 00223752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2014-03-18 15:58 - 2012-10-09 11:17 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
2014-03-18 15:58 - 2012-10-09 11:17 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll
2014-03-18 15:58 - 2012-10-09 10:40 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2014-03-18 15:58 - 2012-10-09 10:40 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2014-03-18 15:58 - 2012-08-10 17:56 - 00715776 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-03-18 15:58 - 2012-08-10 16:56 - 00542208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-03-18 15:58 - 2012-05-05 01:36 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-03-18 15:58 - 2012-05-05 00:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2014-03-18 15:58 - 2012-04-30 22:40 - 00209920 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2014-03-18 15:58 - 2012-04-07 05:31 - 03216384 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-03-18 15:58 - 2012-04-07 04:26 - 02342400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-03-18 15:58 - 2011-10-25 22:25 - 01572864 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-03-18 15:58 - 2011-10-25 22:25 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-03-18 15:58 - 2011-10-25 21:32 - 01328128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2014-03-18 15:58 - 2011-10-25 21:32 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-03-18 15:58 - 2011-08-16 22:26 - 00613888 _____ (Microsoft Corporation) C:\Windows\system32\psisdecd.dll
2014-03-18 15:58 - 2011-08-16 22:25 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\psisrndr.ax
2014-03-18 15:58 - 2011-08-16 21:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\psisdecd.dll
2014-03-18 15:58 - 2011-08-16 21:19 - 00075776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\psisrndr.ax
2014-03-18 15:58 - 2011-07-08 19:46 - 00288768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2014-03-18 15:58 - 2011-05-02 22:29 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2014-03-18 15:58 - 2011-05-02 21:30 - 00741376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2014-03-18 15:58 - 2011-04-26 19:40 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2014-03-18 15:58 - 2011-04-26 19:39 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2014-03-18 15:58 - 2011-02-18 03:51 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\prevhost.exe
2014-03-18 15:58 - 2011-02-17 22:39 - 00031232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\prevhost.exe
2014-03-18 15:58 - 2011-02-12 04:34 - 00267776 _____ (Microsoft Corporation) C:\Windows\system32\FXSCOVER.exe
2014-03-18 15:58 - 2011-02-03 04:25 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-03-18 15:57 - 2014-02-03 19:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-18 15:57 - 2014-02-03 19:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-18 15:57 - 2014-01-27 19:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-18 15:57 - 2013-11-26 18:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-03-18 15:57 - 2013-11-26 18:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-03-18 15:57 - 2013-11-26 18:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-03-18 15:57 - 2013-11-26 18:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-03-18 15:57 - 2013-11-26 18:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-03-18 15:57 - 2013-11-11 19:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-03-18 15:57 - 2013-11-11 19:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-03-18 15:57 - 2013-07-12 03:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2014-03-18 15:57 - 2013-07-12 03:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2014-03-18 15:57 - 2013-07-04 05:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2014-03-18 15:57 - 2013-07-04 04:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2014-03-18 15:57 - 2013-07-02 21:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2014-03-18 15:57 - 2013-07-02 21:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2014-03-18 15:57 - 2013-03-18 22:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll
2014-03-18 15:57 - 2013-02-11 21:12 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2014-03-18 15:57 - 2012-11-01 22:59 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll
2014-03-18 15:57 - 2012-11-01 22:11 - 00376832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2014-03-18 15:57 - 2012-09-25 15:47 - 00078336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
2014-03-18 15:57 - 2012-09-25 15:46 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\synceng.dll
2014-03-18 15:57 - 2012-04-27 20:55 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-03-18 15:57 - 2012-04-25 22:41 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-03-18 15:57 - 2012-04-25 22:41 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\rdpwsx.dll
2014-03-18 15:57 - 2012-04-25 22:34 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\rdrmemptylst.exe
2014-03-18 15:57 - 2011-11-19 07:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-03-18 15:57 - 2011-11-19 07:01 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-03-18 15:57 - 2011-03-02 23:24 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2014-03-18 15:57 - 2011-03-02 23:24 - 00183296 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2014-03-18 15:57 - 2011-03-02 23:21 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\dnscacheugc.exe
2014-03-18 15:57 - 2011-03-02 22:38 - 00270336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2014-03-18 15:57 - 2011-03-02 22:36 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnscacheugc.exe
2014-03-18 15:57 - 2011-02-22 21:55 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2014-03-18 15:56 - 2013-10-11 19:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2014-03-18 15:56 - 2013-10-11 19:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2014-03-18 15:56 - 2013-10-11 19:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2014-03-18 15:56 - 2013-10-11 19:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2014-03-18 15:56 - 2013-10-11 18:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2014-03-18 15:56 - 2013-10-11 18:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2014-03-18 15:56 - 2013-10-11 18:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2014-03-18 15:56 - 2013-10-11 18:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2014-03-18 15:56 - 2013-10-03 19:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2014-03-18 15:56 - 2013-10-03 18:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2014-03-18 15:56 - 2013-10-02 19:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-03-18 15:56 - 2013-10-02 19:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-03-18 15:56 - 2013-08-04 19:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2014-03-18 15:56 - 2013-07-25 02:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2014-03-18 15:56 - 2013-07-25 01:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2014-03-18 15:56 - 2013-01-02 23:00 - 00288088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-03-18 15:56 - 2012-11-22 20:13 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2014-03-18 15:56 - 2012-08-22 11:12 - 00950128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2014-03-18 15:56 - 2012-07-04 13:26 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RNDISMP.sys
2014-03-18 15:56 - 2011-05-24 04:42 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\umpnpmgr.dll
2014-03-18 15:56 - 2011-05-24 03:40 - 00064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devobj.dll
2014-03-18 15:56 - 2011-05-24 03:40 - 00044544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devrtl.dll
2014-03-18 15:56 - 2011-05-24 03:39 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cfgmgr32.dll
2014-03-18 15:56 - 2011-05-24 03:37 - 00252928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drvinst.exe
2014-03-18 15:56 - 2011-04-28 20:06 - 00467456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2014-03-18 15:56 - 2011-04-28 20:05 - 00410112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2014-03-18 15:56 - 2011-04-28 20:05 - 00168448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2014-03-18 15:56 - 2010-12-23 03:42 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\sbe.dll
2014-03-18 15:56 - 2010-12-23 03:42 - 00961024 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2014-03-18 15:56 - 2010-12-23 03:36 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\mpg2splt.ax
2014-03-18 15:56 - 2010-12-22 22:54 - 00850944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sbe.dll
2014-03-18 15:56 - 2010-12-22 22:54 - 00642048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2014-03-18 15:56 - 2010-12-22 22:50 - 00199680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mpg2splt.ax
2014-03-18 15:55 - 2011-06-15 22:49 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\xmllite.dll
2014-03-18 15:55 - 2011-06-15 21:33 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xmllite.dll
2014-03-18 15:19 - 2014-03-18 15:19 - 03695416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-03-18 15:19 - 2014-03-18 15:19 - 03695416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-03-18 15:19 - 2014-03-18 15:19 - 00534528 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-18 15:19 - 2014-03-18 15:19 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-03-18 15:19 - 2014-03-18 15:19 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-03-18 15:19 - 2014-03-18 15:19 - 00434176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-18 15:19 - 2014-03-18 15:19 - 00403248 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-03-18 15:19 - 2014-03-18 15:19 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-03-18 15:19 - 2014-03-18 15:19 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-03-18 15:19 - 2014-03-18 15:19 - 00353584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-03-18 15:19 - 2014-03-18 15:19 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-03-18 15:19 - 2014-03-18 15:19 - 00267776 _____ (Microsoft Corporation) C:\Windows\system32\ieaksie.dll
2014-03-18 15:19 - 2014-03-18 15:19 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-03-18 15:19 - 2014-03-18 15:19 - 00227840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2014-03-18 15:19 - 2014-03-18 15:19 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-03-18 15:19 - 2014-03-18 15:19 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-03-18 15:19 - 2014-03-18 15:19 - 00203776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-03-18 15:19 - 2014-03-18 15:19 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-18 15:19 - 2014-03-18 15:19 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-03-18 15:19 - 2014-03-18 15:19 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2014-03-18 15:19 - 2014-03-18 15:19 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\ieakui.dll
2014-03-18 15:19 - 2014-03-18 15:19 - 00162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-18 15:19 - 2014-03-18 15:19 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-03-18 15:19 - 2014-03-18 15:19 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-03-18 15:19 - 2014-03-18 15:19 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\ieakeng.dll
2014-03-18 15:19 - 2014-03-18 15:19 - 00152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-03-18 15:19 - 2014-03-18 15:19 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-03-18 15:19 - 2014-03-18 15:19 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-03-18 15:19 - 2014-03-18 15:19 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-03-18 15:19 - 2014-03-18 15:19 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-03-18 15:19 - 2014-03-18 15:19 - 00130560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2014-03-18 15:19 - 2014-03-18 15:19 - 00123392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-03-18 15:19 - 2014-03-18 15:19 - 00118784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-03-18 15:19 - 2014-03-18 15:19 - 00114176 _____ (Microsoft Corporation) C:\Windows\system32\admparse.dll
2014-03-18 15:19 - 2014-03-18 15:19 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-03-18 15:19 - 2014-03-18 15:19 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-03-18 15:19 - 2014-03-18 15:19 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-03-18 15:19 - 2014-03-18 15:19 - 00101888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2014-03-18 15:19 - 2014-03-18 15:19 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-03-18 15:19 - 2014-03-18 15:19 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-03-18 15:19 - 2014-03-18 15:19 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-18 15:19 - 2014-03-18 15:19 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-03-18 15:19 - 2014-03-18 15:19 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-18 15:19 - 2014-03-18 15:19 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-03-18 15:19 - 2014-03-18 15:19 - 00078848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-03-18 15:19 - 2014-03-18 15:19 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-03-18 15:19 - 2014-03-18 15:19 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-03-18 15:19 - 2014-03-18 15:19 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-03-18 15:19 - 2014-03-18 15:19 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-18 15:19 - 2014-03-18 15:19 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2014-03-18 15:19 - 2014-03-18 15:19 - 00066048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-03-18 15:19 - 2014-03-18 15:19 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-03-18 15:19 - 2014-03-18 15:19 - 00063488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-03-18 15:19 - 2014-03-18 15:19 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-03-18 15:19 - 2014-03-18 15:19 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-03-18 15:19 - 2014-03-18 15:19 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-03-18 15:19 - 2014-03-18 15:19 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-03-18 15:19 - 2014-03-18 15:19 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-03-18 15:19 - 2014-03-18 15:19 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-03-18 15:19 - 2014-03-18 15:19 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-18 15:19 - 2014-03-18 15:19 - 00035840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-03-18 15:19 - 2014-03-18 15:19 - 00031744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-18 15:19 - 2014-03-18 15:19 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-03-18 15:19 - 2014-03-18 15:19 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-03-18 15:19 - 2014-03-18 15:19 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-03-18 15:19 - 2014-03-18 15:19 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-03-18 15:19 - 2014-03-18 15:19 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-03-18 15:19 - 2014-03-18 15:19 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-03-18 15:17 - 2014-03-18 14:58 - 00688992 ____R (Swearware) C:\Users\Grumpy\Desktop\dds.com
2014-03-18 15:14 - 2014-03-18 15:27 - 00001449 _____ () C:\Users\Grumpy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-18 15:14 - 2014-03-18 15:27 - 00001415 _____ () C:\Users\Grumpy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-03-18 10:24 - 2014-03-18 10:24 - 00003360 _____ () C:\Windows\System32\Tasks\RunAsStdUser Task
2014-03-17 20:56 - 2014-03-17 20:56 - 00001079 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2014-03-17 20:56 - 2014-03-17 20:56 - 00000000 ____D () C:\Users\Grumpy\AppData\Local\VS Revo Group
2014-03-17 20:56 - 2014-03-17 20:56 - 00000000 ____D () C:\ProgramData\VS Revo Group
2014-03-17 20:56 - 2014-03-17 20:56 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-03-17 20:56 - 2009-12-30 10:21 - 00031800 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2014-03-17 19:15 - 2014-03-18 20:08 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-17 19:15 - 2014-03-18 19:58 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-17 19:10 - 2014-03-18 19:56 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-17 18:38 - 2012-02-16 23:38 - 01031680 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2014-03-17 18:38 - 2012-02-16 22:34 - 00826880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2014-03-17 18:38 - 2012-02-16 21:57 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdtcp.sys
2014-03-17 18:35 - 2014-03-18 19:21 - 00775820 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-03-17 18:33 - 2014-03-20 10:54 - 00000000 ____D () C:\Users\Grumpy\AppData\Local\Deployment
2014-03-17 18:32 - 2014-03-18 17:11 - 00136552 _____ () C:\Users\Grumpy\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-17 18:27 - 2014-03-17 18:27 - 00000020 ___SH () C:\Users\Grumpy\ntuser.ini
2014-03-17 18:27 - 2012-06-02 15:19 - 02428952 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-03-17 18:27 - 2012-06-02 15:19 - 00701976 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-03-17 18:27 - 2012-06-02 15:19 - 00186752 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-03-17 18:27 - 2012-06-02 15:19 - 00057880 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-03-17 18:27 - 2012-06-02 15:19 - 00044056 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-03-17 18:27 - 2012-06-02 15:19 - 00038424 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-03-17 18:27 - 2012-06-02 15:15 - 02622464 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-03-17 18:27 - 2012-06-02 15:15 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-03-17 18:27 - 2012-06-02 15:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-03-17 18:26 - 2014-03-17 18:26 - 00000000 __SHD () C:\Recovery
2014-03-17 18:13 - 2014-03-17 18:27 - 00000000 ____D () C:\Windows\Panther
2014-03-17 18:05 - 2014-03-17 18:05 - 00262144 _____ () C:\Windows\system32\config\userdiff
2014-03-17 18:05 - 2014-03-17 18:05 - 00000000 ____D () C:\Program Files\Microsoft Games
2014-03-17 17:52 - 2014-03-17 17:55 - 00000000 ___HD () C:\$WINDOWS.~Q
2014-03-17 17:50 - 2014-03-17 17:50 - 00022744 _____ () C:\Windows\system32\emptyregdb.dat
2014-03-17 17:46 - 2014-03-20 10:56 - 01389630 _____ () C:\Windows\WindowsUpdate.log
2014-03-17 17:46 - 2014-03-17 17:50 - 00000000 ___HD () C:\$INPLACE.~TR
2014-03-17 17:43 - 2014-03-20 10:53 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-03-17 17:43 - 2014-03-20 10:53 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-03-17 17:21 - 2014-03-17 18:27 - 00000000 ____D () C:\Users\Grumpy
2014-03-17 17:21 - 2014-03-17 17:39 - 00000000 ____D () C:\Users\Administrator
2014-03-17 17:21 - 2009-07-13 21:54 - 00000000 ___RD () C:\Users\Grumpy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-03-17 17:21 - 2009-07-13 21:54 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-03-17 17:21 - 2009-07-13 21:49 - 00000000 ___RD () C:\Users\Grumpy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-03-17 17:21 - 2009-07-13 21:49 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-03-17 17:20 - 2014-03-17 17:20 - 00001355 _____ () C:\Windows\TSSysprep.log
2014-03-17 17:19 - 2014-03-17 17:19 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_SynTP_01009.Wdf
2014-03-17 17:18 - 2014-03-17 17:18 - 00849474 _____ () C:\Windows\system32\Drivers\rtwavesskdy.dat
2014-03-17 17:18 - 2014-03-17 17:18 - 00188490 _____ () C:\Windows\system32\Drivers\RTWAVES40.dat
2014-03-17 17:18 - 2014-03-17 17:18 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2014-03-17 17:18 - 2014-03-17 17:18 - 00000000 ____D () C:\Windows\system32\SRSLabs
2014-03-17 17:18 - 2014-03-17 17:18 - 00000000 ____D () C:\Program Files\Realtek
2014-03-17 17:17 - 2014-03-17 17:17 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01009.Wdf
2014-03-17 17:17 - 2014-03-17 17:17 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_iusb3hcs_01009.Wdf
2014-03-17 17:17 - 2014-03-17 17:17 - 00000000 ____D () C:\Program Files\Synaptics
2014-03-17 17:17 - 2012-10-16 03:39 - 00056832 _____ (Khronos Group) C:\Windows\system32\OpenCL.DLL
2014-03-17 17:17 - 2012-10-16 03:39 - 00056320 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.DLL
2014-03-17 16:14 - 2014-03-17 17:55 - 00006056 _____ () C:\Windows\comsetup.log
2014-03-17 15:59 - 2014-03-17 17:42 - 00000000 ___RD () C:\Users\Grumpy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-03-17 15:40 - 2014-03-17 16:04 - 00004316 _____ () C:\Users\Grumpy\Desktop\Windows Compatibility Report.htm
2014-03-17 15:28 - 2014-03-17 16:00 - 00001890 _____ () C:\Windows\diagwrn.xml
2014-03-17 15:28 - 2014-03-17 16:00 - 00001890 _____ () C:\Windows\diagerr.xml
2014-03-17 13:52 - 2014-03-17 17:39 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-17 13:52 - 2014-03-17 17:39 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-17 13:52 - 2014-03-17 17:39 - 00000000 ____D () C:\Users\Administrator\AppData\Local\SoftThinks
2014-03-17 11:41 - 2014-03-17 14:32 - 00000000 ____D () C:\Windows\pss
2014-03-05 17:14 - 2014-03-18 20:08 - 00000000 ____D () C:\Users\Grumpy\Desktop\MBAR
2014-03-05 14:53 - 2014-03-05 14:53 - 00765016 _____ (Webroot) C:\Users\Grumpy\Desktop\wsainstall.exe
2014-03-05 12:22 - 2014-03-05 12:22 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Grumpy\Desktop\rkill.scr
2014-03-05 08:48 - 2014-03-18 19:35 - 00002040 _____ () C:\Users\Grumpy\Desktop\Rkill.txt
2014-03-03 22:40 - 2014-03-03 22:40 - 00002954 _____ () C:\Users\Grumpy\Documents\ewilsonesq-AOLAccountSpoofed-03-03-2014.txt
2014-03-03 00:16 - 2014-03-17 17:26 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-03 00:16 - 2014-03-17 17:24 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-02-27 15:26 - 2014-03-18 10:38 - 04130656 _____ (Kaspersky Lab ZAO) C:\Users\Grumpy\Desktop\TDSSKiller.exe
2014-02-26 14:56 - 2014-03-05 10:05 - 00000000 ____D () C:\Program Files (x86)\DriverUpdate
2014-02-25 22:56 - 2014-03-17 17:40 - 00000000 ____D () C:\Users\Grumpy\AppData\Local\SearchProtect
2014-02-21 23:11 - 2014-03-17 17:41 - 00000000 ____D () C:\Users\Grumpy\AppData\Roaming\DriverCure
2014-02-19 23:55 - 2014-03-03 22:20 - 00018313 _____ () C:\Users\Grumpy\Documents\SPECIALMinistryCalendarMarch&April2014Schedule.xlsx
2014-02-19 22:48 - 2014-02-19 22:48 - 00002168 _____ () C:\Users\Grumpy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk

==================== One Month Modified Files and Folders =======

2014-03-20 10:57 - 2014-03-20 10:56 - 00017655 _____ () C:\Users\Grumpy\Desktop\FRST.txt
2014-03-20 10:56 - 2014-03-20 10:56 - 00000000 ____D () C:\FRST
2014-03-20 10:56 - 2014-03-17 17:46 - 01389630 _____ () C:\Windows\WindowsUpdate.log
2014-03-20 10:55 - 2013-12-11 20:49 - 00004982 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Grumpy-PC-Grumpy Grumpy-PC
2014-03-20 10:54 - 2014-03-17 18:33 - 00000000 ____D () C:\Users\Grumpy\AppData\Local\Deployment
2014-03-20 10:53 - 2014-03-20 10:53 - 00000000 ____D () C:\Users\Grumpy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2014-03-20 10:53 - 2014-03-17 17:43 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-03-20 10:53 - 2014-03-17 17:43 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-03-20 10:53 - 2013-08-29 14:46 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-03-20 10:51 - 2014-03-20 10:56 - 02157056 _____ (Farbar) C:\Users\Grumpy\Desktop\FRST64.exe
2014-03-20 10:51 - 2013-09-06 18:19 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-03-20 10:51 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-20 10:51 - 2009-07-13 21:51 - 00522171 _____ () C:\Windows\setupact.log
2014-03-18 22:06 - 2013-12-11 16:46 - 00000000 ___RD () C:\Users\Grumpy\SkyDrive
2014-03-18 21:39 - 2013-08-29 14:26 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-18 20:55 - 2009-07-13 21:45 - 00031296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-18 20:55 - 2009-07-13 21:45 - 00031296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-18 20:17 - 2014-03-18 20:17 - 00047979 _____ () C:\Users\Grumpy\Desktop\attach.txt
2014-03-18 20:16 - 2014-03-18 20:17 - 00025177 _____ () C:\Users\Grumpy\Desktop\dds.txt
2014-03-18 20:08 - 2014-03-17 19:15 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-18 20:08 - 2014-03-05 17:14 - 00000000 ____D () C:\Users\Grumpy\Desktop\MBAR
2014-03-18 19:59 - 2009-07-13 22:13 - 00783114 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-18 19:58 - 2014-03-17 19:15 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-18 19:56 - 2014-03-17 19:10 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-18 19:35 - 2014-03-05 08:48 - 00002040 _____ () C:\Users\Grumpy\Desktop\Rkill.txt
2014-03-18 19:21 - 2014-03-17 18:35 - 00775820 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-03-18 18:52 - 2014-03-18 18:52 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-18 18:52 - 2013-08-29 14:49 - 00000000 ____D () C:\ProgramData\Skype
2014-03-18 18:00 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-03-18 17:11 - 2014-03-17 18:32 - 00136552 _____ () C:\Users\Grumpy\AppData\Local\GDIPFONTCACHEV1.DAT
2014-03-18 17:11 - 2013-09-06 18:04 - 00000000 ___RD () C:\Users\Grumpy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-18 17:11 - 2013-09-06 18:04 - 00000000 ___RD () C:\Users\Grumpy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-18 16:59 - 2009-07-13 21:45 - 00496768 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-18 16:57 - 2011-04-12 01:28 - 00000000 ____D () C:\Program Files\Windows Journal
2014-03-18 16:57 - 2009-07-13 22:32 - 00000000 ____D () C:\Program Files\Windows Defender
2014-03-18 16:57 - 2009-07-13 22:32 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-03-18 16:57 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-03-18 16:57 - 2009-07-13 20:20 - 00000000 ____D () C:\Program Files\Common Files\System
2014-03-18 16:52 - 2014-03-18 16:52 - 00000031 _____ () C:\Users\Grumpy\Desktop\kill-IE.bat
2014-03-18 16:19 - 2013-09-06 19:23 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-18 15:27 - 2014-03-18 15:14 - 00001449 _____ () C:\Users\Grumpy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-18 15:27 - 2014-03-18 15:14 - 00001415 _____ () C:\Users\Grumpy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-03-18 15:22 - 2013-09-06 23:08 - 00007098 _____ () C:\Windows\IE9_main.log
2014-03-18 15:19 - 2014-03-18 15:19 - 03695416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-03-18 15:19 - 2014-03-18 15:19 - 03695416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-03-18 15:19 - 2014-03-18 15:19 - 00534528 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-18 15:19 - 2014-03-18 15:19 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-03-18 15:19 - 2014-03-18 15:19 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-03-18 15:19 - 2014-03-18 15:19 - 00434176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-18 15:19 - 2014-03-18 15:19 - 00403248 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-03-18 15:19 - 2014-03-18 15:19 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-03-18 15:19 - 2014-03-18 15:19 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-03-18 15:19 - 2014-03-18 15:19 - 00353584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-03-18 15:19 - 2014-03-18 15:19 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-03-18 15:19 - 2014-03-18 15:19 - 00267776 _____ (Microsoft Corporation) C:\Windows\system32\ieaksie.dll
2014-03-18 15:19 - 2014-03-18 15:19 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-03-18 15:19 - 2014-03-18 15:19 - 00227840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2014-03-18 15:19 - 2014-03-18 15:19 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-03-18 15:19 - 2014-03-18 15:19 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-03-18 15:19 - 2014-03-18 15:19 - 00203776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-03-18 15:19 - 2014-03-18 15:19 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-18 15:19 - 2014-03-18 15:19 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-03-18 15:19 - 2014-03-18 15:19 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2014-03-18 15:19 - 2014-03-18 15:19 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\ieakui.dll
2014-03-18 15:19 - 2014-03-18 15:19 - 00162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-18 15:19 - 2014-03-18 15:19 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-03-18 15:19 - 2014-03-18 15:19 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-03-18 15:19 - 2014-03-18 15:19 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\ieakeng.dll
2014-03-18 15:19 - 2014-03-18 15:19 - 00152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-03-18 15:19 - 2014-03-18 15:19 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-03-18 15:19 - 2014-03-18 15:19 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-03-18 15:19 - 2014-03-18 15:19 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-03-18 15:19 - 2014-03-18 15:19 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-03-18 15:19 - 2014-03-18 15:19 - 00130560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2014-03-18 15:19 - 2014-03-18 15:19 - 00123392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-03-18 15:19 - 2014-03-18 15:19 - 00118784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-03-18 15:19 - 2014-03-18 15:19 - 00114176 _____ (Microsoft Corporation) C:\Windows\system32\admparse.dll
2014-03-18 15:19 - 2014-03-18 15:19 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-03-18 15:19 - 2014-03-18 15:19 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-03-18 15:19 - 2014-03-18 15:19 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-03-18 15:19 - 2014-03-18 15:19 - 00101888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2014-03-18 15:19 - 2014-03-18 15:19 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-03-18 15:19 - 2014-03-18 15:19 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-03-18 15:19 - 2014-03-18 15:19 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-18 15:19 - 2014-03-18 15:19 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-03-18 15:19 - 2014-03-18 15:19 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-18 15:19 - 2014-03-18 15:19 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-03-18 15:19 - 2014-03-18 15:19 - 00078848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-03-18 15:19 - 2014-03-18 15:19 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-03-18 15:19 - 2014-03-18 15:19 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-03-18 15:19 - 2014-03-18 15:19 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-03-18 15:19 - 2014-03-18 15:19 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-18 15:19 - 2014-03-18 15:19 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2014-03-18 15:19 - 2014-03-18 15:19 - 00066048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-03-18 15:19 - 2014-03-18 15:19 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-03-18 15:19 - 2014-03-18 15:19 - 00063488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-03-18 15:19 - 2014-03-18 15:19 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-03-18 15:19 - 2014-03-18 15:19 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-03-18 15:19 - 2014-03-18 15:19 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-03-18 15:19 - 2014-03-18 15:19 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-03-18 15:19 - 2014-03-18 15:19 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-03-18 15:19 - 2014-03-18 15:19 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-03-18 15:19 - 2014-03-18 15:19 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-18 15:19 - 2014-03-18 15:19 - 00035840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-03-18 15:19 - 2014-03-18 15:19 - 00031744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-18 15:19 - 2014-03-18 15:19 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-03-18 15:19 - 2014-03-18 15:19 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-03-18 15:19 - 2014-03-18 15:19 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-03-18 15:19 - 2014-03-18 15:19 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-03-18 15:19 - 2014-03-18 15:19 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-03-18 15:19 - 2014-03-18 15:19 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-03-18 14:58 - 2014-03-18 15:17 - 00688992 ____R (Swearware) C:\Users\Grumpy\Desktop\dds.com
2014-03-18 14:57 - 2010-11-20 20:47 - 00018006 _____ () C:\Windows\PFRO.log
2014-03-18 14:54 - 2013-12-11 18:11 - 00000000 ____D () C:\Users\Grumpy\Documents\Outlook Files
2014-03-18 14:47 - 2013-09-06 18:06 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-03-18 10:38 - 2014-02-27 15:26 - 04130656 _____ (Kaspersky Lab ZAO) C:\Users\Grumpy\Desktop\TDSSKiller.exe
2014-03-18 10:24 - 2014-03-18 10:24 - 00003360 _____ () C:\Windows\System32\Tasks\RunAsStdUser Task
2014-03-17 21:55 - 2013-09-28 01:12 - 00000000 ____D () C:\Users\Grumpy\Documents\IT Files
2014-03-17 21:10 - 2013-08-29 14:34 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-17 20:56 - 2014-03-17 20:56 - 00001079 _____ () C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2014-03-17 20:56 - 2014-03-17 20:56 - 00000000 ____D () C:\Users\Grumpy\AppData\Local\VS Revo Group
2014-03-17 20:56 - 2014-03-17 20:56 - 00000000 ____D () C:\ProgramData\VS Revo Group
2014-03-17 20:56 - 2014-03-17 20:56 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-03-17 18:40 - 2013-08-29 14:26 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-17 18:39 - 2013-08-29 14:26 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-17 18:39 - 2013-08-29 14:26 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-17 18:27 - 2014-03-17 18:27 - 00000020 ___SH () C:\Users\Grumpy\ntuser.ini
2014-03-17 18:27 - 2014-03-17 18:13 - 00000000 ____D () C:\Windows\Panther
2014-03-17 18:27 - 2014-03-17 17:21 - 00000000 ____D () C:\Users\Grumpy
2014-03-17 18:26 - 2014-03-17 18:26 - 00000000 __SHD () C:\Recovery
2014-03-17 18:26 - 2009-07-13 22:32 - 00000000 ____D () C:\Windows\system32\restore
2014-03-17 18:26 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\Recovery
2014-03-17 18:13 - 2009-07-13 22:38 - 00025600 ___SH () C:\Windows\system32\config\BCD-Template.LOG
2014-03-17 18:13 - 2009-07-13 22:32 - 00028672 _____ () C:\Windows\system32\config\BCD-Template
2014-03-17 18:05 - 2014-03-17 18:05 - 00262144 _____ () C:\Windows\system32\config\userdiff
2014-03-17 18:05 - 2014-03-17 18:05 - 00000000 ____D () C:\Program Files\Microsoft Games
2014-03-17 17:55 - 2014-03-17 17:52 - 00000000 ___HD () C:\$WINDOWS.~Q
2014-03-17 17:55 - 2014-03-17 16:14 - 00006056 _____ () C:\Windows\comsetup.log
2014-03-17 17:50 - 2014-03-17 17:50 - 00022744 _____ () C:\Windows\system32\emptyregdb.dat
2014-03-17 17:50 - 2014-03-17 17:46 - 00000000 ___HD () C:\$INPLACE.~TR
2014-03-17 17:50 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\Registration
2014-03-17 17:48 - 2013-12-11 16:42 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2014-03-17 17:43 - 2009-07-13 21:46 - 00005157 _____ () C:\Windows\DtcInstall.log
2014-03-17 17:43 - 2009-07-13 20:20 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-03-17 17:43 - 2009-07-13 20:20 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-03-17 17:43 - 2009-07-13 20:20 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-03-17 17:43 - 2009-07-13 20:20 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-03-17 17:42 - 2014-03-17 15:59 - 00000000 ___RD () C:\Users\Grumpy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-03-17 17:42 - 2014-02-11 07:18 - 00000000 ____D () C:\Users\Grumpy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Citrix
2014-03-17 17:42 - 2014-01-27 13:50 - 00000000 ____D () C:\Users\Grumpy\Documents\photo1
2014-03-17 17:42 - 2014-01-06 20:21 - 00000000 ____D () C:\Users\Grumpy\AppData\Roaming\RealNetworks
2014-03-17 17:42 - 2014-01-06 20:19 - 00000000 ____D () C:\Users\Grumpy\AppData\Roaming\Real
2014-03-17 17:42 - 2014-01-06 20:18 - 00000000 ____D () C:\Users\Grumpy\Downloads\Driver Support
2014-03-17 17:42 - 2013-12-26 12:57 - 00000000 ____D () C:\Users\Grumpy\Documents\photo
2014-03-17 17:42 - 2013-12-20 20:13 - 00000000 ____D () C:\Users\Grumpy\AppData\Roaming\Playrix Entertainment
2014-03-17 17:42 - 2013-12-11 16:48 - 00000000 ____D () C:\Users\Grumpy\Documents\OneNote Notebooks
2014-03-17 17:42 - 2013-12-09 22:13 - 00000000 ____D () C:\Users\Grumpy\Documents\PandPAgenda12-11
2014-03-17 17:42 - 2013-12-07 00:42 - 00000000 ____D () C:\Users\Grumpy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2014-03-17 17:42 - 2013-11-26 21:49 - 00000000 ____D () C:\Users\Grumpy\Documents\LectorDirectory
2014-03-17 17:42 - 2013-11-12 21:37 - 00000000 ____D () C:\Users\Grumpy\Documents\PhillipSimeon
2014-03-17 17:42 - 2013-11-01 19:11 - 00000000 ____D () C:\Users\Grumpy\Documents\MoveinNI
2014-03-17 17:42 - 2013-09-28 14:52 - 00000000 ____D () C:\Users\Grumpy\AppData\Roaming\Optimizer Pro
2014-03-17 17:42 - 2013-09-28 14:52 - 00000000 ____D () C:\Users\Grumpy\AppData\Roaming\Mozilla
2014-03-17 17:42 - 2013-09-21 22:28 - 00000000 ____D () C:\Users\Grumpy\Documents\Untitledattachment000461
2014-03-17 17:42 - 2013-09-09 20:37 - 00000000 ____D () C:\Users\Grumpy\Documents\My Kindle Content
2014-03-17 17:42 - 2013-09-09 20:36 - 00000000 ____D () C:\Users\Grumpy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2014-03-17 17:42 - 2013-09-07 15:04 - 00000000 ____D () C:\Users\Grumpy\AppData\Roaming\PCDr
2014-03-17 17:42 - 2013-09-06 19:20 - 00000000 ____D () C:\Users\Grumpy\AppData\Roaming\Skype
2014-03-17 17:42 - 2013-09-06 18:05 - 00000000 ____D () C:\Users\Grumpy\Documents\Bluetooth Folder
2014-03-17 17:41 - 2014-02-21 23:11 - 00000000 ____D () C:\Users\Grumpy\AppData\Roaming\DriverCure
2014-03-17 17:41 - 2013-12-13 12:17 - 00000000 ____D () C:\Users\Grumpy\AppData\Roaming\Arcsoft
2014-03-17 17:41 - 2013-12-13 12:08 - 00000000 ____D () C:\Users\Grumpy\AppData\Roaming\HotSync
2014-03-17 17:41 - 2013-12-05 17:35 - 00000000 ____D () C:\Users\Grumpy\AppData\Roaming\Malwarebytes
2014-03-17 17:41 - 2013-09-12 22:57 - 00000000 ____D () C:\Users\Grumpy\AppData\Roaming\AOL
2014-03-17 17:41 - 2013-09-09 20:08 - 00000000 ____D () C:\Users\Grumpy\AppData\Roaming\Apple Computer
2014-03-17 17:41 - 2013-09-06 18:06 - 00000000 ____D () C:\Users\Grumpy\AppData\Roaming\Macromedia
2014-03-17 17:41 - 2013-09-06 18:06 - 00000000 ____D () C:\Users\Grumpy\AppData\Roaming\Intel Corporation
2014-03-17 17:41 - 2013-09-06 18:06 - 00000000 ____D () C:\Users\Grumpy\AppData\Roaming\Dell
2014-03-17 17:41 - 2013-09-06 18:05 - 00000000 ____D () C:\Users\Grumpy\AppData\Roaming\Atheros
2014-03-17 17:41 - 2013-09-06 18:04 - 00000000 ____D () C:\Users\Grumpy\AppData\Roaming\Adobe
2014-03-17 17:40 - 2014-02-25 22:56 - 00000000 ____D () C:\Users\Grumpy\AppData\Local\SearchProtect
2014-03-17 17:40 - 2014-02-11 11:09 - 00000000 ____D () C:\Users\Grumpy\AppData\Local\Downloaded Installations
2014-03-17 17:40 - 2014-01-06 20:21 - 00000000 ____D () C:\Users\Grumpy\AppData\Local\Real
2014-03-17 17:40 - 2014-01-06 20:18 - 00000000 ____D () C:\Users\Grumpy\AppData\Local\PC_Drivers_Headquarters
2014-03-17 17:40 - 2014-01-06 20:17 - 00000000 ____D () C:\Users\Grumpy\AppData\Local\Mobogenie
2014-03-17 17:40 - 2013-12-24 01:09 - 00000000 ____D () C:\Users\Grumpy\AppData\Local\Ulvmedia
2014-03-17 17:40 - 2013-12-13 17:06 - 00000000 ____D () C:\Users\Grumpy\AppData\Local\CrashDumps
2014-03-17 17:40 - 2013-12-12 18:15 - 00000000 ____D () C:\Users\Grumpy\AppData\Local\Microsoft Help
2014-03-17 17:40 - 2013-09-28 14:53 - 00000000 ____D () C:\Users\Grumpy\AppData\Local\WebPlayer
2014-03-17 17:40 - 2013-09-28 14:53 - 00000000 ____D () C:\Users\Grumpy\AppData\Local\Google
2014-03-17 17:40 - 2013-09-28 01:45 - 00000000 ____D () C:\Users\Grumpy\AppData\Local\HP
2014-03-17 17:40 - 2013-09-12 22:56 - 00000000 ____D () C:\Users\Grumpy\AppData\Local\AOL
2014-03-17 17:40 - 2013-09-09 20:08 - 00000000 ____D () C:\Users\Grumpy\AppData\Local\Apple Computer
2014-03-17 17:40 - 2013-09-09 20:07 - 00000000 ____D () C:\Users\Grumpy\AppData\Local\Apple
2014-03-17 17:40 - 2013-09-09 19:59 - 00000000 ____D () C:\Users\Grumpy\AppData\Local\SlimWare Utilities Inc
2014-03-17 17:40 - 2013-09-07 12:23 - 00000000 ____D () C:\Users\Grumpy\AppData\Local\Microsoft Games
2014-03-17 17:40 - 2013-09-06 18:19 - 00000000 ____D () C:\Users\Grumpy\AppData\Local\LogMeIn
2014-03-17 17:40 - 2013-09-06 18:14 - 00000000 ____D () C:\Users\Grumpy\AppData\Local\Citrix
2014-03-17 17:40 - 2013-09-06 18:14 - 00000000 ____D () C:\Users\Grumpy\AppData\Local\Apps\2.0
2014-03-17 17:40 - 2013-09-06 18:05 - 00000000 ____D () C:\Users\Grumpy\AppData\Local\BMExplorer
2014-03-17 17:40 - 2013-09-06 18:04 - 00000000 ____D () C:\Users\Grumpy\AppData\Local\VirtualStore
2014-03-17 17:40 - 2013-09-06 18:01 - 00000000 ____D () C:\Users\Grumpy\AppData\Local\SoftThinks
2014-03-17 17:39 - 2014-03-17 17:21 - 00000000 ____D () C:\Users\Administrator
2014-03-17 17:39 - 2014-03-17 13:52 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-17 17:39 - 2014-03-17 13:52 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-17 17:39 - 2014-03-17 13:52 - 00000000 ____D () C:\Users\Administrator\AppData\Local\SoftThinks
2014-03-17 17:39 - 2014-01-06 20:17 - 00000000 ____D () C:\Users\Grumpy\.android
2014-03-17 17:39 - 2013-09-09 20:36 - 00000000 ____D () C:\Users\Grumpy\AppData\Local\Amazon
2014-03-17 17:39 - 2013-09-06 21:26 - 00000000 ____D () C:\Users\Grumpy\AppData\Local\Adobe
2014-03-17 17:30 - 2014-01-02 00:23 - 00000000 ____D () C:\Windows\Sun
2014-03-17 17:30 - 2013-12-17 15:20 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-03-17 17:30 - 2013-08-29 14:41 - 00000000 ____D () C:\Windows\system32\nn-NO
2014-03-17 17:30 - 2013-08-29 14:41 - 00000000 ____D () C:\Windows\Options
2014-03-17 17:30 - 2013-08-29 14:35 - 00000000 ____D () C:\Windows\SysWOW64\sda
2014-03-17 17:30 - 2013-08-29 14:26 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-03-17 17:30 - 2013-08-29 14:26 - 00000000 ____D () C:\Windows\system32\Macromed
2014-03-17 17:30 - 2011-04-12 01:28 - 00000000 ____D () C:\Windows\ShellNew
2014-03-17 17:30 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SysWOW64\zh-HK
2014-03-17 17:30 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SysWOW64\tr-TR
2014-03-17 17:30 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\zh-HK
2014-03-17 17:30 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\tr-TR
2014-03-17 17:30 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\sysprep
2014-03-17 17:30 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\oobe
2014-03-17 17:29 - 2013-12-06 17:31 - 00000000 ____D () C:\Windows\Corel
2014-03-17 17:29 - 2013-08-29 14:58 - 00000000 ____D () C:\Windows\en
2014-03-17 17:28 - 2014-01-06 20:20 - 00000000 ____D () C:\ProgramData\RealNetworks
2014-03-17 17:28 - 2014-01-06 20:18 - 00000000 ____D () C:\ProgramData\UAB
2014-03-17 17:28 - 2014-01-06 20:16 - 00000000 ____D () C:\ProgramData\Real
2014-03-17 17:28 - 2013-12-06 17:46 - 00000000 ____D () C:\Users\Public\Documents\Corel User Files
2014-03-17 17:28 - 2013-12-06 17:46 - 00000000 ____D () C:\Users\Public\Documents\CCWin9
2014-03-17 17:28 - 2013-12-05 20:14 - 00000000 ____D () C:\ProgramData\Viewpoint
2014-03-17 17:28 - 2013-11-26 23:10 - 00000000 ____D () C:\ProgramData\Sun
2014-03-17 17:28 - 2013-09-09 19:59 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers
2014-03-17 17:28 - 2013-08-29 14:58 - 00000000 ____D () C:\ProgramData\PCDr
2014-03-17 17:27 - 2014-02-02 15:04 - 00000000 ____D () C:\ProgramData\magicJack
2014-03-17 17:27 - 2014-01-06 20:21 - 00000000 ____D () C:\ProgramData\Google
2014-03-17 17:27 - 2014-01-06 20:20 - 00000000 ____D () C:\Program Files (x86)\RealNetworks
2014-03-17 17:27 - 2014-01-06 20:17 - 00000000 ____D () C:\ProgramData\Driver Support
2014-03-17 17:27 - 2013-12-17 22:10 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-17 17:27 - 2013-12-13 12:08 - 00000000 ____D () C:\ProgramData\HotSync
2014-03-17 17:27 - 2013-12-11 16:46 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive
2014-03-17 17:27 - 2013-12-05 17:35 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-17 17:27 - 2013-09-28 01:46 - 00000000 ____D () C:\ProgramData\HP
2014-03-17 17:27 - 2013-09-12 22:57 - 00000000 ____D () C:\ProgramData\Macromedia
2014-03-17 17:27 - 2013-09-12 22:56 - 00000000 ____D () C:\Program Files (x86)\Viewpoint
2014-03-17 17:27 - 2013-09-12 22:55 - 00000000 ____D () C:\ProgramData\AOL
2014-03-17 17:27 - 2013-09-09 20:07 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-03-17 17:27 - 2013-09-09 20:06 - 00000000 ____D () C:\ProgramData\Apple
2014-03-17 17:27 - 2013-09-06 18:24 - 00000000 ____D () C:\ProgramData\Citrix
2014-03-17 17:27 - 2013-08-29 15:20 - 00000000 ____D () C:\ProgramData\Atheros
2014-03-17 17:27 - 2013-08-29 15:03 - 00000000 ____D () C:\ProgramData\Adobe
2014-03-17 17:27 - 2013-08-29 15:00 - 00000000 ____D () C:\ProgramData\McAfee
2014-03-17 17:27 - 2013-08-29 14:58 - 00000000 ____D () C:\ProgramData\PC-Doctor for Windows
2014-03-17 17:27 - 2013-08-29 14:56 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-03-17 17:27 - 2013-08-29 14:34 - 00000000 ____D () C:\ProgramData\Intel
2014-03-17 17:27 - 2013-08-29 14:34 - 00000000 ____D () C:\Program Files (x86)\Realtek
2014-03-17 17:27 - 2013-08-29 14:32 - 00000000 ____D () C:\ProgramData\Dell
2014-03-17 17:26 - 2014-03-03 00:16 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-17 17:26 - 2014-01-06 20:19 - 00000000 ____D () C:\Program Files (x86)\Real
2014-03-17 17:26 - 2013-12-17 22:10 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-03-17 17:26 - 2013-12-13 12:13 - 00000000 ____D () C:\Program Files (x86)\Palm
2014-03-17 17:26 - 2013-12-11 16:46 - 00000000 ____D () C:\Program Files (x86)\Microsoft SkyDrive
2014-03-17 17:26 - 2013-12-05 17:35 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-17 17:26 - 2013-09-28 14:46 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup
2014-03-17 17:26 - 2013-09-06 18:53 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-03-17 17:26 - 2013-09-06 18:19 - 00000000 ____D () C:\Program Files (x86)\LogMeIn
2014-03-17 17:26 - 2013-08-29 14:59 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-03-17 17:26 - 2013-08-29 14:57 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-03-17 17:25 - 2014-01-06 20:18 - 00000000 ____D () C:\Program Files (x86)\Google
2014-03-17 17:25 - 2014-01-06 20:17 - 00000000 ____D () C:\Program Files (x86)\Driver Support
2014-03-17 17:25 - 2013-12-06 17:42 - 00000000 ____D () C:\Program Files (x86)\Corel
2014-03-17 17:25 - 2013-09-28 01:46 - 00000000 ____D () C:\Program Files (x86)\HP
2014-03-17 17:25 - 2013-08-29 16:18 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-03-17 17:25 - 2013-08-29 14:50 - 00000000 ____D () C:\Program Files (x86)\CyberLink
2014-03-17 17:25 - 2013-08-29 14:41 - 00000000 ____D () C:\Program Files (x86)\Dell Wireless
2014-03-17 17:24 - 2014-03-03 00:16 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-17 17:24 - 2013-12-06 17:43 - 00000000 ____D () C:\Program Files (x86)\Borland
2014-03-17 17:24 - 2013-09-12 22:55 - 00000000 ____D () C:\Program Files (x86)\AOL Desktop 9.7
2014-03-17 17:24 - 2013-09-12 22:55 - 00000000 ____D () C:\Program Files (x86)\AOL
2014-03-17 17:24 - 2013-09-09 20:07 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-03-17 17:24 - 2013-09-09 20:06 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-03-17 17:24 - 2013-09-06 18:53 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-03-17 17:24 - 2013-09-06 18:14 - 00000000 ____D () C:\Program Files (x86)\Citrix
2014-03-17 17:24 - 2013-08-29 15:03 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-03-17 17:24 - 2013-08-29 14:58 - 00000000 ____D () C:\Program Files\My Dell
2014-03-17 17:24 - 2013-08-29 14:56 - 00000000 ____D () C:\Program Files\Windows Live
2014-03-17 17:24 - 2013-08-29 14:41 - 00000000 ____D () C:\Program Files (x86)\Cisco
2014-03-17 17:23 - 2014-01-01 18:59 - 00000000 ____D () C:\Program Files\MetaStream
2014-03-17 17:23 - 2013-12-17 22:10 - 00000000 ____D () C:\Program Files\iTunes
2014-03-17 17:23 - 2013-12-17 22:10 - 00000000 ____D () C:\Program Files\iPod
2014-03-17 17:23 - 2013-12-11 16:40 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-03-17 17:23 - 2013-12-05 20:31 - 00000000 ____D () C:\Program Files\CCleaner
2014-03-17 17:23 - 2013-09-28 01:46 - 00000000 ____D () C:\Program Files\HP
2014-03-17 17:23 - 2013-09-19 21:26 - 00000000 ____D () C:\Program Files\Microsoft Mouse and Keyboard Center
2014-03-17 17:23 - 2013-09-09 20:06 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-03-17 17:23 - 2013-09-09 20:06 - 00000000 ____D () C:\Program Files\Bonjour
2014-03-17 17:23 - 2013-09-06 21:32 - 00000000 ____D () C:\Program Files\Java
2014-03-17 17:23 - 2013-08-29 14:58 - 00000000 ____D () C:\Program Files\Dell Support Center
2014-03-17 17:23 - 2013-08-29 14:33 - 00000000 ____D () C:\Program Files\Intel
2014-03-17 17:23 - 2013-08-29 14:32 - 00000000 ____D () C:\Program Files\Dell
2014-03-17 17:23 - 2013-08-29 14:26 - 00000000 ____D () C:\Program Files\Dell Inc
2014-03-17 17:23 - 2009-07-13 20:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-03-17 17:20 - 2014-03-17 17:20 - 00001355 _____ () C:\Windows\TSSysprep.log
2014-03-17 17:20 - 2009-07-13 21:51 - 00000084 _____ () C:\Windows\setuperr.log
2014-03-17 17:19 - 2014-03-17 17:19 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_SynTP_01009.Wdf
2014-03-17 17:18 - 2014-03-17 17:18 - 00849474 _____ () C:\Windows\system32\Drivers\rtwavesskdy.dat
2014-03-17 17:18 - 2014-03-17 17:18 - 00188490 _____ () C:\Windows\system32\Drivers\RTWAVES40.dat
2014-03-17 17:18 - 2014-03-17 17:18 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2014-03-17 17:18 - 2014-03-17 17:18 - 00000000 ____D () C:\Windows\system32\SRSLabs
2014-03-17 17:18 - 2014-03-17 17:18 - 00000000 ____D () C:\Program Files\Realtek
2014-03-17 17:17 - 2014-03-17 17:17 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01009.Wdf
2014-03-17 17:17 - 2014-03-17 17:17 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_iusb3hcs_01009.Wdf
2014-03-17 17:17 - 2014-03-17 17:17 - 00000000 ____D () C:\Program Files\Synaptics
2014-03-17 17:16 - 2011-04-12 01:28 - 00000000 ____D () C:\Windows\CSC
2014-03-17 16:41 - 2013-08-29 16:18 - 02019200 _____ () C:\Windows\WindowsUpdate (1).log
2014-03-17 16:04 - 2014-03-17 15:40 - 00004316 _____ () C:\Users\Grumpy\Desktop\Windows Compatibility Report.htm
2014-03-17 16:00 - 2014-03-17 15:28 - 00001890 _____ () C:\Windows\diagwrn.xml
2014-03-17 16:00 - 2014-03-17 15:28 - 00001890 _____ () C:\Windows\diagerr.xml
2014-03-17 14:32 - 2014-03-17 11:41 - 00000000 ____D () C:\Windows\pss
2014-03-05 14:53 - 2014-03-05 14:53 - 00765016 _____ (Webroot) C:\Users\Grumpy\Desktop\wsainstall.exe
2014-03-05 12:22 - 2014-03-05 12:22 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Grumpy\Desktop\rkill.scr
2014-03-05 10:05 - 2014-02-26 14:56 - 00000000 ____D () C:\Program Files (x86)\DriverUpdate
2014-03-03 22:40 - 2014-03-03 22:40 - 00002954 _____ () C:\Users\Grumpy\Documents\ewilsonesq-AOLAccountSpoofed-03-03-2014.txt
2014-03-03 22:20 - 2014-02-19 23:55 - 00018313 _____ () C:\Users\Grumpy\Documents\SPECIALMinistryCalendarMarch&April2014Schedule.xlsx
2014-03-02 14:05 - 2014-03-18 16:17 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-23 00:12 - 2014-03-18 17:18 - 17847808 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-22 23:54 - 2014-03-18 17:18 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-22 23:52 - 2014-03-18 17:18 - 10926592 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-22 23:48 - 2014-03-18 17:18 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-22 23:48 - 2014-03-18 17:18 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-22 23:46 - 2014-03-18 17:18 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-22 23:46 - 2014-03-18 17:18 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-22 23:46 - 2014-03-18 17:18 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-22 23:45 - 2014-03-18 17:18 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-22 23:45 - 2014-03-18 17:18 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-22 23:45 - 2014-03-18 17:18 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-22 23:44 - 2014-03-18 17:19 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-22 23:44 - 2014-03-18 17:18 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-22 23:44 - 2014-03-18 17:18 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-22 23:44 - 2014-03-18 17:18 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-22 23:43 - 2014-03-18 17:18 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-22 22:50 - 2014-03-18 17:18 - 12347904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-22 22:47 - 2014-03-18 17:18 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-22 22:43 - 2014-03-18 17:18 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-22 22:41 - 2014-03-18 17:18 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-22 22:40 - 2014-03-18 17:18 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-22 22:39 - 2014-03-18 17:18 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-22 22:38 - 2014-03-18 17:18 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-02-22 22:38 - 2014-03-18 17:18 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-22 22:38 - 2014-03-18 17:18 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-22 22:37 - 2014-03-18 17:18 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-22 22:37 - 2014-03-18 17:18 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-02-22 22:37 - 2014-03-18 17:18 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-22 22:37 - 2014-03-18 17:18 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-22 22:36 - 2014-03-18 17:18 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-22 22:36 - 2014-03-18 17:18 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-02-22 22:35 - 2014-03-18 17:18 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-19 22:48 - 2014-02-19 22:48 - 00002168 _____ () C:\Users\Grumpy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk

Files to move or delete:
====================
C:\Users\Grumpy\g2ax_customer_downloadhelper_win32_x86.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-03-18 10:18

==================== End Of Log ============================



#4 9001M

9001M
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:11:23 PM

Posted 20 March 2014 - 01:42 PM

I found the attach function and just attached the Addition.txt file.

Attached Files



#5 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:09:23 AM

Posted 20 March 2014 - 06:18 PM

Hi,

 
Please download the following file => and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Also can you please go to C:\FRST\Quarantine and right click on the folder, select send to compressed(zip) folder that will make a zipped copy of this folder.
Then please upload it to my channel here => http://www.bleepingcomputer.com/submit-malware.php?channel=122 so I can examine the files and submit to antivirus companies if needed.
After that please delete the zip file you just created but don't delete the quarantine folder yet. We will delete it at the end of the cleaning process.

 

Also let me know if the problem still exists.

 

Also it's a good idea to reinstall Google Chrome because of this issue:

 

Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION

 

 

Regards,
Georgi


cXfZ4wS.png


#6 9001M

9001M
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:11:23 PM

Posted 20 March 2014 - 06:57 PM

Hi Georgi, thanks for the quick response!  It appears whatever was in your fixlist did the trick - no more phantom IE processes!  WOOHOO!!!  Thank you SO MUCH!

 

The fixlog is below.  And I just uploaded the compressed FRST Quarantine folder as you requested.

 

Can you share with me what you found and what was done to fix the problem?

 

Thanks again,

 

Steve

 

 

-----------------------------------------

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by Grumpy at 2014-03-20 16:29:27 Run:1
Running from C:\Users\Grumpy\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
HKU\S-1-5-21-2453122031-3096254195-2089459957-1001\...\Run: [Ulvmedia] - regsvr32.exe C:\Users\Grumpy\AppData\Local\Ulvmedia\NetCommsXx64.dll <===== ATTENTION
C:\Users\Grumpy\AppData\Local\Ulvmedia\NetCommsXx64.dll
URLSearchHook: HKCU - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No File
BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
Toolbar: HKCU - No Name - {D2C31D2B-35BE-4C2B-ACCB-A78877274E60} -  No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
CHR Extension: (No Name) - C:\Users\Grumpy\AppData\Local\Google\Chrome\User Data\Default\Extensions\abpgpfeejjkdgbegcmbbiimbefakonej [2014-01-14]
Task: {E11305F6-933C-4636-92A1-C85B8EA12EE5} - \RegCure Pro No Task File
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\66418961.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\66418961.sys => ""="Driver"
end
*****************

HKU\S-1-5-21-2453122031-3096254195-2089459957-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Ulvmedia => Value deleted successfully.
C:\Users\Grumpy\AppData\Local\Ulvmedia\NetCommsXx64.dll => Moved successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} => Value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D2C31D2B-35BE-4C2B-ACCB-A78877274E60} => Value deleted successfully.
HKCR\CLSID\{D2C31D2B-35BE-4C2B-ACCB-A78877274E60} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Value deleted successfully.
HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Key not found.
C:\Users\Grumpy\AppData\Local\Google\Chrome\User Data\Default\Extensions\abpgpfeejjkdgbegcmbbiimbefakonej => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E11305F6-933C-4636-92A1-C85B8EA12EE5} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E11305F6-933C-4636-92A1-C85B8EA12EE5} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegCure Pro => Key deleted successfully.
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\66418961.sys => Key deleted successfully.
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\66418961.sys => Key deleted successfully.

==== End of Fixlog ====



#7 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:09:23 AM

Posted 20 March 2014 - 08:01 PM

Hello,

 

The issue was caused by the following trojan:

 

HKU\S-1-5-21-2453122031-3096254195-2089459957-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Ulvmedia => Value deleted successfully.
C:\Users\Grumpy\AppData\Local\Ulvmedia\NetCommsXx64.dll => Moved successfully.

 

The malware has similar characteristics used by the following 3 families:

 

More information can be found here:

 

Win32/Sefnit, Win32/Tracur, Win32/Medfos

 

 

I want to make sure there is nothing lurking on the system so just in case I want you to go through these steps:

 

 

 

STEP 1

 

 

  • Please download RogueKillerX64.exe and save to the desktop.
  • Close all windows and browsers
  • Right-click the program and select 'Run as Administrator'
  • Press the scan button.
  • A report opens on the desktop named - RKreport.txt
  • Please copy and past the results at pastebin.com and post the link to the log in your next reply.

 

 

STEP 2
 

 

Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    image000q.png
  • Put a checkmark beside loaded modules.
    Sbf88.png
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    JtwHB.png
  • Click the Start Scan button.
    19695967.jpg
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    67776163.jpg
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    62117367.jpg
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and past the results at pastebin.com and post the link to the log in your next reply.

 

 

STEP 3

 

 

  • Please download the newest version of Malwarebytes' Anti-Malware and install it.
  • Please start the application by double-click on it's icon.
  • Once the program has loaded go to the UPDATE tab and check for updates.
  • When the update is complete, select the Scanner tab
  • Select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad.
  • Please save it to a convenient location and post the results in your next reply.

 

 

STEP 4

 

 

1.Please download HitmanPro

  • For 32-bit Operating System - dEMD6.gif.
  • For 64-bit Operating System - dEMD6.gif

2.Launch the program by double clicking on the 5vo5F.jpg icon.

Note: If the program won't run please then open the program while holding down the left CTRL key until the program is loaded.

3.Click on the next button. You must agree with the terms of EULA. (if asked)

4.Check the box beside "No, I only want to perform a one-time scan to check this computer".

5.Click on the next button.

6.The program will start to scan the computer. The scan will typically take no more than 5-10 minutes.

7.When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => Ignore <= IMPORTANT!!!

8.Click on the next button.

9.Click on the "Save Log" button.

10.Save that file to your desktop and post the content of that file in your next reply.

Note: if there isn't a dropdown menu when the scan is done then please don't delete anything and close HitmanPro

6-scanfin-choose.jpg

Navigate to C:\Documents and Settings\All Users\Application Data\HitmanPro\Logs (for Windows XP) or to C:\ProgramData\HitmanPro\Logs (for Windows Vista/7) open the report and copy and paste it to your next reply.

 

 

 

Regards,

Georgi


cXfZ4wS.png


#8 9001M

9001M
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:11:23 PM

Posted 20 March 2014 - 10:31 PM

Ok Georgi, step 1 is done.  Here's the link to the RKreport:  http://pastebin.com/qnfxvqXH

 

On to step 2



#9 9001M

9001M
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:11:23 PM

Posted 20 March 2014 - 10:36 PM

I should have asked - should I just close RogueKiller without taking any action on the items found?  Or should I sit tight, leave it open and wait until you've reviewed the report?



#10 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:09:23 AM

Posted 21 March 2014 - 12:28 AM

Hello,

 

Sorry I wasn't clear enough.

Please close RogueKIller without deleting anything and continie with the rest ot the steps. :)

 

 

Regards,

Georgi


cXfZ4wS.png


#11 9001M

9001M
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:11:23 PM

Posted 21 March 2014 - 12:51 AM

Ok, thanks for the clarification Georgi.  Here's the link to the TDSSKiller log:  http://pastebin.com/B8e2iRUb

 

On to step 3...



#12 9001M

9001M
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:11:23 PM

Posted 21 March 2014 - 01:14 AM

Here are the MBAM results.  On to the last step...

 

------------------------------------------

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.03.21.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Grumpy :: GRUMPY-PC [administrator]

3/20/2014 11:00:03 PM
mbam-log-2014-03-20 (23-00-03).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 243437
Time elapsed: 4 minute(s), 4 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0} (PUP.Optional.QuickShare.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



#13 9001M

9001M
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:11:23 PM

Posted 21 March 2014 - 01:27 AM

Ok, last step done.  Here's the HitmanPro log:

 

-------------------------------------

 

HitmanPro 3.7.9.212
www.hitmanpro.com
   Computer name . . . . : GRUMPY-PC
   Windows . . . . . . . : 6.1.1.7601.X64/4
   User name . . . . . . : Grumpy-PC\Grumpy
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free
   Scan date . . . . . . : 2014-03-20 23:17:08
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 5m 29s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
   Threats . . . . . . . : 0
   Traces  . . . . . . . : 808
   Objects scanned . . . : 1,498,547
   Files scanned . . . . : 35,703
   Remnants scanned  . . : 423,227 files / 1,039,617 keys
Potential Unwanted Programs _________________________________________________
   C:\Program Files (x86)\MyPC Backup\ (MyPC Backup)
   C:\Program Files (x86)\MyPC Backup\DEL_UnRegisterExtensions.exe (MyPC Backup)
      Size . . . . . . . : 15,872 bytes
      Age  . . . . . . . : 182.3 days (2013-09-19 15:37:58)
      Entropy  . . . . . : 5.1
      SHA-256  . . . . . : 6766873AFDCAFC2A577EFCA38B3F8E6A6B1A2A59198BF6F5C104393286B867E2
      Needs elevation  . : Yes
      Product  . . . . . : UnRegisterExtensions
      Publisher  . . . . : mypcbackup.com
      Description  . . . : UnRegisterExtensions
      Version  . . . . . : 1.0.0.0
      Copyright  . . . . : Copyright © Microsoft 2011
      Fuzzy  . . . . . . : 0.0
   C:\Users\Grumpy\AppData\Local\Mobogenie\ (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\client.time (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Data\ (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Data\mobogenie_u_user_dl.mg (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Download\Apk\ (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Download\Apk\504fca68d003f96a3d50d8e4e41404631389064678533.mu (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\mobo.dat (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\mobo.uuid (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Source.mu (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\ (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\ (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\configure.mu (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\lang.mu (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\mobileu_chinese.qm (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\mobileu_traditional.qm (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\mobileu_vietnamese.qm (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\mobogenie.apk (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.url (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\MUServer.apk (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\Source.mu (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\StaConfig.mu (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\css\ (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\css\main.css (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\javascript\doT-master\ (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\javascript\doT-master\benchmarks\ (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\javascript\doT-master\benchmarks\genspeed.html (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\javascript\doT-master\benchmarks\index.html (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\javascript\doT-master\bin\ (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\javascript\doT-master\bin\dot-packer (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\javascript\doT-master\examples\ (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\javascript\doT-master\examples\advancedsnippet.txt (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\javascript\doT-master\examples\browsersample.html (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\javascript\doT-master\examples\snippet.txt (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\javascript\doT-master\examples\views\ (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\javascript\doT-master\examples\views\multidef.def.jst (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\javascript\doT-master\examples\views\one.def (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\javascript\doT-master\examples\views\two.dot.jst (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\javascript\doT-master\LICENSE-DOT.txt (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\javascript\doT-master\package.json (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\javascript\doT-master\README.md (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\ (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\app.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\app_hover.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\app_on.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\bigger.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\bigger_hover.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\bigger_on.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\border_top.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\bottom_bar.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\bottom_slider.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\bottomBar.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\bottomBar_46.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\close.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\close_hover.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\close_on.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\cpclose.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\cpclose_hover.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\cpclose_on.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\delete.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\download.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\downloading.gif (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\facebook.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\facebook_hover.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\facebook_on.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\feed.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\feed_hover.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\feed_on.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\feedback.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\feedback_hover.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\feedback_on.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\game.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\game_hover.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\game_on.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\geni.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\geni_hover.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\geni_on.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\google.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\google_hover.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\google_on.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\gphone.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\gphone_hover.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\gphone_on.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\header.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\home.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\home_hover.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\home_on.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\leftBar_20.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\leftBottom.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\leftBottom_44.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\leftTop.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\leftTop_03.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\logo.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\mode.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\more.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\more_hover.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\more_on.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\music.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\music_bg.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\music_hover.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\music_on.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\next.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\next_hover.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\next_on.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\normal.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\normal_hover.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\normal_on.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\pause.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\pause_hover.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\pause_on.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\phone.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\phone_hover.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\phone_on.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\picture.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\picture_hover.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\picture_on.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\play.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\play_hover.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\play_on.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\prev.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\prev_hover.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\prev_on.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\rightBar.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\rightBottom.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\rightBottom_48.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\rightTop.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\rightTop_07.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\sd_background.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\sd_background2.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\sd_btnDelete_disabled.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\sd_btnDelete_hover.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\sd_btnDelete_normal.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\sd_btnDelete_pressed.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\sd_btnExport_disabled.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\sd_btnExport_hover.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\sd_btnExport_normal.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\sd_btnExport_pressed.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\sd_btnImport_disabled.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\sd_btnImport_hover.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\sd_btnImport_normal.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\sd_btnImport_pressed.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\sd_btnLeft_disabled.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\sd_btnLeft_hover.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\sd_btnLeft_normal.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\sd_btnLeft_pressed.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\sd_btnNewDir_disabled.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\sd_btnNewDir_hover.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\sd_btnNewDir_normal.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\sd_btnNewDir_pressed.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\sd_btnRefresh_disabled.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\sd_btnRefresh_hover.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\sd_btnRefresh_normal.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\sd_btnRefresh_pressed.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\sd_btnRight_disabled.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\sd_btnRight_hover.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\sd_btnRight_normal.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\sd_btnRight_pressed.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\sd_close_hover.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\sd_close_normal.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\sd_close_pressed.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\sd_min_hover.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\sd_min_normal.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\sd_min_pressed.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\sd_title.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\search_bg.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\segment.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\selected.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\skin.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\skin_hover.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\skin_on.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\small.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\small_hover.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\small_on.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\sound.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\sound_hover.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\sound_on.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\sound_slider_bg.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\sound_slider_bttn.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\split.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\Thumbs.db (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\top_bg.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\top_left_border.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\top_right_border.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\topBar_05.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\twitter.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\twitter_hover.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\twitter_on.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\video.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\video_hover.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\default\video_on.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\skin1\ (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\skin1\app.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\skin1\app_hover.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\skin1\app_on.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\skin1\bigger.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\skin1\bigger_hover.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\skin1\bigger_on.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\skin1\close.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\skin1\close_hover.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\skin1\close_on.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\skin1\cpclose.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\skin1\cpclose_hover.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\skin1\cpclose_on.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\skin1\facebook.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\skin1\facebook_hover.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\skin1\facebook_on.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\skin1\feedback.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\skin1\feedback_hover.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\skin1\feedback_on.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\skin1\game.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\skin1\game_hover.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\skin1\game_on.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\skin1\geni.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\skin1\geni_hover.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\skin1\geni_on.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\skin1\gphone.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\skin1\gphone_hover.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\skin1\gphone_on.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\skin1\home.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\skin1\home_hover.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\skin1\home_on.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\skin1\more.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\skin1\more_hover.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\skin1\more_on.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\skin1\music.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\skin1\music_hover.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\skin1\music_on.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\skin1\normal.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\skin1\normal_hover.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\skin1\normal_on.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\skin1\phone.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\skin1\phone_hover.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\skin1\phone_on.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\skin1\picture.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\skin1\picture_hover.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\skin1\picture_on.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\skin1\selected.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\skin1\skin.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\skin1\skin_hover.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\skin1\skin_on.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\skin1\small.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\skin1\small_hover.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\skin1\small_on.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\skin1\Thumbs.db (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\skin1\top_bg.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\skin1\video.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\skin1\video_hover.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\skin\skin1\video_on.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\ (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\css\ (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\css\app.css (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\css\bootstrap-typeahead.css (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\css\common.css (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\css\default-color.css (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\css\grid.css (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\css\image.css (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\css\jquery.autocomplete.css (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\css\main.css (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\css\message.css (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\css\prettyPhoto.css (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\css\skin1.css (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\css\skindialog.css (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\css\style.css (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\css\vedio.css (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\ (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\add_web.html (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\backup_all.html (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\backup_status.html (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\backupAll.html (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\backupAll2.html (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\binding.html (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\close.html (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\collect_data.html (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\dialog.html (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\dialog_close.html (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\dm_backup.html (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\dm_installapp.html (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\download.html (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\download_center.html (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\driver_loading.html (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\errorlay.html (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\exporting.html (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\images\ (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\images\an.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\images\animation_cicle.gif (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\images\animation_flower.gif (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\images\back.gif (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\images\bd_phone.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\images\hx.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\images\images_156X167_1.jpg (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\images\images_156X167_151.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\images\images_156X167_2.jpg (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\images\images_156X167_3.jpg (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\images\play.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\images\pop1_11.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\images\pop2_03.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\images\pop3_07.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\images\simg.jpg (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\images\Thumbs.db (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\images\ui-left-images.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\images\ui-right-images.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\import_from_file.html (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\import_from_file_v2.html (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\importing.html (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\install.html (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\install_failed.html (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\install_help.html (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\installing.html (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\js_\i18n\ (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\js_\i18n\#U8bed#U8a00#U540d#U79f0.txt (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\js_\i18n\italian\ (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\js_\i18n\italian\strings.xml (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\loading.html (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\manual-update.html (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\newsms.html (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\nomem.html (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\promote_active.html (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\recommend.html (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\recommend2.html (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\restore_all.html (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\restore_status.html (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\restoreAll.html (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\settings.html (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\skin-dialog.html (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\skindialog.html (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\speed.html (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\update_app.html (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\upgrade.html (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\usb.html (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\usb2.html (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\dialog\video_select.html (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\footer.html (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\htmlTemp\ (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\htmlTemp\app.html (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\htmlTemp\barball.html (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\htmlTemp\contact.html (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\htmlTemp\download.html (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\htmlTemp\download_center.html (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\htmlTemp\driver.html (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\htmlTemp\footer.html (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\htmlTemp\good.html (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\htmlTemp\message.html (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\htmlTemp\music.html (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\htmlTemp\picture.html (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\htmlTemp\pop.html (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\htmlTemp\vedio.html (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\htmlTemp\welcome.html (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\htmlTemp\welcome_ok.html (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\iframe\ (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\iframe\appIframe.html (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\iframe\barballframe.html (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\iframe\bd_barballframe.html (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\iframe\gameIframe.html (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\iframe\homeIframe.html (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\iframe\imagesIframe.html (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\iframe\musicIframe.html (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\iframe\tempframe.html (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\iframe\topIframe.html (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\iframe\videoIframe.html (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\ (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\1.gif (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\111.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\2.gif (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\an.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\AngryBirdsStarWarsIIFree.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\app-default-small.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\backup_complete.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\backup_default_app.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\backup_default_content.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\backup_default_image.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\backup_default_msg.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\backup_default_music.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\backup_default_video.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\backup_li_bg.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\backup_loading.gif (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\BarbaraPalvinVictorias.jpg (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\battery-bg.gif (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\BBM.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\bd_phone.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\bd_right.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\bizhi.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\Camera360.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\CandyCrushSaga.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\CarAbstract.jpg (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\cate-icon.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\category-bg.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\caution.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\charge_finish.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\check_usb_debug.jpg (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\Chrome.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\CLauncher.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\CleanMasterFREE.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\close-client.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\close-client2.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\complete.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\connceting.gif (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\connect-error.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\connect_gif.gif (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\connected.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\connecting.gif (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\connecting.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\connecting_default.gif (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\connection-error.gif (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\connection-guide-bg-300X300.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\connection-no.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\contact-default-large.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\contact-default-small.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\contact_icon.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\content_mask_1X35.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\dc_icon_03.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\dc_icon_06.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\dc_icon_07.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\dc_icon_09.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\dc_icon_11.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\dc_weak.gif (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\deamon_process_close.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\debug\ (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\debug\1.1.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\debug\1.2.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\debug\1.3.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\debug\1.4.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\debug\1.5.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\debug\1.6.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\debug\2.1.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\debug\2.2.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\debug\2.3.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\debug\2.4.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\debug\2.5.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\debug\2.6.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\debug\2.7.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\debug\3.1.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\debug\3.2.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\debug\3.3.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\debug\3.4.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\debug\3.5.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\debug\3.6.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\debug\3.7.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\debug\3.8.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\debug\3.9.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\debug\next.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\debug\nexth.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\debug\prev.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\debug\prevh.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\debug\Thumbs.db (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\default-skin.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\default_image.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\default_small_app.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\default_small_images.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\default_small_music.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\default_small_vedio.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\default_video.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\dialog.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\dialog1.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\diwali-special.jpg (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\down-anima-bg-16X32.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\download_icon.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\download_progress.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\download_progress_inner.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\drive-arrows.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\driver-no-link.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\driver_bottom_hx.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\driver_download.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\driver_exclam.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\driver_failure.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\driver_install.gif (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\driver_installing_04.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\driver_installing_07.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\driver_leftbar_bg.jpg (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\driver_loading2.gif (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\driver_no_link.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\driver_phone_sd.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\driver_right_bg.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\driver_success.gif (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\driver_tabs_03.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\driver_tabs_05.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\driver_tabs_07.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\driver_tabs_09.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\driver_tabs_11.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\driver_tabs_13.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\driver_tabs_15.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\driver_tabs_17.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\driver_tabs_20.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\driver_tabs_23.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\dubug_rideo.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\dubug_rideo2.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\dubug_rideo3.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\error.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\expression.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\Facebook.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\facebook_bg.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\facebook_button.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\facebook_sidebar_button.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\fastcharge.gif (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\Feedback.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\footer-download-default-icon_03.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\footer-note-center-loading.gif (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\footer_download_icon.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\free.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\getall.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\gl.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\gl_update.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\head-replacement_img.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\HillClimbRacing.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\home_03.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\home_05.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\huise.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\hx.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\icon-box.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\icon-contact.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\icon-sdb.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\icon.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\icon_default_app_36X36.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\icon_default_ebook_36X36.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\icon_default_file_36X36.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\icon_default_music_36X36.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\icon_default_pic_36X36.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\icon_default_video_36X36.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\icon_indentation.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\icon_left_triangle.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\icon_open.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\icon_right_triangle.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\imageNavLeft-disabled.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\imageNavLeft.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\imageNavRight-disabled.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\imageNavRight.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\info_panel_bg_8X8.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\Instagram.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\install_phone.gif (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\issue.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\jindu.gif (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\jindushu.gif (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\left_box.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\light.gif (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\load-bg.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\load.gif (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\loading-logo.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\loading.gif (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\loading.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\loading_16.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\loading_16X16.gif (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\logo.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\logout-span.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\logout.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\LoveLips.jpg (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\lucky_bg.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\lvse.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\m-ui-deamon-process-button.jpg (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\m-ui-toolbar.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\manual-update-bg.jpg (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\menu_li_bottom_bg.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\message-contact.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\Minecraft.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\minus.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\mobogenie_load.gif (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\mobogenie_load_img.gif (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\more-web.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\no-connect.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\no_link_icon.jpg (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\note_default_icon.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\phone_version_icon.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\photo\ (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\photo\mp_botbut.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\photo\mp_button.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\photo\mp_close.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\photo\mp_del.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\photo\mp_leftb.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\photo\mp_leftbh.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\photo\mp_lefts.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\photo\mp_leftsh.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\photo\mp_look.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\photo\mp_notsel.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\photo\mp_rightb.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\photo\mp_rightbh.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\photo\mp_rights.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\photo\mp_rightsh.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\photo\mp_rotatel.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\photo\mp_rotater.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\photo\mp_selected.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\photo\mp_set.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\photo\mp_smallbutl.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\photo\Thumbs.db (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\pic_down_logo_s.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\PlantsVsZombies2.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\playing_11X11.gif (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\plus.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\point.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\PouMyPet.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\prettyPhoto\dark_rounded\ (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\prettyPhoto\dark_rounded\btnNext.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\prettyPhoto\dark_rounded\btnPrevious.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\prettyPhoto\dark_rounded\contentPattern.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\prettyPhoto\dark_rounded\default_thumbnail.gif (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\prettyPhoto\dark_rounded\loader.gif (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\prettyPhoto\dark_rounded\sprite.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\prettyPhoto\dark_rounded\Thumbs.db (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\prettyPhoto\dark_square\ (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\prettyPhoto\dark_square\btnNext.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\prettyPhoto\dark_square\btnPrevious.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\prettyPhoto\dark_square\contentPattern.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\prettyPhoto\dark_square\default_thumbnail.gif (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\prettyPhoto\dark_square\loader.gif (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\prettyPhoto\dark_square\sprite.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\prettyPhoto\dark_square\Thumbs.db (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\prettyPhoto\default\ (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\prettyPhoto\default\default_thumb.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\prettyPhoto\default\loader.gif (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\prettyPhoto\default\sprite.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\prettyPhoto\default\sprite_next.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\prettyPhoto\default\sprite_prev.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\prettyPhoto\default\sprite_x.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\prettyPhoto\default\sprite_y.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\prettyPhoto\default\Thumbs.db (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\prettyPhoto\facebook\ (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\prettyPhoto\facebook\btnNext.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\prettyPhoto\facebook\btnPrevious.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\prettyPhoto\facebook\contentPatternBottom.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\prettyPhoto\facebook\contentPatternLeft.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\prettyPhoto\facebook\contentPatternRight.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\prettyPhoto\facebook\contentPatternTop.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\prettyPhoto\facebook\default_thumbnail.gif (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\prettyPhoto\facebook\loader.gif (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\prettyPhoto\facebook\setWallpaperHover.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\prettyPhoto\facebook\sprite.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\prettyPhoto\facebook\Thumbs.db (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\prettyPhoto\light_rounded\ (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\prettyPhoto\light_rounded\btnNext.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\prettyPhoto\light_rounded\btnPrevious.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\prettyPhoto\light_rounded\default_thumbnail.gif (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\prettyPhoto\light_rounded\loader.gif (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\prettyPhoto\light_rounded\sprite.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\prettyPhoto\light_rounded\Thumbs.db (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\prettyPhoto\light_square\ (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\prettyPhoto\light_square\btnNext.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\prettyPhoto\light_square\btnPrevious.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\prettyPhoto\light_square\default_thumbnail.gif (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\prettyPhoto\light_square\loader.gif (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\prettyPhoto\light_square\sprite.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\prettyPhoto\light_square\Thumbs.db (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\process.gif (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\process.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\progress_bg_10X4.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\progress_bg_18X6.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\right_bg_346X484.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\root-icon.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\sanjiao.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\search-btn1.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\search-btn2.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\search_btn_message.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\shuaxin.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\skin-checked.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\skin-checked1.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\skin1.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\SpeedMoto.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\spit.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\split.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\sprite3.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\sprite_icon.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\sprite_lucky.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\sprite_nav_icon.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\star.gif (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\step_bg.jpg (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\step_bg2.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\step_image1_09.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\step_image2_03.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\SubwaySurfers.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\succes.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\tabs_default.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\tabs_light.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\tag-icon.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\TalkingTomCat2Free.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\TempleRun2.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\Thumbs.db (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\tip-new-app.jpg (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\tip-new-ringtone-wallpaper.jpg (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\tips-jiao.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\tips-restore.jpg (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\to_link_icon.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\TreePathWallpaper.jpg (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\tuijian.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\ui-left-images.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\ui-right-images.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\ui_header_bg.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\ui_header_bg2.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\ui_update_icon.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\usb-dbug.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\usb-link.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\versition_03.jpg (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\versition_05.jpg (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\versition_07.jpg (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\versition_09.jpg (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\versition_15.jpg (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\versition_17.jpg (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\versition_19.jpg (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\versition_24.jpg (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\versition_26.jpg (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\versition_28.jpg (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\versition_30.jpg (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\video-box2.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\video-icon.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\video-share.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\video_11.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\video_13.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\video_15.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\video_17.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\video_icon.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\website-logo.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\website.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\welcome_bg.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\welcome_bg_100X100.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\welcome_connect_phone_animate.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\welcome_icon.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\WhatsAppMessenger.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\youtube_b.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\images\ytb-button.png (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\index.html (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\ (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\i18n\ (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\i18n\#U8bed#U8a00#U540d#U79f0.txt (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\module\ui\ (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\module\ui\ifr.html (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\module\ui\test.html (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\TEMPHTML.html (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\tpls\ (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\tpls\addweb.ejs (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\tpls\app.html (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\tpls\app_local.ejs (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\tpls\app_system.ejs (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\tpls\app_update.ejs (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\tpls\appIframe.ejs (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\tpls\appIframe.html (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\tpls\contact.html (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\tpls\Disclaimer.ejs (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\tpls\download_animate.ejs (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\tpls\download_center.ejs (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\tpls\download_center_installed.ejs (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\tpls\driver_loading.ejs (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\tpls\gameIframe.ejs (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\tpls\gameIframe.html (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\tpls\genieIframe.ejs (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\tpls\homeContentPage.ejs (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\tpls\homeIframe.html (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\tpls\imageIframe.ejs (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\tpls\imageIframe.html (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\tpls\message.html (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\tpls\musicIframe.ejs (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\tpls\musicIframe.html (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\tpls\photo.html (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\tpls\PrivacyPolicy.ejs (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\tpls\recommend.ejs (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\tpls\recommendNewUser.ejs (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\tpls\ui.html (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\tpls\usbDebugging.ejs (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\templates\web\js_\tpls\video.html (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\updateConfigure.mu (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\UpdateLogFile.dat (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\websites.mu (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\websites_cn.mu (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\websites_traditional.mu (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\websites_vie.mu (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\Mobogenie\Version\OldVersion\release-update.xml (Rocketfuel)
   C:\Users\Grumpy\AppData\Local\SearchProtect\ (Tuvaro)
   C:\Users\Grumpy\AppData\Local\SearchProtect\SearchProtect\rep\ (Tuvaro)
   C:\Users\Grumpy\AppData\Local\SearchProtect\SearchProtect\rep\Cvc.dat (Tuvaro)
   C:\Users\Grumpy\AppData\Local\SearchProtect\SearchProtect\rep\UserRepository.dat (Tuvaro)
   C:\Users\Grumpy\AppData\Local\SearchProtect\SearchProtect\rep\UserSettings.dat (Tuvaro)
   C:\Users\Grumpy\AppData\Local\SearchProtect\UI\rep\ (Tuvaro)
   C:\Users\Grumpy\AppData\Local\SearchProtect\UI\rep\UIRepository.dat (Tuvaro)
   C:\Users\Grumpy\AppData\LocalLow\Smartbar\ (FLV Player)
   C:\Users\Grumpy\AppData\LocalLow\Smartbar\UserInfo.config (FLV Player)
   C:\Users\Grumpy\AppData\Roaming\Optimizer Pro\ (FLV Player)
   C:\Users\Grumpy\My Documents\Mobogenie\ (Rocketfuel)
   HKLM\SOFTWARE\Classes\.bdc\ (Babylon)
   HKLM\SOFTWARE\Classes\.bgl\ (Babylon)
   HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}\ (FLV Player)
   HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}\ (FLV Player)
   HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}\ (FLV Player)
   HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}\ (FLV Player)
   HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}\ (FLV Player)
   HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}\ (FLV Player)
   HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}\ (FLV Player)
   HKLM\SOFTWARE\Classes\IESmartBar.BandObjectAttribute\ (FLV Player)
   HKLM\SOFTWARE\Classes\IESmartBar.DockingPanel\ (FLV Player)
   HKLM\SOFTWARE\Classes\IESmartBar.IESmartBar\ (FLV Player)
   HKLM\SOFTWARE\Classes\IESmartBar.IESmartBarBandObject\ (FLV Player)
   HKLM\SOFTWARE\Classes\IESmartBar.SmartbarDisplayState\ (FLV Player)
   HKLM\SOFTWARE\Classes\IESmartBar.SmartbarMenuForm\ (FLV Player)
   HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}\ (FLV Player)
   HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}\ (FLV Player)
   HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}\ (FLV Player)
   HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}\ (FLV Player)
   HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}\ (FLV Player)
   HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}\ (FLV Player)
   HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}\ (FLV Player)
   HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}\ (FLV Player)
   HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}\ (FLV Player)
   HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}\ (FLV Player)
   HKLM\SOFTWARE\InstalledThirdPartyPrograms\ (iPumper)
   HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{ae07101b-46d4-4a98-af68-0333ea26e113} (FLV Player)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}\ (FLV Player)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{ae07101b-46d4-4a98-af68-0333ea26e113} (FLV Player)
   HKU\S-1-5-21-2453122031-3096254195-2089459957-1001\Software\APN PIP\ (AskBar)
   HKU\S-1-5-21-2453122031-3096254195-2089459957-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}\ (FLV Player)
   HKU\S-1-5-21-2453122031-3096254195-2089459957-1001\Software\Optimizer Pro\ (FLV Player)
   HKU\S-1-5-21-2453122031-3096254195-2089459957-1001\Software\Smartbar\ (Conduit)
Cookies _____________________________________________________________________
   C:\Users\Grumpy\AppData\Roaming\Microsoft\Windows\Cookies\28Y1RBFR.txt
   C:\Users\Grumpy\AppData\Roaming\Microsoft\Windows\Cookies\C1ZLLQE4.txt
   C:\Users\Grumpy\AppData\Roaming\Microsoft\Windows\Cookies\O469C1Q6.txt


#14 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:09:23 AM

Posted 21 March 2014 - 11:30 AM

Hello,

 

Great work...let's remove the PUPs applications from your system:

 

Please download the following file =>  and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

 

Also let's run a check for out of date programs:

 

Download Security Check by screen317 from here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

 

 

Regards,

Georgi


cXfZ4wS.png


#15 9001M

9001M
  • Topic Starter

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Local time:11:23 PM

Posted 21 March 2014 - 11:47 AM

Ok, here's the FRST Fixlog:

-------------------------------------

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by Grumpy at 2014-03-21 09:37:59 Run:2
Running from C:\Users\Grumpy\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
C:\Program Files (x86)\MyPC Backup
C:\Users\Grumpy\AppData\Local\Mobogenie
C:\Users\Grumpy\AppData\Local\SearchProtect
C:\Users\Grumpy\AppData\LocalLow\Smartbar
C:\Users\Grumpy\AppData\Roaming\Optimizer Pro
C:\Users\Grumpy\My Documents\Mobogenie
Reg: reg delete "HKLM\SOFTWARE\Classes\.bdc" /f
Reg: reg delete "HKLM\SOFTWARE\Classes\.bgl" /f
Reg: reg delete "HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}" /f
Reg: reg delete "HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}" /f
Reg: reg delete "HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}" /f
Reg: reg delete "HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}" /f
Reg: reg delete "HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}" /f
Reg: reg delete "HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}" /f
Reg: reg delete "HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}" /f
Reg: reg delete "HKLM\SOFTWARE\Classes\IESmartBar.BandObjectAttribute" /f
Reg: reg delete "HKLM\SOFTWARE\Classes\IESmartBar.DockingPanel" /f
Reg: reg delete "HKLM\SOFTWARE\Classes\IESmartBar.IESmartBar" /f
Reg: reg delete "HKLM\SOFTWARE\Classes\IESmartBar.IESmartBarBandObject" /f
Reg: reg delete "HKLM\SOFTWARE\Classes\IESmartBar.SmartbarDisplayState" /f
Reg: reg delete "HKLM\SOFTWARE\Classes\IESmartBar.SmartbarMenuForm" /f
Reg: reg delete "HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}" /f
Reg: reg delete "HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}" /f
Reg: reg delete "HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}" /f
Reg: reg delete "HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}" /f
Reg: reg delete "HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}" /f
Reg: reg delete "HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}" /f
Reg: reg delete "HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}" /f
Reg: reg delete "HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}" /f
Reg: reg delete "HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}" /f
Reg: reg delete "HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}" /f
Reg: reg delete "HKLM\SOFTWARE\InstalledThirdPartyPrograms" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{ae07101b-46d4-4a98-af68-0333ea26e113}" /f
Reg: reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}" /f
Reg: reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{ae07101b-46d4-4a98-af68-0333ea26e113}" /f
Reg: reg delete "HKU\S-1-5-21-2453122031-3096254195-2089459957-1001\Software\APN PIP" /f
Reg: reg delete "HKU\S-1-5-21-2453122031-3096254195-2089459957-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}" /f
Reg: reg delete "HKU\S-1-5-21-2453122031-3096254195-2089459957-1001\Software\Optimizer Pro" /f
Reg: reg delete "HKU\S-1-5-21-2453122031-3096254195-2089459957-1001\Software\Smartbar" /f
Task: {5C396FB4-DEAD-422D-9DE1-52A45A335884} - System32\Tasks\RunAsStdUser Task => C:\Program Files (x86)\Pogo Games\PogoDGC.exe <==== ATTENTION
end
*****************

C:\Program Files (x86)\MyPC Backup => Moved successfully.
C:\Users\Grumpy\AppData\Local\Mobogenie => Moved successfully.
C:\Users\Grumpy\AppData\Local\SearchProtect => Moved successfully.
C:\Users\Grumpy\AppData\LocalLow\Smartbar => Moved successfully.
C:\Users\Grumpy\AppData\Roaming\Optimizer Pro => Moved successfully.
C:\Users\Grumpy\My Documents\Mobogenie => Moved successfully.

========= reg delete "HKLM\SOFTWARE\Classes\.bdc" /f =========

The operation completed successfully.

 

========= End of Reg: =========

========= reg delete "HKLM\SOFTWARE\Classes\.bgl" /f =========

The operation completed successfully.

 

========= End of Reg: =========

========= reg delete "HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}" /f =========

The operation completed successfully.

 

========= End of Reg: =========

========= reg delete "HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}" /f =========

The operation completed successfully.

 

========= End of Reg: =========

========= reg delete "HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}" /f =========

The operation completed successfully.

 

========= End of Reg: =========

========= reg delete "HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}" /f =========

The operation completed successfully.

 

========= End of Reg: =========

========= reg delete "HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}" /f =========

The operation completed successfully.

 

========= End of Reg: =========

========= reg delete "HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}" /f =========

The operation completed successfully.

 

========= End of Reg: =========

========= reg delete "HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}" /f =========

The operation completed successfully.

 

========= End of Reg: =========

========= reg delete "HKLM\SOFTWARE\Classes\IESmartBar.BandObjectAttribute" /f =========

The operation completed successfully.

 

========= End of Reg: =========

========= reg delete "HKLM\SOFTWARE\Classes\IESmartBar.DockingPanel" /f =========

The operation completed successfully.

 

========= End of Reg: =========

========= reg delete "HKLM\SOFTWARE\Classes\IESmartBar.IESmartBar" /f =========

The operation completed successfully.

 

========= End of Reg: =========

========= reg delete "HKLM\SOFTWARE\Classes\IESmartBar.IESmartBarBandObject" /f =========

The operation completed successfully.

 

========= End of Reg: =========

========= reg delete "HKLM\SOFTWARE\Classes\IESmartBar.SmartbarDisplayState" /f =========

The operation completed successfully.

 

========= End of Reg: =========

========= reg delete "HKLM\SOFTWARE\Classes\IESmartBar.SmartbarMenuForm" /f =========

The operation completed successfully.

 

========= End of Reg: =========

========= reg delete "HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}" /f =========

The operation completed successfully.

 

========= End of Reg: =========

========= reg delete "HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}" /f =========

The operation completed successfully.

 

========= End of Reg: =========

========= reg delete "HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}" /f =========

The operation completed successfully.

 

========= End of Reg: =========

========= reg delete "HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}" /f =========

The operation completed successfully.

 

========= End of Reg: =========

========= reg delete "HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}" /f =========

The operation completed successfully.

 

========= End of Reg: =========

========= reg delete "HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}" /f =========

The operation completed successfully.

 

========= End of Reg: =========

========= reg delete "HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}" /f =========

The operation completed successfully.

 

========= End of Reg: =========

========= reg delete "HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}" /f =========

The operation completed successfully.

 

========= End of Reg: =========

========= reg delete "HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}" /f =========

The operation completed successfully.

 

========= End of Reg: =========

========= reg delete "HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}" /f =========

The operation completed successfully.

 

========= End of Reg: =========

========= reg delete "HKLM\SOFTWARE\InstalledThirdPartyPrograms" /f =========

The operation completed successfully.

 

========= End of Reg: =========

========= reg delete "HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{ae07101b-46d4-4a98-af68-0333ea26e113}" /f =========

ERROR: The system was unable to find the specified registry key or value.

========= End of Reg: =========

========= reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}" /f =========

The operation completed successfully.

 

========= End of Reg: =========

========= reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{ae07101b-46d4-4a98-af68-0333ea26e113}" /f =========

ERROR: The system was unable to find the specified registry key or value.

========= End of Reg: =========

========= reg delete "HKU\S-1-5-21-2453122031-3096254195-2089459957-1001\Software\APN PIP" /f =========

The operation completed successfully.

 

========= End of Reg: =========

========= reg delete "HKU\S-1-5-21-2453122031-3096254195-2089459957-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}" /f =========

The operation completed successfully.

 

========= End of Reg: =========

========= reg delete "HKU\S-1-5-21-2453122031-3096254195-2089459957-1001\Software\Optimizer Pro" /f =========

The operation completed successfully.

 

========= End of Reg: =========

========= reg delete "HKU\S-1-5-21-2453122031-3096254195-2089459957-1001\Software\Smartbar" /f =========

The operation completed successfully.

 

========= End of Reg: =========

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5C396FB4-DEAD-422D-9DE1-52A45A335884} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5C396FB4-DEAD-422D-9DE1-52A45A335884} => Key deleted successfully.
C:\Windows\System32\Tasks\RunAsStdUser Task => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RunAsStdUser Task => Key deleted successfully.

==== End of Fixlog ====

 

And here's the Security Check results:

--------------------------------------------------

 

 Results of screen317's Security Check version 0.99.81 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Microsoft Security Essentials  
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300 
 Java version out of Date!
 Adobe Flash Player 12.0.0.77 
 Adobe Reader XI 
 Google Chrome 31.0.1650.63 
 Google Chrome 32.0.1700.72 
````````Process Check: objlist.exe by Laurent```````` 
 Microsoft Security Essentials msseces.exe
 Windows Defender MSMpEng.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users