Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

zbot infection


  • This topic is locked This topic is locked
34 replies to this topic

#1 mrthehoople

mrthehoople

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:09:57 PM

Posted 25 March 2014 - 06:46 PM

Hi there

 

I seem to have been hit with a zbot type infection.  It seemed to trigger an (unsuccessful) attempt to hack my bank account so I'm quite worried.

Currently I'm not detecting any issues with the computer running.

 

Malwarebytes found some infected files and removed them but I'm sure it's still there lurking.  Sophos detected nothing, but rkill stopped some processes.

 

I realised then I was probably still infected so have then gone and run the standard dds program - I've attached the dds log after the rkill log and attached the other attachment.

 

If anyone can help with this I'll be extremely grateful

 

 

Rkill 2.6.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 03/25/2014 11:23:22 PM in x64 mode.
Windows Version: Windows 7 Enterprise Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * C:\Windows\System32\WLTRYSVC.EXE (PID: 1156) [WD-HEUR]
 * C:\Windows\System32\bcmwltry.exe (PID: 1196) [WD-HEUR]
 * C:\Windows\System32\WLTRAY.EXE (PID: 2820) [WD-HEUR]

3 proccesses terminated!

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
  * HKLM\Software\Classes\exefile\shell\open\command\\IsolatedCommand was changed. It was reset to "%1" %*!

  * HKLM\Software\Classes\exefile\shell\runas\command\\IsolatedCommand was changed. It was reset to "%1" %*!

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1       localhost

Program finished at: 03/25/2014 11:24:44 PM
Execution time: 0 hours(s), 1 minute(s), and 22 seconds(s)

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16618  BrowserJavaVersion: 10.40.2
Run by Matthew at 23:34:06 on 2014-03-25
Microsoft Windows 7 Enterprise   6.1.7601.1.1252.44.1033.18.2000.825 [GMT 0:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\sppsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\HP\HP Photosmart 5510d series\Bin\ScanToPCActivationApp.exe
C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [HP Photosmart 5510d series (NET)] "C:\Program Files\HP\HP Photosmart 5510d series\Bin\ScanToPCActivationApp.exe" -deviceID "CN22A3BBH905RW:NW" -scfn "HP Photosmart 5510d series (NET)" -AutoStart 1
uRun: [NviGForce] wscript.exe "C:\Microsoft_SDK\lib\include\cc1xh.js"
uRun: [Heje] C:\Users\Matthew\AppData\Local\Temp\Jiydco\heje.exe
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot
mRun: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLCO~1.LNK - C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB
DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20101221064513
DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} - hxxp://www.bebo.com/files/BeboUploader.5.8.05.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {A9CF3378-D60E-40A8-927D-7EA0D5B0AA98} - hxxp://webalbum.bonusprint.com/ukipc01/downloads//ImageUploader6.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{28A4FCF4-9CC4-4DCB-AB43-BBC473E00398} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{28A4FCF4-9CC4-4DCB-AB43-BBC473E00398}\244564F4E4 : DHCPNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{28A4FCF4-9CC4-4DCB-AB43-BBC473E00398}\2456C6B696E6F5366383736323 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{28A4FCF4-9CC4-4DCB-AB43-BBC473E00398}\2656C6B696E6534376 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{28A4FCF4-9CC4-4DCB-AB43-BBC473E00398}\3516C6C69707F62747 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{28A4FCF4-9CC4-4DCB-AB43-BBC473E00398}\377796373736F6D6534376 : DHCPNameServer = 192.168.48.1
TCP: Interfaces\{28A4FCF4-9CC4-4DCB-AB43-BBC473E00398}\4514C4B44514C4B4D2431443434373 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{28A4FCF4-9CC4-4DCB-AB43-BBC473E00398}\56465727F616D6 : DHCPNameServer = 129.11.159.84 129.11.159.85
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [Broadcom Wireless Manager UI] C:\Windows\System32\WLTRAY.exe
x64-Run: [DellControlPoint] "C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe"
x64-Run: [DellConnectionManager] "C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe"
x64-Run: [SecureUpgrade] "C:\Program Files\Wave Systems Corp\SecureUpgrade.exe"
x64-Run: [EmbassySecurityCheck] "C:\Program Files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe"
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\n12n9n6m.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=386496&p=
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Windows\System32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R2 buttonsvc64;Dell ControlPoint Button Service;C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe [2008-12-29 467744]
R2 Credential Vault Host Control Service;Credential Vault Host Control Service;C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2009-1-22 1037160]
R2 Credential Vault Host Storage;Credential Vault Host Storage;C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2009-1-22 29544]
R2 dcpsysmgrsvc;Dell ControlPoint System Manager;C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [2009-4-9 501536]
R3 cvusbdrv;Broadcom USH CV;C:\Windows\System32\drivers\cvusbdrv.sys [2009-1-22 37928]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y62x64.sys [2009-6-13 287960]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;C:\Windows\System32\drivers\OA001Ufd.sys [2009-10-22 159840]
R3 OA001Vid;Creative Camera OA001 Function Driver;C:\Windows\System32\drivers\OA001Vid.sys [2009-10-22 319840]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SMManager;Smith Micro Connection Manager Service;"C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe" --> C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2011-10-27 20992]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-10-27 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-2-18 51712]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-26 1255736]
.
=============== Created Last 30 ================
.
2014-03-25 22:26:56 73728 ----a-r- C:\Users\Matthew\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2014-03-25 22:26:56 73728 ----a-r- C:\Users\Matthew\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2014-03-25 22:26:56 73728 ----a-r- C:\Users\Matthew\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2014-03-25 22:26:52 -------- d-----w- C:\Program Files (x86)\Sophos
2014-03-25 22:03:25 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F489A179-4527-4D72-A3B6-C5AA677E0931}\offreg.dll
2014-03-25 10:50:16 -------- d-----w- C:\Users\Matthew\AppData\Roaming\Hiurugq
.
==================== Find3M  ====================
.
2014-03-11 19:30:11 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-11 19:30:11 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
.
============= FINISH: 23:34:42.24 ===============



BC AdBot (Login to Remove)

 


#2 mrthehoople

mrthehoople
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:09:57 PM

Posted 25 March 2014 - 07:27 PM

Forgot to say, repeat malware bytes scan and tdsskiller scans were both clean.



#3 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:57 AM

Posted 26 March 2014 - 08:56 AM

Hello! Welcome to BleepingComputer Forums! :welcome:
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

 

Regards,

Georgi


cXfZ4wS.png


#4 mrthehoople

mrthehoople
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:09:57 PM

Posted 26 March 2014 - 11:11 AM

Hi Georgi

 

Many thanks for your very swift response!!  There does seem to still be something going on in that log (to my untrained eye).

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Matthew (administrator) on MATTHEW-PC on 26-03-2014 15:57:38
Running from C:\Users\Matthew\Desktop
Windows 7 Enterprise Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

() C:\Windows\System32\WLTRYSVC.EXE
(Dell Inc.) C:\Windows\System32\bcmwltry.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Dell Inc.) C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
(Dell Inc.) C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
(Wave Systems Corp.) C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Dell Inc.) C:\Windows\System32\WLTRAY.EXE
(Dell Inc.) C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
(Wave Systems Corp.) C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5510d series\Bin\ScanToPCActivationApp.exe
(Dell Inc.) C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe
(Creative Technology Ltd.) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5510d series\Bin\HPNetworkCommunicator.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Broadcom Wireless Manager UI] - C:\Windows\system32\WLTRAY.exe [3863040 2009-10-21] (Dell Inc.)
HKLM\...\Run: [DellControlPoint] - C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe [667648 2009-03-19] (Dell Inc.)
HKLM\...\Run: [DellConnectionManager] - C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe [1810432 2009-04-10] (Smith Micro Software, Inc.)
HKLM\...\Run: [SecureUpgrade] - C:\Program Files\Wave Systems Corp\SecureUpgrade.exe [657720 2009-04-22] (Wave Systems Corp.)
HKLM\...\Run: [EmbassySecurityCheck] - C:\Program Files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe [99640 2009-04-22] (Wave Systems Corp.)
HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [342528 2009-06-19] (Alps Electric Co., Ltd.)
HKLM-x32\...\Run: [Dell Webcam Central] - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe [442536 2008-10-17] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2010-06-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [274608 2011-01-03] (RealNetworks, Inc.)
HKLM-x32\...\Run: [Monitor] - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [295304 2012-07-05] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM Group Policy restriction on software: %Temp%\Rar*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %AppData%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %AppData%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %Temp%\*.zip\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %Temp%\wz*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %Temp%\7z*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1700128684-2096351728-1832486127-1000\...\Run: [HP Photosmart 5510d series (NET)] - C:\Program Files\HP\HP Photosmart 5510d series\Bin\ScanToPCActivationApp.exe [2676584 2011-08-16] (Hewlett-Packard Co.)
HKU\S-1-5-21-1700128684-2096351728-1832486127-1000\...\Run: [NviGForce] - wscript.exe "C:\Microsoft_SDK\lib\include\cc1xh.js"
HKU\S-1-5-21-1700128684-2096351728-1832486127-1000\...\Run: [Heje] - C:\Users\Matthew\AppData\Local\Temp\Jiydco\heje.exe <===== ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xBF00A44CCD78CA01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL =
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL =
SearchScopes: HKLM-x32 - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL =
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL =
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL =
SearchScopes: HKCU - {E83C0A1E-19BF-488F-B1F3-C2D44D24DD81} URL = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=386496&p={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {0972B098-DEE9-4279-AC7E-4BAAA029102D} http://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20101221064513
DPF: HKLM-x32 {138E6DC9-722B-4F4B-B09D-95D191869696} http://www.bebo.com/files/BeboUploader.5.8.05.cab
DPF: HKLM-x32 {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: HKLM-x32 {A9CF3378-D60E-40A8-927D-7EA0D5B0AA98} http://webalbum.bonusprint.com/ukipc01/downloads//ImageUploader6.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [326144] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\n12n9n6m.default
FF user.js: detected! => C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\n12n9n6m.default\user.js
FF DefaultSearchEngine: Yahoo
FF SelectedSearchEngine: Yahoo
FF Homepage: hxxp://www.google.co.uk/
FF Keyword.URL: hxxp://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=386496&p=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @real.com/nppl3260;version=12.0.1.609 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=12.0.1.609 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll No File
FF Plugin-x32: @real.com/nprpjplug;version=12.0.1.609 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml

==================== Services (Whitelisted) =================

R2 dcpsysmgrsvc; C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [501536 2009-04-09] (Dell Inc.)
R2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2929664 2009-10-21] (Dell Inc.)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 MDM; "C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe" [X]
S2 SMManager; "C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe" [X]
S2 tcsd_win32.exe; "C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe" [X]

==================== Drivers (Whitelisted) ====================

R0 PBADRV; C:\Windows\System32\DRIVERS\PBADRV64.sys [32240 2008-06-04] (Dell Inc)
S1 StarOpen; C:\Windows\SysWow64\Drivers\StarOpen.sys [5632 2009-12-24] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-03-26 15:57 - 2014-03-26 15:58 - 00013141 _____ () C:\Users\Matthew\Desktop\FRST.txt
2014-03-26 15:57 - 2014-03-26 15:57 - 02157056 _____ (Farbar) C:\Users\Matthew\Desktop\FRST64.exe
2014-03-26 15:57 - 2014-03-26 15:57 - 00000000 ____D () C:\FRST
2014-03-26 00:22 - 2014-03-26 00:22 - 04113320 _____ () C:\Users\Matthew\Downloads\tdsskiller.zip
2014-03-26 00:22 - 2014-03-26 00:22 - 00000000 ____D () C:\Users\Matthew\Downloads\tdsskiller
2014-03-25 23:34 - 2014-03-25 23:34 - 00013041 _____ () C:\Users\Matthew\Desktop\dds.txt
2014-03-25 23:34 - 2014-03-25 23:34 - 00009939 _____ () C:\Users\Matthew\Desktop\attach.txt
2014-03-25 23:32 - 2014-03-25 23:32 - 00688992 ____R (Swearware) C:\Users\Matthew\Desktop\dds.com
2014-03-25 23:23 - 2014-03-26 00:17 - 00002444 _____ () C:\Users\Matthew\Desktop\Rkill.txt
2014-03-25 23:11 - 2014-03-25 23:11 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Matthew\Downloads\rkill.exe
2014-03-25 22:23 - 2014-03-25 22:24 - 87312584 _____ (Sophos Limited) C:\Users\Matthew\Downloads\Sophos Virus Removal Tool.exe
2014-03-25 21:51 - 2014-03-25 21:51 - 00001124 _____ () C:\Windows\PFRO.log
2014-03-25 10:50 - 2014-03-25 21:49 - 00000000 ____D () C:\Users\Matthew\AppData\Roaming\Hiurugq
2014-03-25 09:31 - 2014-03-26 15:12 - 00000280 _____ () C:\Windows\setupact.log
2014-03-25 09:31 - 2014-03-25 09:31 - 00000000 _____ () C:\Windows\setuperr.log

==================== One Month Modified Files and Folders =======

2014-03-26 15:58 - 2014-03-26 15:57 - 00013141 _____ () C:\Users\Matthew\Desktop\FRST.txt
2014-03-26 15:57 - 2014-03-26 15:57 - 02157056 _____ (Farbar) C:\Users\Matthew\Desktop\FRST64.exe
2014-03-26 15:57 - 2014-03-26 15:57 - 00000000 ____D () C:\FRST
2014-03-26 15:30 - 2012-07-26 20:01 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-26 15:18 - 2009-07-14 05:13 - 00005336 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-26 15:16 - 2013-08-11 23:33 - 00718810 _____ () C:\Windows\WindowsUpdate.log
2014-03-26 15:12 - 2014-03-25 09:31 - 00000280 _____ () C:\Windows\setupact.log
2014-03-26 15:12 - 2009-07-14 05:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-26 01:02 - 2011-05-22 10:11 - 00005744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-26 01:02 - 2011-05-22 10:11 - 00005744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-26 00:22 - 2014-03-26 00:22 - 04113320 _____ () C:\Users\Matthew\Downloads\tdsskiller.zip
2014-03-26 00:22 - 2014-03-26 00:22 - 00000000 ____D () C:\Users\Matthew\Downloads\tdsskiller
2014-03-26 00:17 - 2014-03-25 23:23 - 00002444 _____ () C:\Users\Matthew\Desktop\Rkill.txt
2014-03-25 23:51 - 2012-08-22 14:55 - 00000000 ____D () C:\ProgramData\Sophos
2014-03-25 23:34 - 2014-03-25 23:34 - 00013041 _____ () C:\Users\Matthew\Desktop\dds.txt
2014-03-25 23:34 - 2014-03-25 23:34 - 00009939 _____ () C:\Users\Matthew\Desktop\attach.txt
2014-03-25 23:32 - 2014-03-25 23:32 - 00688992 ____R (Swearware) C:\Users\Matthew\Desktop\dds.com
2014-03-25 23:11 - 2014-03-25 23:11 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Matthew\Downloads\rkill.exe
2014-03-25 22:24 - 2014-03-25 22:23 - 87312584 _____ (Sophos Limited) C:\Users\Matthew\Downloads\Sophos Virus Removal Tool.exe
2014-03-25 21:51 - 2014-03-25 21:51 - 00001124 _____ () C:\Windows\PFRO.log
2014-03-25 21:49 - 2014-03-25 10:50 - 00000000 ____D () C:\Users\Matthew\AppData\Roaming\Hiurugq
2014-03-25 13:32 - 2013-10-20 00:32 - 00011606 __RSH () C:\ProgramData\ntuser.pol
2014-03-25 09:31 - 2014-03-25 09:31 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-24 20:44 - 2013-03-28 23:11 - 00000000 ____D () C:\Users\Matthew\Documents\888poker
2014-03-24 20:44 - 2012-01-15 21:59 - 00000000 ____D () C:\Users\Matthew\Documents\BabasChess
2014-03-17 10:57 - 2009-07-14 05:08 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-12 12:43 - 2014-03-12 12:43 - 00001178 _____ () C:\Users\Matthew\Desktop\truckin'.jpg - Shortcut.lnk
2014-03-11 19:30 - 2012-07-26 20:01 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-11 19:30 - 2012-07-26 20:01 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-11 19:30 - 2011-10-02 18:14 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-02 00:15 - 2013-05-10 16:48 - 00000000 ____D () C:\Program Files (x86)\PacificPoker
2014-02-27 20:07 - 2011-01-27 00:24 - 00000000 ____D () C:\Users\Matthew\Documents\Matt docs
2014-02-26 20:29 - 2014-01-02 17:19 - 00000000 ____D () C:\Users\Matthew\Desktop\2014-01-02 phone

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-03-20 22:11

==================== End Of Log ============================

Attached Files



#5 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:57 AM

Posted 26 March 2014 - 09:40 PM

Hello,

 

Did you run CryptoPrevent or you added the following rules by yourself?

 

HKLM Group Policy restriction on software: %Temp%\Rar*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %AppData%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %AppData%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %Temp%\*.zip\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %Temp%\wz*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %Temp%\7z*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION

 

 

 
Please download the following file => and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

 

Regards,

Georgi


cXfZ4wS.png


#6 mrthehoople

mrthehoople
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:09:57 PM

Posted 27 March 2014 - 04:03 AM

Hi Georgi

I think those policy restrictions I put there deliberately. They are to stop any executable files running that disguise themselves as something else like rar files. I heard that this was how the cryptolocker thing worked so I restricted them.

Shall I run this anyway?

#7 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:57 AM

Posted 27 March 2014 - 04:48 AM

Hello,

 

Yes please - don't worry i didn't include them in the fixlist so they will stay untouched. :)

 

 

Regards,

Georgi


cXfZ4wS.png


#8 mrthehoople

mrthehoople
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:09:57 PM

Posted 27 March 2014 - 09:41 AM

Hi Georgi

 

I've run the fix.  In answer to your question, the permissions I did myself manually I didn't use a specific anti cryptolocker program.  Thanks again for your help here..

 

Matt

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by Matthew at 2014-03-27 14:32:57 Run:1
Running from C:\Users\Matthew\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
HKU\S-1-5-21-1700128684-2096351728-1832486127-1000\...\Run: [NviGForce] - wscript.exe "C:\Microsoft_SDK\lib\include\cc1xh.js"
C:\Microsoft_SDK\lib\include\cc1xh.js
Folder: C:\Microsoft_SDK
HKU\S-1-5-21-1700128684-2096351728-1832486127-1000\...\Run: [Heje] - C:\Users\Matthew\AppData\Local\Temp\Jiydco\heje.exe <===== ATTENTION
Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [326144] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
cmd: netsh winsock reset
cmd: ipconfig /flushdns
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
2014-03-25 10:50 - 2014-03-25 21:49 - 00000000 ____D () C:\Users\Matthew\AppData\Roaming\Hiurugq
Task: {AD70B448-7A8A-417E-B28D-458BCE12DB44} - System32\Tasks\task16125324 => C:\Users\Matthew\AppData\Local\Temp\0.29010157500967126.bfg <==== ATTENTION
C:\Users\Matthew\AppData\Local\Temp
end
*****************

HKU\S-1-5-21-1700128684-2096351728-1832486127-1000\Software\Microsoft\Windows\CurrentVersion\Run\\NviGForce => Value deleted successfully.
C:\Microsoft_SDK\lib\include\cc1xh.js => Moved successfully.

========================= Folder: C:\Microsoft_SDK ========================

2013-04-22 22:24 - 2013-04-22 22:24 - 0000000 ____D () C:\Microsoft_SDK\lib
2013-04-22 22:24 - 2014-03-27 14:32 - 0000000 ____D () C:\Microsoft_SDK\lib\include
2004-08-17 19:00 - 2004-08-17 19:00 - 0000063 _____ () C:\Microsoft_SDK\lib\include\cc1xh.cmd

====== End of Folder: ======

HKU\S-1-5-21-1700128684-2096351728-1832486127-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Heje => Value deleted successfully.
Winsock: Catalog5 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5-x64 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll

=========  netsh winsock reset =========

Access is denied.

 

========= End of CMD: =========

=========  ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

catchme => Service deleted successfully.
C:\Users\Matthew\AppData\Roaming\Hiurugq => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AD70B448-7A8A-417E-B28D-458BCE12DB44} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AD70B448-7A8A-417E-B28D-458BCE12DB44} => Key deleted successfully.
C:\Windows\System32\Tasks\task16125324 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\task16125324 => Key deleted successfully.

"C:\Users\Matthew\AppData\Local\Temp" directory move:

Could not move "C:\Users\Matthew\AppData\Local\Temp\FXSAPIDebugLogFile.txt" => Scheduled to move on reboot.
C:\Users\Matthew\AppData\Local\Temp\jusched.log => Moved successfully.
C:\Users\Matthew\AppData\Local\Temp\StructuredQuery.log => Moved successfully.
C:\Users\Matthew\AppData\Local\Temp\wmplog00.sqm => Moved successfully.
C:\Users\Matthew\AppData\Local\Temp\wmplog01.sqm => Moved successfully.
C:\Users\Matthew\AppData\Local\Temp\wmplog02.sqm => Moved successfully.
C:\Users\Matthew\AppData\Local\Temp\wmplog03.sqm => Moved successfully.
C:\Users\Matthew\AppData\Local\Temp\wmplog04.sqm => Moved successfully.
C:\Users\Matthew\AppData\Local\Temp\wmplog05.sqm => Moved successfully.
C:\Users\Matthew\AppData\Local\Temp\~DF6F247DE408ECF5F5.TMP => Moved successfully.
C:\Users\Matthew\AppData\Local\Temp\~DFF4E378C3C6DDB5DD.TMP => Moved successfully.
Could not move "C:\Users\Matthew\AppData\Local\Temp" directory. => Scheduled to move on reboot.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-03-27 14:35:01)<=

C:\Users\Matthew\AppData\Local\Temp\FXSAPIDebugLogFile.txt => Is moved successfully.
C:\Users\Matthew\AppData\Local\Temp => Moved successfully.

==== End of Fixlog ====



#9 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:57 AM

Posted 27 March 2014 - 10:51 AM

Hello,

 

Let me take a deeper look:

  • Please download OTL from the link below:
  • Save it to your desktop/
  • Double click on the otlDesktopIcon.png icon on your desktop.
  • OTL should now start. Change the following settings:
    - Click on Scan All Users checkbox given at the top.
    - Under File Scans, change File age to 90
    - Change Standard Registry to All
    - Check the boxes beside LOP Check and Purity Check
  • Copy and Paste the following code into the customFix.png textbox.
  • Don't copy the word "quote"

    Quote

    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %SYSTEMDRIVE%\*.*
    %SYSTEMDRIVE%\*.
    %USERPROFILE%\*.*
    %USERPROFILE%\*.
    %USERPROFILE%\*.exe /s
    %USERPROFILE%\Documents\*.*
    %USERPROFILE%\Downloads\*.*
    %USERPROFILE%\AppData\Local\*.*
    %USERPROFILE%\AppData\Local\*.
    %USERPROFILE%\AppData\Local\Google\Chrome\User Data\Default\*.*
    %USERPROFILE%\AppData\Local\Google\Chrome\User Data\Default\*.
    %USERPROFILE%\AppData\Local\temp\*.exe
    %USERPROFILE%\AppData\Local\temp\*.dll
    %USERPROFILE%\AppData\Local\temp\*.tlb
    %USERPROFILE%\AppData\Roaming\*.*
    %USERPROFILE%\AppData\Roaming\*.
    %ProgramData%\*.*
    %ProgramData%\*.
    %programdata%\Microsoft\Windows\DRM\*.tmp
    %programdata%\Microsoft\DRM\*.tmp
    %programdata%\temp\*.exe
    %programdata%\temp\*.dll
    %programdata%\temp\*.tlb
    C:\Users\All Users\*.exe /s
    C:\Users\Default\*.exe /s
    C:\Users\Public\*.exe /s
    %CommonProgramFiles%\*.*
    %CommonProgramFiles%\*.
    %CommonProgramFiles%\ComObjects\*.*
    %ProgramFiles%\*.*
    %ProgramFiles%\*.
    %Public%\Documents\*.*
    %Public%\Documents\*.
    %systemroot%\System32\config\systemprofile\*.exe /s
    %systemroot%\System32\config\systemprofile\*.*
    %systemroot%\System32\config\systemprofile\*.
    %systemroot%\system32\config\systemprofile\AppData\Local\*.*
    %systemroot%\system32\config\systemprofile\AppData\Local\*.
    %systemroot%\system32\config\systemprofile\AppData\Roaming\*.*
    %systemroot%\system32\config\systemprofile\AppData\Roaming\*.
    %systemroot%\SysWow64\config\systemprofile\*.exe /s
    %systemroot%\SysWow64\config\systemprofile\*.*
    %systemroot%\SysWow64\config\systemprofile\*.
    %systemroot%\SysWOW64\config\systemprofile\AppData\Local\*.*
    %systemroot%\SysWOW64\config\systemprofile\AppData\Local\*.
    %systemroot%\SysWOW64\config\systemprofile\AppData\Roaming\*.*
    %systemroot%\SysWOW64\config\systemprofile\AppData\Roaming\*.
    %systemroot%\ServiceProfiles\*.exe /s
    %systemroot%\ServiceProfiles\LocalService\AppData\Local\*.*
    %systemroot%\ServiceProfiles\LocalService\AppData\Local\*.
    %systemroot%\ServiceProfiles\LocalService\AppData\Local\Temp\*.exe
    %systemroot%\ServiceProfiles\LocalService\AppData\Local\Temp\*.dll
    %systemroot%\ServiceProfiles\LocalService\AppData\Local\Temp\*.tlb
    %systemroot%\ServiceProfiles\LocalService\AppData\Roaming\*.*
    %systemroot%\ServiceProfiles\LocalService\AppData\Roaming\*.
    %systemroot%\ServiceProfiles\NetworkService\AppData\Local\*.*
    %systemroot%\ServiceProfiles\NetworkService\AppData\Local\*.
    %systemroot%\ServiceProfiles\NetworkService\AppData\Local\Temp\*.exe
    %systemroot%\ServiceProfiles\NetworkService\AppData\Local\Temp\*.dll
    %systemroot%\ServiceProfiles\NetworkService\AppData\Local\Temp\*.tlb
    %systemroot%\ServiceProfiles\NetworkService\AppData\Roaming\*.*
    %systemroot%\ServiceProfiles\NetworkService\AppData\Roaming\*.
    %windir%\temp\*.exe /s
    %windir%\temp\*.*
    %windir%\temp\*.
    %windir%\*.
    %windir%\AppPatch\*.exe /s
    %windir%\ShellNew\*.*
    %windir%\installer\*.
    %windir%\system32\*.
    %windir%\sysnative\*.
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\syswow64\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /90
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\syswow64\drivers\*.sys /90
    %systemroot%\syswow64\drivers\*.sys /lockedfiles
    %SYSTEMDRIVE%\*. /rp /s
    %systemroot%\assembly\tmp\*.* /S /MD5
    %systemroot%\assembly\temp\*.* /S /MD5
    %systemroot%\assembly\GAC\*.ini
    %systemroot%\assembly\GAC_32\*.ini
    %systemroot%\assembly\GAC_64\*.ini
    %SystemRoot%\assembly\GAC_MSIL\*.ini
    wsSystemRoot|l,n,u,@;True;False;True;$,{ /fn
    %systemdrive%\$Recycle.Bin|@;true;true;true /fp
    HKEY_CLASSES_ROOT\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24} /s
    HKEY_CLASSES_ROOT\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /s
    HKEY_CURRENT_USER\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8} /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24} /s
    HKEY_CLASSES_ROOT\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F} /s
    HKEY_CLASSES_ROOT\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9} /s
    HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9} /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F} /s
    HKEY_CURRENT_USER\Software\Microsoft\Command Processor /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor /s
    HKCU\Software\Classes\CLSID\{ECD4FC4D-521C-11D0-B792-00A0C90312E1}\InprocServer32 /s
    HKLM\Software\Classes\CLSID\{E6BB64BE-0618-4353-9193-0AFE606D6F0C}\InprocServer32 /s
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\scsimap /s
    HKEY_CLASSES_ROOT\CLSID\{118BEDCC-A901-4203-B4F2-ADCB957D1887} /s
    HKEY_CLASSES_ROOT\CLSID\{312BED3C-A901-4203-B4F2-ADCB957D1887} /s
    HKEY_CLASSES_ROOT\CLSID\{F12BE2CC-A901-4203-B4F2-ADCB957D1887} /s
    HKEY_CLASSES_ROOT\CLSID\{312BFDCE-A901-4203-B4F2-ADCB957D1887} /s
    HKEY_CLASSES_ROOT\CLSID\{212B3DCC-A901-4203-B4F2-ADCB957D1887} /s
    HKEY_CLASSES_ROOT\CLSID\{A12BEDCC-A901-4203-B4F2-ADCB957D1887} /s
    HKEY_CLASSES_ROOT\CLSID\{118BEDCA-A901-4203-B4F2-ADCB957D188F} /s
    HKEY_CLASSES_ROOT\CLSID\{118BEDCA-A901-4203-B4F2-ADCB957D188B} /s
    HKEY_CLASSES_ROOT\CLSID\{3543619C-D563-43f7-95EA-4DA7E1CC396A} /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3543619C-D563-43f7-95EA-4DA7E1CC396A} /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{3543619C-D563-43f7-95EA-4DA7E1CC396A} /s
    HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers /s
    HKEY_CLASSES_ROOT\Directory\Shellex\CopyHookHandlers\MSCopy /s
    HKEY_CURRENT_USER\Software\Classes\Directory\shellex\CopyHookHandlers /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers /s
    HKEY_CURRENT_USER\Software\MSOLoad /s
    type C:\WINDOWS\system.ini >> test.txt /c
    bcdedit /enum all /v >C:\boot.txt /c
    >C:\commands.txt echo list vol /raw /hide /c
    /wait
    >C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
    /wait
    type c:\diskreport.txt /c
    /wait
    erase c:\commands.txt /hide /c
    /wait
    erase c:\diskreport.txt /hide /c
    /md5start
    consrv.dll
    services.exe
    explorer.exe
    lsass.exe
    svchost.exe
    wininit.exe
    winlogon.exe
    userinit.exe
    smss.exe
    fastfat.sys
    atapi.sys
    serial.sys
    volsnap.sys
    disk.sys
    i8042prt.sys
    afd.sys
    netbt.sys
    csc.sys
    tcpip.sys
    kbdclass.sys
    kbdhid.sys
    mouclass.sys
    mouhid.sys
    spldr.sys
    dfsc.sys
    hlp.dat
    str.sys
    cerxvx.ocx
    crexv.ocx
    msseedir.dll
    msdr.dll
    lmbd.dll
    wsse.dll
    intel.exe
    WService.dll

    wsock32.dll
    /md5stop

  • Push the runscanbutton.png button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

 

Regards,

Georgi


Edited by B-boy/StyLe/, 27 March 2014 - 10:54 AM.

cXfZ4wS.png


#10 mrthehoople

mrthehoople
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:09:57 PM

Posted 27 March 2014 - 04:31 PM

Hi Georgi

 

Done as instructed.  The logs are too long to copy and paste or to attach.  I'll copy and paste in stages

 

Regards

 

OTL logfile created on: 27/03/2014 20:45:51 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Matthew\Desktop
64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16618)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
1.95 Gb Total Physical Memory | 1.10 Gb Available Physical Memory | 56.51% Memory free
3.91 Gb Paging File | 2.54 Gb Available in Paging File | 65.10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74.43 Gb Total Space | 10.65 Gb Free Space | 14.31% Space Free | Partition Type: NTFS
 
Computer Name: MATTHEW-PC | User Name: Matthew | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 90 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/03/27 20:42:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Matthew\Desktop\OTL.scr
PRC - [2012/07/05 17:50:30 | 000,295,304 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2012/07/05 17:41:08 | 007,392,136 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2011/01/03 20:39:29 | 000,274,608 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2008/10/17 09:41:16 | 000,442,536 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe -- (SMManager)
SRV:64bit: - [2009/10/21 15:48:45 | 000,031,744 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2009/07/14 01:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 01:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/04/22 09:29:08 | 002,654,720 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe -- (TdmService)
SRV:64bit: - [2009/04/09 13:38:40 | 000,501,536 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe -- (dcpsysmgrsvc)
SRV:64bit: - [2009/01/22 09:17:10 | 001,037,160 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe -- (Credential Vault Host Control Service)
SRV:64bit: - [2009/01/22 09:17:10 | 000,029,544 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe -- (Credential Vault Host Storage)
SRV:64bit: - [2008/12/29 10:15:54 | 000,467,744 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe -- (buttonsvc64)
SRV:64bit: - [2008/12/12 10:11:18 | 000,904,192 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV - [2014/03/11 19:30:12 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/02/15 20:59:41 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/05 17:41:08 | 007,392,136 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/11 08:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/03/01 06:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 06:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 06:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/18 15:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/11/20 13:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 11:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 11:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/20 09:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/08/25 19:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/10/21 15:48:43 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2009/07/29 12:50:18 | 000,253,488 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 00:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/07 23:45:50 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/13 00:19:58 | 000,287,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y62x64.sys -- (e1yexpress)
DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/09 00:06:00 | 000,319,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\OA001Vid.sys -- (OA001Vid)
DRV:64bit: - [2009/03/06 14:33:58 | 000,159,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\OA001Ufd.sys -- (OA001Ufd)
DRV:64bit: - [2009/01/22 09:16:16 | 000,037,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cvusbdrv.sys -- (cvusbdrv)
DRV:64bit: - [2008/08/28 10:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2008/06/04 12:14:00 | 000,032,240 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PBADRV64.sys -- (PBADRV)
DRV:64bit: - [2006/11/17 16:49:52 | 000,052,224 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
DRV - [2009/12/24 10:48:46 | 000,005,632 | ---- | M] () [File_System | System | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (All) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
 
IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
 
IE - HKU\S-1-5-21-1700128684-2096351728-1832486127-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\S-1-5-21-1700128684-2096351728-1832486127-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-1700128684-2096351728-1832486127-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-1700128684-2096351728-1832486127-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BF 00 A4 4C CD 78 CA 01  [binary data]
IE - HKU\S-1-5-21-1700128684-2096351728-1832486127-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-1700128684-2096351728-1832486127-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1700128684-2096351728-1832486127-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-1700128684-2096351728-1832486127-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADRA_en
IE - HKU\S-1-5-21-1700128684-2096351728-1832486127-1000\..\SearchScopes\{E83C0A1E-19BF-488F-B1F3-C2D44D24DD81}: "URL" = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=386496&p={searchTerms}
IE - HKU\S-1-5-21-1700128684-2096351728-1832486127-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1700128684-2096351728-1832486127-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=386496&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1
FF - prefs.js..keyword.URL: "http://uk.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=386496&p="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.609: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.609: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.609:  File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.609: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011/11/07 20:13:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matthew\AppData\Roaming\Mozilla\Extensions
[2014/03/20 20:00:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matthew\AppData\Roaming\Mozilla\Firefox\Profiles\n12n9n6m.default\extensions
[2014/02/15 20:59:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/02/15 20:59:41 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2013/01/07 23:16:59 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\SysNative\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [DellConnectionManager] C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe (Smith Micro Software, Inc.)
O4:64bit: - HKLM..\Run: [DellControlPoint] C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [EmbassySecurityCheck] C:\Program Files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe (Wave Systems Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SecureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [Monitor] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Oracle Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-1700128684-2096351728-1832486127-1000..\Run: [HP Photosmart 5510d series (NET)] C:\Program Files\HP\HP Photosmart 5510d series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1700128684-2096351728-1832486127-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1700128684-2096351728-1832486127-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1700128684-2096351728-1832486127-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - Reg Error: Value error. File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O16 - DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} http://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20101221064513 (PhotoboxPhotowaysUploader5 Control)
O16 - DPF: {138E6DC9-722B-4F4B-B09D-95D191869696} http://www.bebo.com/files/BeboUploader.5.8.05.cab (Bebo Uploader Control)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 10.40.2)
O16 - DPF: {A9CF3378-D60E-40A8-927D-7EA0D5B0AA98} http://webalbum.bonusprint.com/ukipc01/downloads//ImageUploader6.cab (Bonusprint Image Uploader Version 6.x Control)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 10.40.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{28A4FCF4-9CC4-4DCB-AB43-BBC473E00398}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysNative\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
 
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} -
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.ac3filter - C:\Windows\SysWow64\ac3filter.acm ()
Drivers32: msacm.avis - C:\Windows\SysWow64\ff_acm.acm ()
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
 
========== Files/Folders - Created Within 90 Days ==========
 
[2014/03/27 20:42:56 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Matthew\Desktop\OTL.scr
[2014/03/27 14:35:22 | 000,000,000 | ---D | C] -- C:\Users\Matthew\AppData\Local\Temp
[2014/03/26 15:57:22 | 000,000,000 | ---D | C] -- C:\FRST
[2014/03/26 15:57:02 | 002,157,056 | ---- | C] (Farbar) -- C:\Users\Matthew\Desktop\FRST64.exe
[2014/03/25 23:32:25 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Matthew\Desktop\dds.com
[2014/02/15 20:59:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/01/15 14:16:50 | 000,000,000 | ---D | C] -- C:\Users\Matthew\Desktop\pics for nursery
[2014/01/02 17:19:26 | 000,000,000 | ---D | C] -- C:\Users\Matthew\Desktop\2014-01-02 phone
 
========== Files - Modified Within 90 Days ==========
 
[2014/03/27 20:42:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Matthew\Desktop\OTL.scr
[2014/03/27 20:30:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/03/27 20:06:18 | 000,005,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/03/27 20:06:18 | 000,005,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/03/27 19:10:21 | 063,054,560 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/03/27 19:10:20 | 032,330,074 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/03/27 19:10:20 | 000,005,336 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/03/27 19:05:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/03/27 19:05:49 | 1572,798,464 | -HS- | M] () -- C:\hiberfil.sys
[2014/03/26 15:57:02 | 002,157,056 | ---- | M] (Farbar) -- C:\Users\Matthew\Desktop\FRST64.exe
[2014/03/25 23:32:25 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Matthew\Desktop\dds.com
[2014/03/25 13:32:45 | 000,011,606 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2014/03/12 12:43:48 | 000,001,178 | ---- | M] () -- C:\Users\Matthew\Desktop\truckin'.jpg - Shortcut.lnk
[2014/03/11 19:30:11 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/03/11 19:30:11 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/02/12 22:56:38 | 000,323,921 | ---- | M] () -- C:\Users\Matthew\Desktop\deconditioning_campbell.pdf
[2014/02/05 21:57:35 | 000,742,903 | ---- | M] () -- C:\Users\Matthew\Desktop\saccadesHH.pdf
[2014/01/24 15:21:16 | 000,064,218 | ---- | M] () -- C:\Users\Matthew\Desktop\cpdchris.pdf
[2014/01/15 19:52:13 | 000,077,726 | ---- | M] () -- C:\Users\Matthew\Desktop\zac.jpg
 
========== Files Created - No Company Name ==========
 
[2014/03/12 12:43:48 | 000,001,178 | ---- | C] () -- C:\Users\Matthew\Desktop\truckin'.jpg - Shortcut.lnk
[2014/02/12 22:56:38 | 000,323,921 | ---- | C] () -- C:\Users\Matthew\Desktop\deconditioning_campbell.pdf
[2014/02/05 21:57:35 | 000,742,903 | ---- | C] () -- C:\Users\Matthew\Desktop\saccadesHH.pdf
[2014/01/24 15:21:16 | 000,064,218 | ---- | C] () -- C:\Users\Matthew\Desktop\cpdchris.pdf
[2014/01/15 19:52:29 | 000,077,726 | ---- | C] () -- C:\Users\Matthew\Desktop\zac.jpg
[2013/10/20 00:32:28 | 000,011,606 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013/07/17 19:44:59 | 000,000,280 | ---- | C] () -- C:\Users\Matthew\.JavaPowUpload.properties
[2013/06/23 10:51:04 | 000,182,028 | ---- | C] () -- C:\Users\Matthew\AppData\Local\e433e0ea-2e44-488f-b3fa-c49c698ec3d7
[2013/01/07 23:09:32 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/01/07 23:09:32 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/01/07 23:09:32 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/01/07 23:09:32 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/01/07 23:09:32 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/04/26 13:06:30 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2011/11/09 03:10:23 | 000,001,492 | ---- | C] () -- C:\ProgramData\ss.ini
[2011/11/05 13:02:43 | 000,007,646 | ---- | C] () -- C:\Users\Matthew\AppData\Roaming\.freeciv-client-rc-2.3
[2011/10/27 20:00:50 | 000,000,036 | ---- | C] () -- C:\Users\Matthew\AppData\Local\housecall.guid.cache
[2011/07/30 15:36:09 | 000,000,120 | ---- | C] () -- C:\Users\Matthew\AppData\Local\Lpunocovofa.dat
[2011/07/21 00:01:13 | 000,006,887 | ---- | C] () -- C:\Users\Matthew\AppData\Roaming\.freeciv-client-rc-2.2
[2010/02/04 21:54:32 | 000,000,172 | ---- | C] () -- C:\Users\Matthew\AppData\Roaming\default.rss
 
========== ZeroAccess Check ==========
 
[2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 05:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 04:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 12:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012/06/19 14:36:32 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\.freeciv
[2013/04/22 23:08:40 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\Atemmi
[2013/10/24 23:23:48 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\Audacity
[2010/12/22 00:52:32 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\AVG10
[2010/05/29 13:57:54 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2009/10/21 16:11:45 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\Broadcom
[2011/06/06 06:55:10 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\Canneverbe Limited
[2010/05/24 23:21:43 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\CEZEO software
[2010/03/10 11:47:32 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\com.adobe.example.pregplan.E4D77D9DAC1499FEFA6AAFF0D7C244FBBF2B54A9.1
[2011/11/16 12:33:52 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\coupons
[2013/10/18 00:00:36 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\crawl
[2012/07/26 10:16:56 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\Dropbox
[2011/12/07 16:55:12 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\EndNote
[2013/01/07 20:25:09 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\FreeAudioPack
[2013/05/27 20:32:33 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\Garmin
[2011/09/24 08:45:48 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\ImgBurn
[2013/05/10 16:48:43 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\PacificPoker
[2011/07/09 20:39:11 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\PC Suite
[2012/07/10 00:37:47 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\Rovio
[2011/07/09 20:39:43 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\Samsung
[2011/11/01 15:12:52 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\saves
[2010/01/09 15:12:42 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\Seven Zip
[2013/04/23 01:35:05 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\Taocu
[2013/04/22 22:24:08 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\Umrom
[2014/03/26 23:27:03 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\uTorrent
[2011/07/31 12:16:22 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\Wave Systems Corp
[2009/12/25 16:53:17 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\Win7codecs
[2013/10/07 00:38:00 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\yWorks
[2013/01/07 22:24:02 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\{27ED786F-D773-47F8-93EB-8A249414AD30}
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
<  %SYSTEMDRIVE%\*.* >
[2014/03/27 19:05:49 | 1572,798,464 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/06 07:35:38 | 000,140,408 | ---- | M] () -- C:\Micro-Machines-2---Turbo-Tournament-(JUE)-[c][!].gs0
[2006/12/01 22:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2014/03/27 19:05:56 | 2097,065,984 | -HS- | M] () -- C:\pagefile.sys
[2009/12/08 14:13:07 | 000,000,184 | ---- | M] () -- C:\setuplog.exe
[2014/03/26 00:22:03 | 000,000,348 | ---- | M] () -- C:\TDSSKiller.2.7.48.0_26.03.2014_00.21.59_log.txt
[2014/03/26 00:24:20 | 000,190,750 | ---- | M] () -- C:\TDSSKiller.3.0.0.26_26.03.2014_00.23.09_log.txt
[2009/12/08 13:23:41 | 000,001,060 | ---- | M] () -- C:\Videos - Shortcut.lnk
[2011/10/22 12:45:02 | 000,696,450 | ---- | M] () -- C:\wallpaper.bmp
 
<  %SYSTEMDRIVE%\*. >
[2013/01/07 23:21:12 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2012/08/20 10:24:59 | 000,000,000 | ---D | M] -- C:\bofi
[2009/10/21 09:50:48 | 000,000,000 | ---D | M] -- C:\dell
[2009/07/14 05:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2014/03/27 14:35:02 | 000,000,000 | ---D | M] -- C:\FRST
[2013/04/22 22:24:31 | 000,000,000 | ---D | M] -- C:\Microsoft_SDK
[2009/12/09 12:37:49 | 000,000,000 | ---D | M] -- C:\Netgear
[2009/07/14 03:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2013/01/07 21:24:03 | 000,000,000 | R--D | M] -- C:\Program Files
[2014/03/25 23:52:10 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2014/03/25 13:32:45 | 000,000,000 | ---D | M] -- C:\ProgramData
[2013/01/07 23:19:55 | 000,000,000 | ---D | M] -- C:\Qoobox
[2009/10/21 09:19:26 | 000,000,000 | ---D | M] -- C:\Recovery
[2014/03/26 18:30:54 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011/11/05 12:44:12 | 000,000,000 | R--D | M] -- C:\Users
[2014/03/27 14:33:47 | 000,000,000 | ---D | M] -- C:\Windows
 
<  %USERPROFILE%\*.* >
[2013/07/19 08:28:31 | 000,000,280 | ---- | M] () -- C:\Users\Matthew\.JavaPowUpload.properties
[2014/03/27 20:52:51 | 013,369,344 | --S- | M] () -- C:\Users\Matthew\ntuser.dat
[2014/03/27 20:52:50 | 000,262,144 | --S- | M] () -- C:\Users\Matthew\ntuser.dat.LOG1
[2009/10/21 09:19:40 | 000,000,000 | --S- | M] () -- C:\Users\Matthew\ntuser.dat.LOG2
[2014/01/15 02:44:21 | 000,065,536 | -HS- | M] () -- C:\Users\Matthew\ntuser.dat{1f2ca8bd-7d21-11e3-8294-00225f2acc88}.TM.blf
[2014/01/15 02:44:21 | 000,524,288 | -HS- | M] () -- C:\Users\Matthew\ntuser.dat{1f2ca8bd-7d21-11e3-8294-00225f2acc88}.TMContainer00000000000000000001.regtrans-ms
[2014/01/15 02:44:21 | 000,524,288 | -HS- | M] () -- C:\Users\Matthew\ntuser.dat{1f2ca8bd-7d21-11e3-8294-00225f2acc88}.TMContainer00000000000000000002.regtrans-ms
[2012/10/24 00:09:55 | 000,065,536 | -HS- | M] () -- C:\Users\Matthew\ntuser.dat{56cfaa48-1d1c-11e2-847b-002170c11b52}.TM.blf
[2012/10/24 00:09:55 | 000,524,288 | -HS- | M] () -- C:\Users\Matthew\ntuser.dat{56cfaa48-1d1c-11e2-847b-002170c11b52}.TMContainer00000000000000000001.regtrans-ms
[2012/10/24 00:09:55 | 000,524,288 | -HS- | M] () -- C:\Users\Matthew\ntuser.dat{56cfaa48-1d1c-11e2-847b-002170c11b52}.TMContainer00000000000000000002.regtrans-ms
[2009/10/21 09:19:40 | 000,000,020 | -HS- | M] () -- C:\Users\Matthew\ntuser.ini
 
<  %USERPROFILE%\*. >
[2009/10/21 09:19:40 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData
[2009/10/21 09:19:40 | 000,000,000 | -HSD | M] -- C:\Users\Matthew\Application Data
[2013/05/16 07:52:21 | 000,000,000 | R--D | M] -- C:\Users\Matthew\Contacts
[2009/10/21 09:19:40 | 000,000,000 | -HSD | M] -- C:\Users\Matthew\Cookies
[2014/03/27 20:42:56 | 000,000,000 | R--D | M] -- C:\Users\Matthew\Desktop
[2013/10/15 17:20:10 | 000,000,000 | R--D | M] -- C:\Users\Matthew\Documents
[2014/03/27 01:22:58 | 000,000,000 | R--D | M] -- C:\Users\Matthew\Downloads
[2013/05/16 07:52:21 | 000,000,000 | R--D | M] -- C:\Users\Matthew\Favorites
[2013/05/16 07:52:21 | 000,000,000 | R--D | M] -- C:\Users\Matthew\Links
[2009/10/21 09:19:40 | 000,000,000 | -HSD | M] -- C:\Users\Matthew\Local Settings
[2013/05/16 07:52:21 | 000,000,000 | R--D | M] -- C:\Users\Matthew\Music
[2009/10/21 09:19:40 | 000,000,000 | -HSD | M] -- C:\Users\Matthew\My Documents
[2009/10/21 09:19:40 | 000,000,000 | -HSD | M] -- C:\Users\Matthew\NetHood
[2013/10/20 23:58:57 | 000,000,000 | R--D | M] -- C:\Users\Matthew\Pictures
[2009/10/21 09:19:40 | 000,000,000 | -HSD | M] -- C:\Users\Matthew\PrintHood
[2009/10/21 09:19:40 | 000,000,000 | -HSD | M] -- C:\Users\Matthew\Recent
[2013/05/16 07:52:21 | 000,000,000 | R--D | M] -- C:\Users\Matthew\Saved Games
[2013/05/16 07:52:21 | 000,000,000 | R--D | M] -- C:\Users\Matthew\Searches
[2009/10/21 09:19:40 | 000,000,000 | -HSD | M] -- C:\Users\Matthew\SendTo
[2009/10/21 09:19:40 | 000,000,000 | -HSD | M] -- C:\Users\Matthew\Start Menu
[2009/10/21 09:19:40 | 000,000,000 | -HSD | M] -- C:\Users\Matthew\Templates
[2013/05/16 07:52:21 | 000,000,000 | R--D | M] -- C:\Users\Matthew\Videos
 
<  %USERPROFILE%\*.exe /s >
[2009/02/27 20:58:15 | 000,345,448 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\Matthew\AppData\Local\Adobe\Reader 9.1\Setup Files\Setup.exe
[2009/10/22 09:05:03 | 000,438,272 | ---- | M] (Dell Inc.) -- C:\Users\Matthew\AppData\Local\Apps\2.0\2TOX4PEP.1JL\0VLCN2P4.NX2\dell..ager_c8a6012355de1b2d_0004.0050_none_f11e1ac8547b5dd3\DellDriverDownloadManager.exe
[2009/10/22 09:05:03 | 000,438,272 | ---- | M] (Dell Inc.) -- C:\Users\Matthew\AppData\Local\Apps\2.0\2TOX4PEP.1JL\0VLCN2P4.NX2\dell..tion_c8a6012355de1b2d_0001.0001_4dec0e17c3c0ab32\DellDriverDownloadManager.exe
[2011/06/08 19:30:40 | 000,041,472 | ---- | M] (Citrix Online) -- C:\Users\Matthew\AppData\Local\Apps\2.0\WBBJEHV1.5KT\OO24ONBZ.GWO\citr..rter_6f2dad2bec101e40_0001.0000_015a45c90c31d2b2\AppCore.exe
[2014/03/27 14:32:53 | 000,000,000 | ---- | M] () -- C:\Users\Matthew\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T3ZCLIKQ\FRST64[1].exe
[2012/09/07 20:45:27 | 000,894,952 | ---- | M] (Oracle Corporation) -- C:\Users\Matthew\AppData\LocalLow\Sun\Java\JRERunOnce.exe
[2005/11/11 08:32:39 | 001,331,200 | ---- | M] (Mystik Media) -- C:\Users\Matthew\AppData\Roaming\{27ED786F-D773-47F8-93EB-8A249414AD30}\offline\IFYTMEAEAJNEAJINXETAGEDIFFFFFF0\MediaJoin.exe
[2011/10/27 20:01:50 | 000,388,096 | R--- | M] (Trend Micro Inc.) -- C:\Users\Matthew\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
[2012/01/15 21:58:38 | 000,021,630 | R--- | M] () -- C:\Users\Matthew\AppData\Roaming\Microsoft\Installer\{93CF9FA6-2A5E-4F8E-923E-F7D8741CB312}\_6FEFF9B68218417F98F549.exe
[2012/01/15 21:58:38 | 000,006,462 | R--- | M] () -- C:\Users\Matthew\AppData\Roaming\Microsoft\Installer\{93CF9FA6-2A5E-4F8E-923E-F7D8741CB312}\_7128E1F9F222A8E24D3CAA.exe
[2012/01/15 21:58:38 | 000,021,630 | R--- | M] () -- C:\Users\Matthew\AppData\Roaming\Microsoft\Installer\{93CF9FA6-2A5E-4F8E-923E-F7D8741CB312}\_CFD6D42B6B589B419C4C1C.exe
[2012/01/15 21:58:38 | 000,021,630 | R--- | M] () -- C:\Users\Matthew\AppData\Roaming\Microsoft\Installer\{93CF9FA6-2A5E-4F8E-923E-F7D8741CB312}\_ED5A694DDDFCA3353724A2.exe
[2009/10/21 09:56:18 | 000,365,322 | R--- | M] () -- C:\Users\Matthew\AppData\Roaming\Microsoft\Installer\{AF7E4468-E364-4991-BC2A-6E8293E1055B}\ARPPRODUCTICON.exe
[2011/05/18 17:33:01 | 000,308,864 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Matthew\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\8.00\rnupgagent.exe
[2011/05/18 20:41:38 | 025,875,600 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Matthew\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\8.00\stub_data\RealPlayer.exe
[2011/05/18 20:33:20 | 000,675,088 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Matthew\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\8.00\stub_exe\RealPlayer.exe
[2008/05/02 09:41:48 | 003,493,888 | ---- | M] (SanDisk Corporation) -- C:\Users\Matthew\AppData\Roaming\U3\temp\Launchpad Removal.exe
[2012/08/20 10:24:05 | 004,735,237 | R--- | M] (Swearware) -- C:\Users\Matthew\Desktop\bofi.exe
[2014/03/26 15:57:02 | 002,157,056 | ---- | M] (Farbar) -- C:\Users\Matthew\Desktop\FRST64.exe
[2010/05/20 09:25:42 | 000,258,048 | ---- | M] () -- C:\Users\Matthew\Documents\Matt docs\Research\Results\blue\9. slalom\data\CONT1\RRProgram.exe
[2011/10/22 11:03:36 | 003,900,592 | ---- | M] (AVG Technologies) -- C:\Users\Matthew\Downloads\avg_free_stb_all_2012_1831_cnet.exe
[2012/06/07 12:53:45 | 099,218,336 | ---- | M] () -- C:\Users\Matthew\Downloads\aviraa.exe
[2009/12/10 12:54:32 | 003,326,576 | ---- | M] (Piriform Ltd) -- C:\Users\Matthew\Downloads\ccsetup226.exe
[2013/10/07 21:55:24 | 001,393,105 | ---- | M] () -- C:\Users\Matthew\Downloads\DiagramDesignerSetup.exe
[2009/12/10 16:21:41 | 000,391,960 | ---- | M] (CEZEO software Ltd. ©                                     ) -- C:\Users\Matthew\Downloads\disk-redactor.exe
[2011/07/09 10:57:47 | 002,497,952 | ---- | M] (GameFabrique                                                ) -- C:\Users\Matthew\Downloads\earthworm_jim.exe
[2013/12/08 16:36:36 | 002,951,802 | ---- | M] (InstallShield Software Corporation) -- C:\Users\Matthew\Downloads\EClea2_0.exe
[2009/12/10 16:23:06 | 000,959,592 | ---- | M] () -- C:\Users\Matthew\Downloads\EFRCSetup.exe
[2013/05/09 00:27:58 | 270,902,928 | ---- | M] (Emsisoft GmbH                                               ) -- C:\Users\Matthew\Downloads\EmsisoftAntiMalwareSetup.exe
[2011/08/04 22:45:20 | 000,779,712 | ---- | M] (Binary Fortress Software                                    ) -- C:\Users\Matthew\Downloads\FileSeekSetup-2.1.3.exe
[2011/10/27 21:22:54 | 013,865,152 | ---- | M] (Mozilla) -- C:\Users\Matthew\Downloads\Firefox Setup 7.0.1.exe
[2013/09/02 19:24:52 | 000,784,856 | ---- | M] (Google Inc.) -- C:\Users\Matthew\Downloads\GoogleEarthPluginSetup.exe
[2012/01/25 10:12:06 | 002,999,935 | ---- | M] () -- C:\Users\Matthew\Downloads\InstallWinUAE2330.exe
[2010/02/25 20:10:10 | 099,239,720 | ---- | M] (Apple Inc.) -- C:\Users\Matthew\Downloads\iTunes64Setup.exe
[2013/09/22 20:03:03 | 000,913,832 | ---- | M] (Oracle Corporation) -- C:\Users\Matthew\Downloads\JavaSetup7u40.exe
[2014/01/13 02:24:05 | 000,915,368 | ---- | M] (Oracle Corporation) -- C:\Users\Matthew\Downloads\JavaSetup7u45.exe
[2011/07/31 19:43:25 | 020,196,744 | ---- | M] (Oracle Corporation) -- C:\Users\Matthew\Downloads\jre-7-windows-i586.exe
[2011/10/27 07:37:49 | 020,197,256 | ---- | M] (Oracle Corporation) -- C:\Users\Matthew\Downloads\jre-7u1-windows-i586.exe
[2013/10/24 23:13:46 | 000,527,423 | ---- | M] (                                                            ) -- C:\Users\Matthew\Downloads\Lame_v3.99.3_for_Windows.exe
[2012/09/27 15:21:10 | 010,716,552 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Users\Matthew\Downloads\LeapFrogConnectSetup_MyOwnLeaptop.exe
[2011/07/31 12:37:18 | 009,466,208 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Matthew\Downloads\mbam-setup.exe
[2011/07/08 22:56:42 | 001,445,824 | ---- | M] (GameFabrique                                                ) -- C:\Users\Matthew\Downloads\micro_machines_2_turbo_tournament.exe
[2012/05/22 23:20:12 | 000,556,928 | ---- | M] () -- C:\Users\Matthew\Downloads\PartyPokerSetup.exe
[2010/12/23 21:22:52 | 000,576,671 | ---- | M] (                                                            ) -- C:\Users\Matthew\Downloads\randombg-1.20.exe
[2014/03/25 23:11:05 | 001,933,048 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Matthew\Downloads\rkill.exe
[2011/09/22 17:30:22 | 056,982,041 | ---- | M] () -- C:\Users\Matthew\Downloads\Samsung_PC_Studio_7.2.24.9.exe
[2012/01/15 21:56:53 | 005,685,248 | ---- | M] () -- C:\Users\Matthew\Downloads\SetupBabasChess_4_0_XP.exe
[2014/03/25 22:24:13 | 087,312,584 | ---- | M] (Sophos Limited) -- C:\Users\Matthew\Downloads\Sophos Virus Removal Tool.exe
[2013/10/17 23:56:22 | 013,716,834 | ---- | M] () -- C:\Users\Matthew\Downloads\stone_soup-0.13.0-win32-installer.exe
[2011/07/31 12:38:08 | 011,720,992 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Matthew\Downloads\SUPERAntiSpyware.exe
[2012/06/07 10:50:49 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Matthew\Downloads\TFC.exe
[2013/05/27 20:32:08 | 011,390,192 | ---- | M] () -- C:\Users\Matthew\Downloads\WebUpdater_WindowsXPSP3andnewer__256.exe
[2012/02/13 14:43:03 | 001,531,182 | ---- | M] () -- C:\Users\Matthew\Downloads\Windows7_eduroam_Configuration_Tool.exe
[2011/05/22 15:21:00 | 001,568,815 | ---- | M] () -- C:\Users\Matthew\Downloads\winrar-x64-401b1.exe
[1 C:\Users\Matthew\Downloads\*.tmp files -> C:\Users\Matthew\Downloads\*.tmp -> ]
[2012/02/17 13:48:58 | 067,587,440 | ---- | M] () -- C:\Users\Matthew\Downloads\endnote x4\EndNoteX4_setup_v14.0.0.4845.exe
[2012/02/17 13:48:39 | 001,654,800 | ---- | M] (Thomson Reuters) -- C:\Users\Matthew\Downloads\endnote x4\Crack\EndNote.exe
[2012/05/08 03:30:48 | 000,608,768 | ---- | M] () -- C:\Users\Matthew\Downloads\PartyPoker_Installer\SmartInstaller.exe
[2008/05/12 17:38:14 | 001,827,328 | ---- | M] () -- C:\Users\Matthew\Downloads\skaki_512\NagaSkaki_512\NagaSkaki.exe
[2009/12/10 16:22:12 | 001,191,785 | ---- | M] () -- C:\Users\Matthew\Downloads\skaki_512\NagaSkaki_512\sounds\FIWWSetup.exe
[2009/11/24 21:49:10 | 001,738,040 | ---- | M] (Piriform Ltd) -- C:\Users\Matthew\Downloads\skaki_512\NagaSkaki_512\sounds\CCleaner\CCleaner.exe
[2009/11/24 22:45:22 | 000,125,280 | ---- | M] (Piriform Ltd) -- C:\Users\Matthew\Downloads\skaki_512\NagaSkaki_512\sounds\CCleaner\uninst.exe
[2004/02/22 23:00:00 | 000,139,776 | ---- | M] (Microsoft Corporation) -- C:\Users\Matthew\Downloads\SOWPODS-Scrabble-Dictionary\setup.exe
[2012/06/12 17:15:43 | 096,626,136 | ---- | M] () -- C:\Users\Matthew\Downloads\Systat SigmaPlot v12.2{h33t}{mad dog}\Systat.SigmaPlot.v12.2-RECOiL\SPW_WebInstall.exe
[2014/03/24 07:30:46 | 004,134,240 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Matthew\Downloads\tdsskiller\TDSSKiller\TDSSKiller.exe
 
<  %USERPROFILE%\Documents\*.* >
[2013/05/16 07:52:21 | 000,000,402 | -HS- | M] () -- C:\Users\Matthew\Documents\desktop.ini
[2013/10/15 17:20:10 | 000,090,187 | ---- | M] () -- C:\Users\Matthew\Documents\Scan0001.jpg
[2013/08/20 14:26:12 | 000,207,663 | ---- | M] () -- C:\Users\Matthew\Documents\Scan0001.pdf
[2013/08/21 12:58:23 | 000,211,402 | ---- | M] () -- C:\Users\Matthew\Documents\Scan0002.pdf
 
<  %USERPROFILE%\Downloads\*.* >
[2011/10/22 11:03:36 | 003,900,592 | ---- | M] (AVG Technologies) -- C:\Users\Matthew\Downloads\avg_free_stb_all_2012_1831_cnet.exe
[2012/06/07 12:53:45 | 099,218,336 | ---- | M] () -- C:\Users\Matthew\Downloads\aviraa.exe
[2010/05/29 13:56:41 | 001,480,210 | ---- | M] () -- C:\Users\Matthew\Downloads\bbc_iplayer_desktop_v151569518135.air
[2009/12/10 12:54:32 | 003,326,576 | ---- | M] (Piriform Ltd) -- C:\Users\Matthew\Downloads\ccsetup226.exe
[2013/05/16 07:52:21 | 000,000,282 | -HS- | M] () -- C:\Users\Matthew\Downloads\desktop.ini
[2013/10/07 21:55:24 | 001,393,105 | ---- | M] () -- C:\Users\Matthew\Downloads\DiagramDesignerSetup.exe
[2009/12/10 16:21:41 | 000,391,960 | ---- | M] (CEZEO software Ltd. ©                                     ) -- C:\Users\Matthew\Downloads\disk-redactor.exe
[2011/07/09 10:57:47 | 002,497,952 | ---- | M] (GameFabrique                                                ) -- C:\Users\Matthew\Downloads\earthworm_jim.exe
[2013/12/08 16:36:36 | 002,951,802 | ---- | M] (InstallShield Software Corporation) -- C:\Users\Matthew\Downloads\EClea2_0.exe
[2009/12/10 16:23:06 | 000,959,592 | ---- | M] () -- C:\Users\Matthew\Downloads\EFRCSetup.exe
[2013/05/09 00:27:58 | 270,902,928 | ---- | M] (Emsisoft GmbH                                               ) -- C:\Users\Matthew\Downloads\EmsisoftAntiMalwareSetup.exe
[2013/03/13 23:45:53 | 000,000,273 | ---- | M] () -- C:\Users\Matthew\Downloads\endnote-citations.enw
[2011/08/04 22:45:20 | 000,779,712 | ---- | M] (Binary Fortress Software                                    ) -- C:\Users\Matthew\Downloads\FileSeekSetup-2.1.3.exe
[2011/10/27 21:22:54 | 013,865,152 | ---- | M] (Mozilla) -- C:\Users\Matthew\Downloads\Firefox Setup 7.0.1.exe
[2013/09/02 19:24:52 | 000,784,856 | ---- | M] (Google Inc.) -- C:\Users\Matthew\Downloads\GoogleEarthPluginSetup.exe
[2012/01/25 10:12:06 | 002,999,935 | ---- | M] () -- C:\Users\Matthew\Downloads\InstallWinUAE2330.exe
[2010/02/25 20:10:10 | 099,239,720 | ---- | M] (Apple Inc.) -- C:\Users\Matthew\Downloads\iTunes64Setup.exe
[2013/09/22 20:03:03 | 000,913,832 | ---- | M] (Oracle Corporation) -- C:\Users\Matthew\Downloads\JavaSetup7u40.exe
[2014/01/13 02:24:05 | 000,915,368 | ---- | M] (Oracle Corporation) -- C:\Users\Matthew\Downloads\JavaSetup7u45.exe
[2013/03/27 08:41:17 | 001,073,859 | ---- | M] () -- C:\Users\Matthew\Downloads\Jn123341 Completed Report.pdf
[2011/07/31 19:43:25 | 020,196,744 | ---- | M] (Oracle Corporation) -- C:\Users\Matthew\Downloads\jre-7-windows-i586.exe
[2011/10/27 07:37:49 | 020,197,256 | ---- | M] (Oracle Corporation) -- C:\Users\Matthew\Downloads\jre-7u1-windows-i586.exe
[2013/10/24 23:13:46 | 000,527,423 | ---- | M] (                                                            ) -- C:\Users\Matthew\Downloads\Lame_v3.99.3_for_Windows.exe
[2012/09/27 15:21:10 | 010,716,552 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Users\Matthew\Downloads\LeapFrogConnectSetup_MyOwnLeaptop.exe
[2013/03/25 21:48:25 | 000,207,360 | ---- | M] () -- C:\Users\Matthew\Downloads\Letter to provider colleagues re OOH rota 250313SM amendments.doc
[2012/10/01 20:28:38 | 000,258,560 | ---- | M] () -- C:\Users\Matthew\Downloads\Mann-Whitney U-test.xls
[2013/10/21 22:34:13 | 000,202,428 | ---- | M] () -- C:\Users\Matthew\Downloads\Matt 2.png
[2013/05/24 17:11:13 | 000,013,969 | ---- | M] () -- C:\Users\Matthew\Downloads\matt.docx
[2013/10/21 22:36:00 | 000,015,679 | ---- | M] () -- C:\Users\Matthew\Downloads\Matt.jpg
[2013/10/21 22:34:06 | 000,196,510 | ---- | M] () -- C:\Users\Matthew\Downloads\Matt.png
[2013/10/21 22:36:53 | 000,015,660 | ---- | M] () -- C:\Users\Matthew\Downloads\Matt3.jpg
[2011/07/31 12:37:18 | 009,466,208 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Matthew\Downloads\mbam-setup.exe
[2011/07/08 22:56:42 | 001,445,824 | ---- | M] (GameFabrique                                                ) -- C:\Users\Matthew\Downloads\micro_machines_2_turbo_tournament.exe
[2013/05/20 19:34:52 | 001,344,018 | ---- | M] () -- C:\Users\Matthew\Downloads\Mole_VSSPoster.pdf
[2012/05/22 23:20:12 | 000,556,928 | ---- | M] () -- C:\Users\Matthew\Downloads\PartyPokerSetup.exe
[2010/12/23 21:22:52 | 000,576,671 | ---- | M] (                                                            ) -- C:\Users\Matthew\Downloads\randombg-1.20.exe
[2014/03/25 23:11:05 | 001,933,048 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Matthew\Downloads\rkill.exe
[2013/08/19 19:47:20 | 000,031,232 | ---- | M] () -- C:\Users\Matthew\Downloads\Rota  June 2013 update.xls
[2011/09/22 17:30:22 | 056,982,041 | ---- | M] () -- C:\Users\Matthew\Downloads\Samsung_PC_Studio_7.2.24.9.exe
[2009/04/05 16:15:56 | 000,025,625 | ---- | M] () -- C:\Users\Matthew\Downloads\Selected Chess Games.docx
[2012/01/15 21:56:53 | 005,685,248 | ---- | M] () -- C:\Users\Matthew\Downloads\SetupBabasChess_4_0_XP.exe
[2014/03/25 22:24:13 | 087,312,584 | ---- | M] (Sophos Limited) -- C:\Users\Matthew\Downloads\Sophos Virus Removal Tool.exe
[2012/06/12 14:43:04 | 097,926,530 | ---- | M] () -- C:\Users\Matthew\Downloads\SPW_WebInstall.zip
[2013/10/17 23:56:22 | 013,716,834 | ---- | M] () -- C:\Users\Matthew\Downloads\stone_soup-0.13.0-win32-installer.exe
[2012/02/27 22:03:11 | 000,100,301 | ---- | M] () -- C:\Users\Matthew\Downloads\Stroke Medicine.docx
[2011/07/31 12:38:08 | 011,720,992 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Matthew\Downloads\SUPERAntiSpyware.exe
[2014/03/26 00:22:20 | 004,113,320 | ---- | M] () -- C:\Users\Matthew\Downloads\tdsskiller.zip
[2012/06/07 10:50:49 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Matthew\Downloads\TFC.exe
[2013/05/27 20:32:08 | 011,390,192 | ---- | M] () -- C:\Users\Matthew\Downloads\WebUpdater_WindowsXPSP3andnewer__256.exe
[2012/02/13 14:43:03 | 001,531,182 | ---- | M] () -- C:\Users\Matthew\Downloads\Windows7_eduroam_Configuration_Tool.exe
[2011/05/22 15:21:00 | 001,568,815 | ---- | M] () -- C:\Users\Matthew\Downloads\winrar-x64-401b1.exe
[1 C:\Users\Matthew\Downloads\*.tmp files -> C:\Users\Matthew\Downloads\*.tmp -> ]
 
<  %USERPROFILE%\AppData\Local\*.* >
[2013/06/23 10:51:04 | 000,182,028 | ---- | M] () -- C:\Users\Matthew\AppData\Local\e433e0ea-2e44-488f-b3fa-c49c698ec3d7
[2011/05/24 22:33:42 | 000,108,448 | ---- | M] () -- C:\Users\Matthew\AppData\Local\GDIPFONTCACHEV1.DAT
[2011/10/27 20:00:50 | 000,000,036 | ---- | M] () -- C:\Users\Matthew\AppData\Local\housecall.guid.cache
[2014/03/27 02:03:52 | 005,088,260 | -H-- | M] () -- C:\Users\Matthew\AppData\Local\IconCache.db
[2011/07/30 15:36:09 | 000,000,120 | ---- | M] () -- C:\Users\Matthew\AppData\Local\Lpunocovofa.dat
 
<  %USERPROFILE%\AppData\Local\*. >
[2013/11/26 14:36:48 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Local\Adobe
[2010/02/25 20:56:48 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Local\Apple
[2010/07/04 10:41:22 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Local\Apple Computer
[2009/10/21 09:19:40 | 000,000,000 | -HSD | M] -- C:\Users\Matthew\AppData\Local\Application Data
[2009/10/22 09:03:48 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Local\Apps
[2011/12/20 16:43:18 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Local\CutePDF Writer
[2013/09/11 22:32:07 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Local\Deployment
[2014/02/23 20:26:13 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Local\Diagnostics
[2014/01/27 11:47:42 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Local\ElevatedDiagnostics
[2013/12/15 02:01:40 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Local\eMule
[2012/07/26 20:03:01 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Local\Google
[2009/10/21 09:19:40 | 000,000,000 | -HSD | M] -- C:\Users\Matthew\AppData\Local\History
[2012/04/26 13:48:21 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Local\HP
[2012/07/27 18:44:01 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Local\Macromedia
[2012/07/27 18:44:01 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Local\Microsoft
[2012/06/19 15:25:57 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Local\Microsoft Games
[2013/11/04 01:56:13 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Local\Microsoft Help
[2013/10/01 16:31:14 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Local\Mozilla
[2009/10/21 11:04:38 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Local\PowerDVD DX
[2013/01/03 02:35:39 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Local\Programs
[2013/02/08 03:15:49 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Local\S2
[2014/03/27 20:52:33 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Local\Temp
[2009/10/21 09:19:40 | 000,000,000 | -HSD | M] -- C:\Users\Matthew\AppData\Local\Temporary Internet Files
[2012/09/04 23:52:35 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Local\VirtualStore
[2009/10/21 16:12:03 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Local\Wave Systems Corp
[2009/10/21 09:59:42 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Local\WindowsUpdate
[2012/07/30 22:28:54 | 000,000,000 | --SD | M] -- C:\Users\Matthew\AppData\Local\{765d77cd-0eec-bc58-1ba1-aa06142c2a9b}
 
<  %USERPROFILE%\AppData\Local\Google\Chrome\User Data\Default\*.* >
 
<  %USERPROFILE%\AppData\Local\Google\Chrome\User Data\Default\*. >
 
<  %USERPROFILE%\AppData\Local\temp\*.exe >
 
<  %USERPROFILE%\AppData\Local\temp\*.dll >
 
<  %USERPROFILE%\AppData\Local\temp\*.tlb >
 
<  %USERPROFILE%\AppData\Roaming\*.* >
[2011/08/29 23:53:40 | 000,006,887 | ---- | M] () -- C:\Users\Matthew\AppData\Roaming\.freeciv-client-rc-2.2
[2012/06/19 15:12:38 | 000,007,646 | ---- | M] () -- C:\Users\Matthew\AppData\Roaming\.freeciv-client-rc-2.3
[2010/07/04 10:36:42 | 000,000,172 | ---- | M] () -- C:\Users\Matthew\AppData\Roaming\default.rss
 
<  %USERPROFILE%\AppData\Roaming\*. >
[2012/06/19 14:36:32 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\.freeciv
[2011/07/30 22:36:38 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\Adobe
[2011/10/31 21:04:20 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\Apple Computer
[2013/04/22 23:08:40 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\Atemmi
[2013/10/24 23:23:48 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\Audacity
[2010/12/22 00:52:32 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\AVG10
[2010/12/21 22:21:36 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\AVG8
[2010/05/29 13:57:54 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2009/10/21 16:11:45 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\Broadcom
[2011/06/06 06:55:10 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\Canneverbe Limited
[2010/05/24 23:21:43 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\CEZEO software
[2010/03/10 11:47:32 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\com.adobe.example.pregplan.E4D77D9DAC1499FEFA6AAFF0D7C244FBBF2B54A9.1
[2011/11/16 12:33:52 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\coupons
[2013/10/18 00:00:36 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\crawl
[2009/10/22 10:56:31 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\Creative
[2009/10/22 10:52:54 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\CyberLink
[2012/07/26 10:16:56 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\Dropbox
[2011/12/07 16:55:12 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\EndNote
[2013/01/07 20:25:09 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\FreeAudioPack
[2013/05/27 20:32:33 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\Garmin
[2009/12/16 15:58:35 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\Google
[2013/01/07 22:24:01 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\Identities
[2011/09/24 08:45:48 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\ImgBurn
[2009/10/21 15:47:30 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\InstallShield
[2009/10/21 11:26:17 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\Macromedia
[2011/05/20 17:24:16 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\Malwarebytes
[2009/07/14 07:23:33 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\Media Center Programs
[2013/10/15 22:57:06 | 000,000,000 | --SD | M] -- C:\Users\Matthew\AppData\Roaming\Microsoft
[2011/11/07 20:13:11 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\Mozilla
[2010/08/10 23:13:02 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\Mozilla-Cache
[2009/12/28 20:35:27 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\Nero
[2013/05/10 16:48:43 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\PacificPoker
[2011/07/09 20:39:11 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\PC Suite
[2011/05/18 17:32:36 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\Real
[2012/07/10 00:37:47 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\Rovio
[2011/07/09 20:39:43 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\Samsung
[2011/11/01 15:12:52 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\saves
[2010/01/09 15:12:42 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\Seven Zip
[2011/05/21 22:41:10 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\Skype
[2011/05/20 15:02:26 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\skypePM
[2013/01/07 20:35:05 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\SUPERAntiSpyware.com
[2013/04/23 01:35:05 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\Taocu
[2009/10/22 09:46:16 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\U3
[2013/04/22 22:24:08 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\Umrom
[2014/03/26 23:27:03 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\uTorrent
[2010/08/10 01:48:01 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\Vidalia
[2010/07/04 11:16:36 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\vlc
[2011/07/31 12:16:22 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\Wave Systems Corp
[2009/12/25 16:53:17 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\Win7codecs
[2009/12/10 16:22:46 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\WinRAR
[2013/10/07 00:38:00 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\yWorks
[2013/01/07 22:24:02 | 000,000,000 | ---D | M] -- C:\Users\Matthew\AppData\Roaming\{27ED786F-D773-47F8-93EB-8A249414AD30}
 
<  %ProgramData%\*.* >
[2012/04/26 13:06:30 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini
[2014/03/25 13:32:45 | 000,011,606 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/01/17 17:14:17 | 000,001,492 | ---- | M] () -- C:\ProgramData\ss.ini
 
<  %ProgramData%\*. >
[2012/07/26 20:02:25 | 000,000,000 | ---D | M] -- C:\ProgramData\Adobe
[2011/10/31 21:03:41 | 000,000,000 | ---D | M] -- C:\ProgramData\Apple
[2011/05/23 07:05:51 | 000,000,000 | ---D | M] -- C:\ProgramData\Apple Computer
[2009/07/14 05:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2009/10/21 16:00:19 | 000,000,000 | ---D | M] -- C:\ProgramData\AT&T
[2011/11/07 09:22:01 | 000,000,000 | ---D | M] -- C:\ProgramData\boost_interprocess
[2011/06/06 06:55:10 | 000,000,000 | ---D | M] -- C:\ProgramData\Canneverbe Limited
[2010/12/22 00:48:19 | 000,000,000 | ---D | M] -- C:\ProgramData\Common Files
[2009/10/21 16:14:11 | 000,000,000 | ---D | M] -- C:\ProgramData\Dell
[2009/07/14 05:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2009/07/14 05:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2013/12/15 02:01:38 | 000,000,000 | ---D | M] -- C:\ProgramData\eMule
[2009/07/14 05:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2011/11/09 03:10:04 | 000,000,000 | ---D | M] -- C:\ProgramData\FreeRIP
[2012/07/26 20:03:01 | 000,000,000 | ---D | M] -- C:\ProgramData\Google
[2012/04/26 13:07:23 | 000,000,000 | ---D | M] -- C:\ProgramData\HP
[2011/07/09 20:37:00 | 000,000,000 | ---D | M] -- C:\ProgramData\Installations
[2012/09/27 15:21:34 | 000,000,000 | ---D | M] -- C:\ProgramData\Leapfrog
[2011/07/31 12:41:13 | 000,000,000 | ---D | M] -- C:\ProgramData\Malwarebytes
[2010/08/03 03:00:57 | 000,000,000 | ---D | M] -- C:\ProgramData\McAfee
[2012/07/30 22:23:38 | 000,000,000 | ---D | M] -- C:\ProgramData\MFAData
[2012/01/25 10:25:05 | 000,000,000 | --SD | M] -- C:\ProgramData\Microsoft
[2013/03/14 02:46:04 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft Help
[2012/06/26 08:33:24 | 000,000,000 | ---D | M] -- C:\ProgramData\Mozilla
[2010/08/03 18:34:49 | 000,000,000 | ---D | M] -- C:\ProgramData\NOS
[2009/10/21 16:06:36 | 000,000,000 | ---D | M] -- C:\ProgramData\NTRU Cryptosystems
[2014/01/13 02:31:02 | 000,000,000 | ---D | M] -- C:\ProgramData\Oracle
[2011/07/09 20:39:11 | 000,000,000 | ---D | M] -- C:\ProgramData\PC Suite
[2011/07/30 19:07:32 | 000,000,000 | ---D | M] -- C:\ProgramData\PC Tools
[2011/05/20 17:10:00 | 000,000,000 | ---D | M] -- C:\ProgramData\Real
[2014/03/25 23:51:46 | 000,000,000 | ---D | M] -- C:\ProgramData\Sophos
[2012/06/07 12:56:46 | 000,000,000 | ---D | M] -- C:\ProgramData\Spybot - Search & Destroy
[2009/07/14 05:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2010/03/03 04:44:10 | 000,000,000 | ---D | M] -- C:\ProgramData\Sun
[2012/06/07 10:40:31 | 000,000,000 | ---D | M] -- C:\ProgramData\SUPERAntiSpyware.com
[2009/07/14 05:08:56 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2012/02/17 14:11:25 | 000,000,000 | ---D | M] -- C:\ProgramData\Thomson.ResearchSoft.Installers
[2012/05/25 17:08:48 | 000,000,000 | ---D | M] -- C:\ProgramData\Wave Systems Corp
[2009/12/25 16:53:17 | 000,000,000 | ---D | M] -- C:\ProgramData\Win7codecs
[2010/02/25 20:58:16 | 000,000,000 | ---D | M] -- C:\ProgramData\{0DD0EEEE-2A7C-411C-9243-1AE62F445FC3}
[2010/08/19 09:55:42 | 000,000,000 | ---D | M] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
 
<  %programdata%\Microsoft\Windows\DRM\*.tmp >
 
<  %programdata%\Microsoft\DRM\*.tmp >
 
<  %programdata%\temp\*.exe >
 
<  %programdata%\temp\*.dll >
 
<  %programdata%\temp\*.tlb >
 
<  C:\Users\All Users\*.exe /s >
[2009/02/04 12:56:16 | 000,086,376 | ---- | M] (GEAR Software, Inc.) -- C:\Users\All Users\{93E26451-CD9A-43A5-A2FA-C42392EA4001}\x64\DifXInstall64.exe
[2012/01/04 07:08:53 | 033,560,984 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\AdbeRdr950_en_US.exe
[2012/01/03 07:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\7281\AcrobatUpdater.exe
[2012/01/03 07:37:53 | 000,843,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\7281\AdobeARM.exe
[2012/01/03 07:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\7281\AdobeARMHelper.exe
[2012/01/03 07:37:53 | 000,320,456 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\7281\ReaderUpdater.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\10054\AcrobatUpdater.exe
[2013/04/04 21:06:36 | 000,958,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\10054\AdobeARM.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\10054\AdobeARMHelper.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\10054\ReaderUpdater.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\1012\AcrobatUpdater.exe
[2013/04/04 21:06:36 | 000,958,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\1012\AdobeARM.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\1012\AdobeARMHelper.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\1012\ReaderUpdater.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\10374\AcrobatUpdater.exe
[2012/12/03 07:35:28 | 000,946,352 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\10374\AdobeARM.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\10374\AdobeARMHelper.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\10374\ReaderUpdater.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\10484\AcrobatUpdater.exe
[2013/04/04 21:06:36 | 000,958,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\10484\AdobeARM.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\10484\AdobeARMHelper.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\10484\ReaderUpdater.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\10815\AcrobatUpdater.exe
[2013/04/04 21:06:36 | 000,958,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\10815\AdobeARM.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\10815\AdobeARMHelper.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\10815\ReaderUpdater.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\1120\AcrobatUpdater.exe
[2012/12/03 07:35:28 | 000,946,352 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\1120\AdobeARM.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\1120\AdobeARMHelper.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\1120\ReaderUpdater.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\11200\AcrobatUpdater.exe
[2013/04/04 21:06:36 | 000,958,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\11200\AdobeARM.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\11200\AdobeARMHelper.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\11200\ReaderUpdater.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\11285\AcrobatUpdater.exe
[2013/04/04 21:06:36 | 000,958,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\11285\AdobeARM.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\11285\AdobeARMHelper.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\11285\ReaderUpdater.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\11410\AcrobatUpdater.exe
[2013/04/04 21:06:36 | 000,958,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\11410\AdobeARM.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\11410\AdobeARMHelper.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\11410\ReaderUpdater.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\11518\AcrobatUpdater.exe
[2013/04/04 21:06:36 | 000,958,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\11518\AdobeARM.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\11518\AdobeARMHelper.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\11518\ReaderUpdater.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\11523\AcrobatUpdater.exe
[2013/04/04 21:06:36 | 000,958,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\11523\AdobeARM.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\11523\AdobeARMHelper.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\11523\ReaderUpdater.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\12198\AcrobatUpdater.exe
[2013/04/04 21:06:36 | 000,958,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\12198\AdobeARM.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\12198\AdobeARMHelper.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\12198\ReaderUpdater.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\12673\AcrobatUpdater.exe
[2012/12/03 07:35:28 | 000,946,352 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\12673\AdobeARM.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\12673\AdobeARMHelper.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\12673\ReaderUpdater.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\12758\AcrobatUpdater.exe
[2012/12/03 07:35:28 | 000,946,352 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\12758\AdobeARM.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\12758\AdobeARMHelper.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\12758\ReaderUpdater.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\12955\AcrobatUpdater.exe
[2013/04/04 21:06:36 | 000,958,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\12955\AdobeARM.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\12955\AdobeARMHelper.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\12955\ReaderUpdater.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\13618\AcrobatUpdater.exe
[2013/04/04 21:06:36 | 000,958,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\13618\AdobeARM.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\13618\AdobeARMHelper.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\13618\ReaderUpdater.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\13954\AcrobatUpdater.exe
[2012/12/03 07:35:28 | 000,946,352 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\13954\AdobeARM.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\13954\AdobeARMHelper.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\13954\ReaderUpdater.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\14141\AcrobatUpdater.exe
[2013/04/04 21:06:36 | 000,958,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\14141\AdobeARM.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\14141\AdobeARMHelper.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\14141\ReaderUpdater.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\14272\AcrobatUpdater.exe
[2012/12/03 07:35:28 | 000,946,352 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\14272\AdobeARM.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\14272\AdobeARMHelper.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\14272\ReaderUpdater.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\14284\AcrobatUpdater.exe
[2012/12/03 07:35:28 | 000,946,352 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\14284\AdobeARM.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\14284\AdobeARMHelper.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\14284\ReaderUpdater.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\14310\AcrobatUpdater.exe
[2013/04/04 21:06:36 | 000,958,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\14310\AdobeARM.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\14310\AdobeARMHelper.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\14310\ReaderUpdater.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\14367\AcrobatUpdater.exe
[2013/04/04 21:06:36 | 000,958,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\14367\AdobeARM.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\14367\AdobeARMHelper.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\14367\ReaderUpdater.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\14583\AcrobatUpdater.exe
[2012/12/03 07:35:28 | 000,946,352 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\14583\AdobeARM.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\14583\AdobeARMHelper.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\14583\ReaderUpdater.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\1512\AcrobatUpdater.exe
[2013/04/04 21:06:36 | 000,958,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\1512\AdobeARM.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\1512\AdobeARMHelper.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\1512\ReaderUpdater.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\15357\AcrobatUpdater.exe
[2013/04/04 21:06:36 | 000,958,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\15357\AdobeARM.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\15357\AdobeARMHelper.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\15357\ReaderUpdater.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\16383\AcrobatUpdater.exe
[2013/04/04 21:06:36 | 000,958,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\16383\AdobeARM.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\16383\AdobeARMHelper.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\16383\ReaderUpdater.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\16529\AcrobatUpdater.exe
[2012/12/03 07:35:28 | 000,946,352 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\16529\AdobeARM.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\16529\AdobeARMHelper.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\16529\ReaderUpdater.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\16755\AcrobatUpdater.exe
[2012/12/03 07:35:28 | 000,946,352 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\16755\AdobeARM.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\16755\AdobeARMHelper.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\16755\ReaderUpdater.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\16932\AcrobatUpdater.exe
[2013/04/04 21:06:36 | 000,958,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\16932\AdobeARM.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\16932\AdobeARMHelper.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\16932\ReaderUpdater.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\16961\AcrobatUpdater.exe
[2012/12/03 07:35:28 | 000,946,352 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\16961\AdobeARM.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\16961\AdobeARMHelper.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\16961\ReaderUpdater.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\17354\AcrobatUpdater.exe
[2012/12/03 07:35:28 | 000,946,352 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\17354\AdobeARM.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\17354\AdobeARMHelper.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\17354\ReaderUpdater.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\17357\AcrobatUpdater.exe
[2013/04/04 21:06:36 | 000,958,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\17357\AdobeARM.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\17357\AdobeARMHelper.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\17357\ReaderUpdater.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\17457\AcrobatUpdater.exe
[2013/04/04 21:06:36 | 000,958,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\17457\AdobeARM.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\17457\AdobeARMHelper.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\17457\ReaderUpdater.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\17857\AcrobatUpdater.exe
[2013/04/04 21:06:36 | 000,958,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\17857\AdobeARM.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\17857\AdobeARMHelper.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\17857\ReaderUpdater.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\18574\AcrobatUpdater.exe
[2013/04/04 21:06:36 | 000,958,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\18574\AdobeARM.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\18574\AdobeARMHelper.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\18574\ReaderUpdater.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\18649\AcrobatUpdater.exe
[2013/04/04 21:06:36 | 000,958,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\18649\AdobeARM.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\18649\AdobeARMHelper.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\18649\ReaderUpdater.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\18759\AcrobatUpdater.exe
[2013/04/04 21:06:36 | 000,958,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\18759\AdobeARM.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\18759\AdobeARMHelper.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\18759\ReaderUpdater.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\19384\AcrobatUpdater.exe
[2013/04/04 21:06:36 | 000,958,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\19384\AdobeARM.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\19384\AdobeARMHelper.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\19384\ReaderUpdater.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\19490\AcrobatUpdater.exe
[2013/04/04 21:06:36 | 000,958,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\19490\AdobeARM.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\19490\AdobeARMHelper.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\19490\ReaderUpdater.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\19778\AcrobatUpdater.exe
[2013/04/04 21:06:36 | 000,958,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\19778\AdobeARM.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\19778\AdobeARMHelper.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\19778\ReaderUpdater.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\19815\AcrobatUpdater.exe
[2013/04/04 21:06:36 | 000,958,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\19815\AdobeARM.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\19815\AdobeARMHelper.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\19815\ReaderUpdater.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\19858\AcrobatUpdater.exe
[2012/12/03 07:35:28 | 000,946,352 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\19858\AdobeARM.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\19858\AdobeARMHelper.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\19858\ReaderUpdater.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\19887\AcrobatUpdater.exe
[2013/04/04 21:06:36 | 000,958,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\19887\AdobeARM.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\19887\AdobeARMHelper.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\19887\ReaderUpdater.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\20068\AcrobatUpdater.exe
[2012/12/03 07:35:28 | 000,946,352 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\20068\AdobeARM.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\20068\AdobeARMHelper.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\20068\ReaderUpdater.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\20208\AcrobatUpdater.exe
[2013/04/04 21:06:36 | 000,958,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\20208\AdobeARM.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\20208\AdobeARMHelper.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\20208\ReaderUpdater.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\20315\AcrobatUpdater.exe
[2013/04/04 21:06:36 | 000,958,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\20315\AdobeARM.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\20315\AdobeARMHelper.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\20315\ReaderUpdater.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\20660\AcrobatUpdater.exe
[2013/04/04 21:06:36 | 000,958,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\20660\AdobeARM.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\20660\AdobeARMHelper.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\20660\ReaderUpdater.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\20715\AcrobatUpdater.exe
[2013/04/04 21:06:36 | 000,958,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\20715\AdobeARM.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\20715\AdobeARMHelper.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\20715\ReaderUpdater.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\20759\AcrobatUpdater.exe
[2012/12/03 07:35:28 | 000,946,352 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\20759\AdobeARM.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\20759\AdobeARMHelper.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\20759\ReaderUpdater.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\21534\AcrobatUpdater.exe
[2013/04/04 21:06:36 | 000,958,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\21534\AdobeARM.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\21534\AdobeARMHelper.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\21534\ReaderUpdater.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\21721\AcrobatUpdater.exe
[2012/12/03 07:35:28 | 000,946,352 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\21721\AdobeARM.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\21721\AdobeARMHelper.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\21721\ReaderUpdater.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\22349\AcrobatUpdater.exe
[2012/12/03 07:35:28 | 000,946,352 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\22349\AdobeARM.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\22349\AdobeARMHelper.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\22349\ReaderUpdater.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\22376\AcrobatUpdater.exe
[2012/12/03 07:35:28 | 000,946,352 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\22376\AdobeARM.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\22376\AdobeARMHelper.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\22376\ReaderUpdater.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\22419\AcrobatUpdater.exe
[2012/12/03 07:35:28 | 000,946,352 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\22419\AdobeARM.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\22419\AdobeARMHelper.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\22419\ReaderUpdater.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\2309\AcrobatUpdater.exe
[2012/12/03 07:35:28 | 000,946,352 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\2309\AdobeARM.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\2309\AdobeARMHelper.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\2309\ReaderUpdater.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\23390\AcrobatUpdater.exe
[2012/12/03 07:35:28 | 000,946,352 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\23390\AdobeARM.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\23390\AdobeARMHelper.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\23390\ReaderUpdater.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\24508\AcrobatUpdater.exe
[2013/04/04 21:06:36 | 000,958,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\24508\AdobeARM.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\24508\AdobeARMHelper.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\24508\ReaderUpdater.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\24523\AcrobatUpdater.exe
[2013/04/04 21:06:36 | 000,958,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\24523\AdobeARM.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\24523\AdobeARMHelper.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\24523\ReaderUpdater.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\24533\AcrobatUpdater.exe
[2013/04/04 21:06:36 | 000,958,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\24533\AdobeARM.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\24533\AdobeARMHelper.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\24533\ReaderUpdater.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\248\AcrobatUpdater.exe
[2013/04/04 21:06:36 | 000,958,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\248\AdobeARM.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\248\AdobeARMHelper.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\248\ReaderUpdater.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\24820\AcrobatUpdater.exe
[2013/04/04 21:06:36 | 000,958,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\24820\AdobeARM.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\24820\AdobeARMHelper.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\24820\ReaderUpdater.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\24907\AcrobatUpdater.exe
[2013/04/04 21:06:36 | 000,958,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\24907\AdobeARM.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\24907\AdobeARMHelper.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\24907\ReaderUpdater.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\25149\AcrobatUpdater.exe
[2013/04/04 21:06:36 | 000,958,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\25149\AdobeARM.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\25149\AdobeARMHelper.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\25149\ReaderUpdater.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\25627\AcrobatUpdater.exe
[2013/04/04 21:06:36 | 000,958,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\25627\AdobeARM.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\25627\AdobeARMHelper.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\25627\ReaderUpdater.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\25934\AcrobatUpdater.exe
[2013/04/04 21:06:36 | 000,958,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\25934\AdobeARM.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\25934\AdobeARMHelper.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\25934\ReaderUpdater.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\25937\AcrobatUpdater.exe
[2013/04/04 21:06:36 | 000,958,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\25937\AdobeARM.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\25937\AdobeARMHelper.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\25937\ReaderUpdater.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\26060\AcrobatUpdater.exe
[2013/04/04 21:06:36 | 000,958,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\26060\AdobeARM.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\26060\AdobeARMHelper.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\26060\ReaderUpdater.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\26226\AcrobatUpdater.exe
[2013/04/04 21:06:36 | 000,958,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\26226\AdobeARM.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\26226\AdobeARMHelper.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\26226\ReaderUpdater.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\26352\AcrobatUpdater.exe
[2013/04/04 21:06:36 | 000,958,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\26352\AdobeARM.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\26352\AdobeARMHelper.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\26352\ReaderUpdater.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\26501\AcrobatUpdater.exe
[2013/04/04 21:06:36 | 000,958,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\26501\AdobeARM.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\26501\AdobeARMHelper.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\26501\ReaderUpdater.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\27209\AcrobatUpdater.exe
[2013/04/04 21:06:36 | 000,958,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\27209\AdobeARM.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\27209\AdobeARMHelper.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\27209\ReaderUpdater.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\27882\AcrobatUpdater.exe
[2013/04/04 21:06:36 | 000,958,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\27882\AdobeARM.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\27882\AdobeARMHelper.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\27882\ReaderUpdater.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\28287\AcrobatUpdater.exe
[2013/04/04 21:06:36 | 000,958,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\28287\AdobeARM.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\28287\AdobeARMHelper.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\28287\ReaderUpdater.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\28372\AcrobatUpdater.exe
[2013/04/04 21:06:36 | 000,958,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\28372\AdobeARM.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\28372\AdobeARMHelper.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\28372\ReaderUpdater.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\28651\AcrobatUpdater.exe
[2012/12/03 07:35:28 | 000,946,352 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\28651\AdobeARM.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\28651\AdobeARMHelper.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\28651\ReaderUpdater.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\28711\AcrobatUpdater.exe
[2012/12/03 07:35:28 | 000,946,352 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\28711\AdobeARM.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\28711\AdobeARMHelper.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\28711\ReaderUpdater.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\28957\AcrobatUpdater.exe
[2012/12/03 07:35:28 | 000,946,352 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\28957\AdobeARM.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\28957\AdobeARMHelper.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\28957\ReaderUpdater.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\28981\AcrobatUpdater.exe
[2012/12/03 07:35:28 | 000,946,352 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\28981\AdobeARM.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\28981\AdobeARMHelper.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\28981\ReaderUpdater.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\29091\AcrobatUpdater.exe
[2013/04/04 21:06:36 | 000,958,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\29091\AdobeARM.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\29091\AdobeARMHelper.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\29091\ReaderUpdater.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\29095\AcrobatUpdater.exe
[2012/12/03 07:35:28 | 000,946,352 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\29095\AdobeARM.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\29095\AdobeARMHelper.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\29095\ReaderUpdater.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\29573\AcrobatUpdater.exe
[2013/04/04 21:06:36 | 000,958,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\29573\AdobeARM.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\29573\AdobeARMHelper.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\29573\ReaderUpdater.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\30294\AcrobatUpdater.exe
[2013/04/04 21:06:36 | 000,958,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\30294\AdobeARM.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\30294\AdobeARMHelper.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\30294\ReaderUpdater.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\30697\AcrobatUpdater.exe
[2013/04/04 21:06:36 | 000,958,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\30697\AdobeARM.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\30697\AdobeARMHelper.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\30697\ReaderUpdater.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\30711\AcrobatUpdater.exe
[2013/04/04 21:06:36 | 000,958,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\30711\AdobeARM.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\30711\AdobeARMHelper.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\30711\ReaderUpdater.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\30962\AcrobatUpdater.exe
[2012/12/03 07:35:28 | 000,946,352 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\30962\AdobeARM.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\30962\AdobeARMHelper.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\30962\ReaderUpdater.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\30977\AcrobatUpdater.exe
[2013/04/04 21:06:36 | 000,958,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\30977\AdobeARM.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\30977\AdobeARMHelper.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\30977\ReaderUpdater.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\31201\AcrobatUpdater.exe
[2012/12/03 07:35:28 | 000,946,352 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\31201\AdobeARM.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\31201\AdobeARMHelper.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\31201\ReaderUpdater.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\31218\AcrobatUpdater.exe
[2012/12/03 07:35:28 | 000,946,352 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\31218\AdobeARM.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\31218\AdobeARMHelper.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\31218\ReaderUpdater.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\3122\AcrobatUpdater.exe
[2013/04/04 21:06:36 | 000,958,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\3122\AdobeARM.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\3122\AdobeARMHelper.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\3122\ReaderUpdater.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\31398\AcrobatUpdater.exe
[2013/04/04 21:06:36 | 000,958,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\31398\AdobeARM.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\31398\AdobeARMHelper.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\31398\ReaderUpdater.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\31645\AcrobatUpdater.exe
[2013/04/04 21:06:36 | 000,958,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\31645\AdobeARM.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\31645\AdobeARMHelper.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\31645\ReaderUpdater.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\31731\AcrobatUpdater.exe
[2013/04/04 21:06:36 | 000,958,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\31731\AdobeARM.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\31731\AdobeARMHelper.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\31731\ReaderUpdater.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\32150\AcrobatUpdater.exe
[2013/04/04 21:06:36 | 000,958,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\32150\AdobeARM.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\32150\AdobeARMHelper.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\32150\ReaderUpdater.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\32318\AcrobatUpdater.exe
[2013/04/04 21:06:36 | 000,958,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\32318\AdobeARM.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\32318\AdobeARMHelper.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\32318\ReaderUpdater.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\32519\AcrobatUpdater.exe
[2013/04/04 21:06:36 | 000,958,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\32519\AdobeARM.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\32519\AdobeARMHelper.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\32519\ReaderUpdater.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\32624\AcrobatUpdater.exe
[2013/04/04 21:06:36 | 000,958,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\32624\AdobeARM.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\32624\AdobeARMHelper.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\32624\ReaderUpdater.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\3268\AcrobatUpdater.exe
[2013/04/04 21:06:36 | 000,958,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\3268\AdobeARM.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\3268\AdobeARMHelper.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\3268\ReaderUpdater.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\330\AcrobatUpdater.exe
[2013/04/04 21:06:36 | 000,958,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\330\AdobeARM.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\330\AdobeARMHelper.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\330\ReaderUpdater.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\3655\AcrobatUpdater.exe
[2012/12/03 07:35:28 | 000,946,352 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\3655\AdobeARM.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\3655\AdobeARMHelper.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\3655\ReaderUpdater.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\3906\AcrobatUpdater.exe
[2012/12/03 07:35:28 | 000,946,352 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\3906\AdobeARM.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\3906\AdobeARMHelper.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\3906\ReaderUpdater.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\4701\AcrobatUpdater.exe
[2013/04/04 21:06:36 | 000,958,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\4701\AdobeARM.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\4701\AdobeARMHelper.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\4701\ReaderUpdater.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\4995\AcrobatUpdater.exe
[2013/04/04 21:06:36 | 000,958,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\4995\AdobeARM.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\4995\AdobeARMHelper.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\4995\ReaderUpdater.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\5124\AcrobatUpdater.exe
[2013/04/04 21:06:36 | 000,958,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\5124\AdobeARM.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\5124\AdobeARMHelper.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\5124\ReaderUpdater.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\5414\AcrobatUpdater.exe
[2013/04/04 21:06:36 | 000,958,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\5414\AdobeARM.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\5414\AdobeARMHelper.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\5414\ReaderUpdater.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\5500\AcrobatUpdater.exe
[2013/04/04 21:06:36 | 000,958,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\5500\AdobeARM.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\5500\AdobeARMHelper.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\5500\ReaderUpdater.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\5635\AcrobatUpdater.exe
[2013/04/04 21:06:36 | 000,958,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\5635\AdobeARM.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\5635\AdobeARMHelper.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\5635\ReaderUpdater.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\5658\AcrobatUpdater.exe
[2012/12/03 07:35:28 | 000,946,352 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\5658\AdobeARM.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\5658\AdobeARMHelper.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\5658\ReaderUpdater.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\5685\AcrobatUpdater.exe
[2012/12/03 07:35:28 | 000,946,352 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\5685\AdobeARM.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\5685\AdobeARMHelper.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\5685\ReaderUpdater.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\5848\AcrobatUpdater.exe
[2013/04/04 21:06:36 | 000,958,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\5848\AdobeARM.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\5848\AdobeARMHelper.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\5848\ReaderUpdater.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\6060\AcrobatUpdater.exe
[2013/04/04 21:06:36 | 000,958,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\6060\AdobeARM.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\6060\AdobeARMHelper.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\6060\ReaderUpdater.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\6062\AcrobatUpdater.exe
[2012/12/03 07:35:28 | 000,946,352 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\6062\AdobeARM.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\6062\AdobeARMHelper.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\6062\ReaderUpdater.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\6301\AcrobatUpdater.exe
[2013/04/04 21:06:36 | 000,958,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\6301\AdobeARM.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\6301\AdobeARMHelper.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\6301\ReaderUpdater.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\6474\AcrobatUpdater.exe
[2013/04/04 21:06:36 | 000,958,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\6474\AdobeARM.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\6474\AdobeARMHelper.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\6474\ReaderUpdater.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\6570\AcrobatUpdater.exe
[2013/04/04 21:06:36 | 000,958,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\6570\AdobeARM.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\6570\AdobeARMHelper.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\6570\ReaderUpdater.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\678\AcrobatUpdater.exe
[2013/04/04 21:06:36 | 000,958,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\678\AdobeARM.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\678\AdobeARMHelper.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\678\ReaderUpdater.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\6848\AcrobatUpdater.exe
[2013/04/04 21:06:36 | 000,958,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\6848\AdobeARM.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\6848\AdobeARMHelper.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\6848\ReaderUpdater.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\726\AcrobatUpdater.exe
[2012/12/03 07:35:28 | 000,946,352 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\726\AdobeARM.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\726\AdobeARMHelper.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\726\ReaderUpdater.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\7296\AcrobatUpdater.exe
[2012/12/03 07:35:28 | 000,946,352 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\7296\AdobeARM.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\7296\AdobeARMHelper.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\7296\ReaderUpdater.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\7554\AcrobatUpdater.exe
[2013/04/04 21:06:36 | 000,958,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\7554\AdobeARM.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\7554\AdobeARMHelper.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\7554\ReaderUpdater.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\7617\AcrobatUpdater.exe
[2013/04/04 21:06:36 | 000,958,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\7617\AdobeARM.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\7617\AdobeARMHelper.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\7617\ReaderUpdater.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\7843\AcrobatUpdater.exe
[2012/12/03 07:35:28 | 000,946,352 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\7843\AdobeARM.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\7843\AdobeARMHelper.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\7843\ReaderUpdater.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\7879\AcrobatUpdater.exe
[2013/04/04 21:06:36 | 000,958,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\7879\AdobeARM.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\7879\AdobeARMHelper.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\7879\ReaderUpdater.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\8095\AcrobatUpdater.exe
[2012/12/03 07:35:28 | 000,946,352 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\8095\AdobeARM.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\8095\AdobeARMHelper.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\8095\ReaderUpdater.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\8122\AcrobatUpdater.exe
[2013/04/04 21:06:36 | 000,958,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\8122\AdobeARM.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\8122\AdobeARMHelper.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\8122\ReaderUpdater.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\8217\AcrobatUpdater.exe
[2013/04/04 21:06:36 | 000,958,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\8217\AdobeARM.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\8217\AdobeARMHelper.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\8217\ReaderUpdater.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\8302\AcrobatUpdater.exe
[2013/04/04 21:06:36 | 000,958,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\8302\AdobeARM.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\8302\AdobeARMHelper.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\8302\ReaderUpdater.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\866\AcrobatUpdater.exe
[2012/12/03 07:35:28 | 000,946,352 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\866\AdobeARM.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\866\AdobeARMHelper.exe
[2012/12/03 07:35:28 | 000,352,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\866\ReaderUpdater.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\9056\AcrobatUpdater.exe
[2013/04/04 21:06:36 | 000,958,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\9056\AdobeARM.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\9056\AdobeARMHelper.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\9056\ReaderUpdater.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\9089\AcrobatUpdater.exe
[2013/04/04 21:06:36 | 000,958,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\9089\AdobeARM.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\9089\AdobeARMHelper.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\9089\ReaderUpdater.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\9563\AcrobatUpdater.exe
[2013/04/04 21:06:36 | 000,958,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\9563\AdobeARM.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\9563\AdobeARMHelper.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\9563\ReaderUpdater.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\9717\AcrobatUpdater.exe
[2013/04/04 21:06:36 | 000,958,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\9717\AdobeARM.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\9717\AdobeARMHelper.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\9717\ReaderUpdater.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\9740\AcrobatUpdater.exe
[2013/04/04 21:06:36 | 000,958,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\9740\AdobeARM.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\9740\AdobeARMHelper.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\9740\ReaderUpdater.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\9782\AcrobatUpdater.exe
[2013/04/04 21:06:36 | 000,958,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\9782\AdobeARM.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\9782\AdobeARMHelper.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\9782\ReaderUpdater.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\9814\AcrobatUpdater.exe
[2013/04/04 21:06:36 | 000,958,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\9814\AdobeARM.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\9814\AdobeARMHelper.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\9814\ReaderUpdater.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\9901\AcrobatUpdater.exe
[2013/04/04 21:06:36 | 000,958,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\9901\AdobeARM.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\9901\AdobeARMHelper.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\9901\ReaderUpdater.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\9972\AcrobatUpdater.exe
[2013/04/04 21:06:36 | 000,958,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\9972\AdobeARM.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\9972\AdobeARMHelper.exe
[2013/04/04 21:06:36 | 000,353,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Users\All Users\Adobe\Reader\9.3\ARM\Matthew\9972\ReaderUpdater.exe
[2011/05/23 07:14:51 | 000,073,000 | ---- | M] (Apple Inc.) -- C:\Users\All Users\Apple Computer\Installer Cache\iTunes 10.2.2.14\SetupAdmin.exe
[2010/06/22 22:15:04 | 000,501,936 | ---- | M] (Google Inc.) -- C:\Users\All Users\Google\Google Toolbar\Update\gtbA065.tmp.exe
[2011/07/09 20:31:17 | 056,982,041 | ---- | M] () -- C:\Users\All Users\Installations\{AB6F6C80-1C35-4672-BDEF-F26FF214C409}\Samsung_PC_Studio_7.2.24.9.exe
[2012/09/27 15:26:59 | 008,783,240 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Users\All Users\Leapfrog\LeapFrog Connect\Updater\UPCUpdater.exe
[2013/04/14 22:11:04 | 010,285,040 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
[2014/03/25 10:57:50 | 000,468,480 | ---- | M] () -- C:\Users\All Users\Microsoft\Windows Defender\LocalCopy\{50868F94-5A34-8704-AC35-CBC98C8F65FF}-heje.exe
[2014/03/25 22:03:59 | 000,468,480 | ---- | M] () -- C:\Users\All Users\Microsoft\Windows Defender\LocalCopy\{ACD106BC-A7D8-A1AD-A233-AA66486F89D5}-heje.exe
[2009/07/14 05:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009/07/14 05:08:49 | 000,032,608 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/07/26 20:01:34 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
 
 

Attached Files



#11 mrthehoople

mrthehoople
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:09:57 PM

Posted 27 March 2014 - 04:33 PM

part 2 of the otl log...  I attached the extras bit to the last post..

 

Many thanks again!

 

<  C:\Users\Default\*.exe /s >
 
<  C:\Users\Public\*.exe /s >
 
<  %CommonProgramFiles%\*.* >
 
<  %CommonProgramFiles%\*. >
[2010/05/17 20:58:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\Adobe
[2010/10/05 18:50:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2011/05/23 07:21:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\Apple
[2011/05/24 19:23:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\DESIGNER
[2009/10/22 10:44:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\InstallShield
[2013/09/22 20:09:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\Java
[2012/02/14 07:40:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\microsoft shared
[2012/02/17 14:11:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\ResearchSoft
[2012/02/17 14:11:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\Risxtd
[2009/07/14 03:20:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\Services
[2009/07/14 03:20:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\SpeechEngines
[2011/11/09 03:22:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\System
[2011/05/22 01:26:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\Telespree
[2009/10/21 17:13:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\Windows Live
[2012/06/12 19:13:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2011/01/03 20:39:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files\xing shared
 
<  %CommonProgramFiles%\ComObjects\*.* >
 
<  %ProgramFiles%\*.* >
[2009/07/14 04:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
 
<  %ProgramFiles%\*. >
[2010/06/27 20:54:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe
[2011/05/20 17:12:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Apple Software Update
[2012/04/17 21:39:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\BabasChess
[2011/05/23 07:19:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Bonjour
[2009/10/21 15:50:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Cisco
[2012/06/15 10:25:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Citrix
[2013/09/22 20:09:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files
[2013/10/18 00:00:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Crawl
[2009/10/21 15:47:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Dell
[2009/10/22 10:54:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Dell Webcam
[2013/05/09 19:21:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Emsisoft Anti-Malware
[2013/12/15 02:02:09 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\eMule
[2012/02/17 14:11:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\EndNote X4
[2013/12/15 02:12:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Eusing Free Registry Cleaner
[2011/08/04 22:45:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\FileSeek
[2013/07/10 22:49:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Garmin
[2012/04/26 13:07:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\HP
[2011/09/24 08:24:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ImgBurn
[2013/12/08 16:40:41 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
[2013/06/18 20:52:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer
[2011/05/23 07:21:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\iTunes
[2014/01/14 21:36:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Java
[2012/09/27 15:25:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\LeapFrog
[2013/04/14 22:11:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/10/07 21:56:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MeeSoft
[2011/07/08 22:57:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Micro Machines 2 - Turbo Tournament
[2012/01/25 10:25:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft
[2009/10/21 15:14:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
[2011/10/26 22:39:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office
[2013/03/14 14:21:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Silverlight
[2011/05/20 17:13:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Works
[2010/06/27 21:11:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET
[2014/02/15 20:59:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox
[2014/02/16 15:59:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2010/12/20 21:51:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild
[2009/10/21 16:06:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NTRU Cryptosystems
[2014/03/02 00:15:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PacificPoker
[2011/07/09 20:37:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PC Connectivity Solution
[2011/05/23 07:20:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\QuickTime
[2011/01/03 20:39:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Real
[2009/07/14 05:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies
[2012/06/12 19:15:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SigmaPlot
[2011/11/02 23:31:54 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SOWPODS (SCRABBLE) Dictionary
[2011/05/22 02:00:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Tiscali Broadband
[2013/01/07 00:09:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Ubisoft
[2009/07/14 04:57:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Uninstall Information
[2011/05/20 17:13:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\uTorrent2
[2010/07/04 11:15:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\VideoLAN
[2009/12/25 03:10:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Win7codecs
[2009/07/14 05:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender
[2011/10/27 08:08:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail
[2011/10/27 08:08:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player
[2009/07/14 05:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT
[2011/10/27 08:08:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Viewer
[2011/10/27 08:08:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices
[2011/10/27 08:08:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Sidebar
[2011/05/22 15:26:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\WinRAR
[2012/01/25 10:13:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\WinUAE
[2011/03/06 19:19:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Zynga
 
<  %Public%\Documents\*.* >
[2009/07/14 04:54:24 | 000,000,278 | -HS- | M] () -- C:\Users\Public\Documents\desktop.ini
 
<  %Public%\Documents\*. >
[2011/03/15 18:47:25 | 000,000,000 | ---D | M] -- C:\Users\Public\Documents\EndNote
[2009/07/14 05:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Public\Documents\My Music
[2009/07/14 05:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Public\Documents\My Pictures
[2009/07/14 05:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Public\Documents\My Videos
 
<  %systemroot%\System32\config\systemprofile\*.exe /s >
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) -- C:\Windows\System32\config\systemprofile\AppData\Local\Temp\RarSFX0\nircmd.exe
[2009/05/26 18:47:18 | 000,030,720 | ---- | M] (NirSoft) -- C:\Windows\System32\config\systemprofile\AppData\Local\Temp\RarSFX0\nircmdc.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () -- C:\Windows\System32\config\systemprofile\AppData\Local\Temp\RarSFX0\pev.exe
[2011/03/04 16:08:34 | 000,302,187 | ---- | M] () -- C:\Windows\System32\config\systemprofile\AppData\Local\Temp\RarSFX0\proxycheck.exe
[2000/08/31 08:00:00 | 000,098,816 | ---- | M] () -- C:\Windows\System32\config\systemprofile\AppData\Local\Temp\RarSFX0\sed.exe
[2000/08/31 08:00:00 | 000,161,792 | ---- | M] (SteelWerX) -- C:\Windows\System32\config\systemprofile\AppData\Local\Temp\RarSFX0\swreg.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) -- C:\Windows\System32\config\systemprofile\AppData\Local\Temp\RarSFX0\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) -- C:\Windows\System32\config\systemprofile\AppData\Local\Temp\RarSFX0\winlogon.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () -- C:\Windows\System32\config\systemprofile\AppData\Local\Temp\RarSFX0\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () -- C:\Windows\System32\config\systemprofile\AppData\Local\Temp\RarSFX0\h\iexplore.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () -- C:\Windows\System32\config\systemprofile\AppData\Local\Temp\RarSFX0\procs\iexplore.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) -- C:\Windows\System32\config\systemprofile\AppData\Local\Temp\RarSFX1\nircmd.exe
[2009/05/26 18:47:18 | 000,030,720 | ---- | M] (NirSoft) -- C:\Windows\System32\config\systemprofile\AppData\Local\Temp\RarSFX1\nircmdc.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () -- C:\Windows\System32\config\systemprofile\AppData\Local\Temp\RarSFX1\pev.exe
[2011/03/04 16:08:34 | 000,302,187 | ---- | M] () -- C:\Windows\System32\config\systemprofile\AppData\Local\Temp\RarSFX1\proxycheck.exe
[2000/08/31 08:00:00 | 000,098,816 | ---- | M] () -- C:\Windows\System32\config\systemprofile\AppData\Local\Temp\RarSFX1\sed.exe
[2000/08/31 08:00:00 | 000,161,792 | ---- | M] (SteelWerX) -- C:\Windows\System32\config\systemprofile\AppData\Local\Temp\RarSFX1\swreg.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) -- C:\Windows\System32\config\systemprofile\AppData\Local\Temp\RarSFX1\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) -- C:\Windows\System32\config\systemprofile\AppData\Local\Temp\RarSFX1\winlogon.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () -- C:\Windows\System32\config\systemprofile\AppData\Local\Temp\RarSFX1\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () -- C:\Windows\System32\config\systemprofile\AppData\Local\Temp\RarSFX1\h\iexplore.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () -- C:\Windows\System32\config\systemprofile\AppData\Local\Temp\RarSFX1\procs\iexplore.exe
[2011/07/30 19:03:15 | 000,512,992 | ---- | M] () -- C:\Windows\System32\config\systemprofile\Desktop\sdsetup_revwire207.exe
 
<  %systemroot%\System32\config\systemprofile\*.* >
[2013/05/09 00:37:20 | 000,000,000 | ---- | M] () -- C:\Windows\System32\config\systemprofile\ntuser.dat
[2013/05/09 02:55:52 | 000,000,000 | -HS- | M] () -- C:\Windows\System32\config\systemprofile\ntuser.dat.LOG1
[2013/05/09 02:55:53 | 000,000,000 | -HS- | M] () -- C:\Windows\System32\config\systemprofile\ntuser.dat.LOG2
 
<  %systemroot%\System32\config\systemprofile\*. >
[2009/07/14 04:55:33 | 000,000,000 | --SD | M] -- C:\Windows\System32\config\systemprofile\AppData
[2011/07/30 19:07:32 | 000,000,000 | ---D | M] -- C:\Windows\System32\config\systemprofile\Desktop
[2011/05/22 00:44:35 | 000,000,000 | R--D | M] -- C:\Windows\System32\config\systemprofile\Favorites
 
<  %systemroot%\system32\config\systemprofile\AppData\Local\*.* >
[2011/05/22 00:40:08 | 000,000,000 | ---- | M] () -- C:\Windows\system32\config\systemprofile\AppData\Local\aqagnprb.log
[2011/05/22 01:09:34 | 000,000,024 | ---- | M] () -- C:\Windows\system32\config\systemprofile\AppData\Local\cyqkcstl.log
[2011/05/19 06:39:17 | 000,004,011 | ---- | M] () -- C:\Windows\system32\config\systemprofile\AppData\Local\hilielkg.log
[2011/05/19 06:39:19 | 000,000,927 | ---- | M] () -- C:\Windows\system32\config\systemprofile\AppData\Local\oroovify.log
[2011/05/19 06:39:19 | 000,143,980 | ---- | M] () -- C:\Windows\system32\config\systemprofile\AppData\Local\qkilihjf.log
[2011/05/19 06:39:17 | 000,003,146 | ---- | M] () -- C:\Windows\system32\config\systemprofile\AppData\Local\uyxbkqgd.log
 
<  %systemroot%\system32\config\systemprofile\AppData\Local\*. >
[2012/02/22 00:07:46 | 000,000,000 | ---D | M] -- C:\Windows\system32\config\systemprofile\AppData\Local\Google
[2012/06/07 10:58:26 | 000,000,000 | ---D | M] -- C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft
[2011/10/27 07:19:13 | 000,000,000 | ---D | M] -- C:\Windows\system32\config\systemprofile\AppData\Local\Temp
 
<  %systemroot%\system32\config\systemprofile\AppData\Roaming\*.* >
 
<  %systemroot%\system32\config\systemprofile\AppData\Roaming\*. >
[2012/06/07 00:15:37 | 000,000,000 | ---D | M] -- C:\Windows\system32\config\systemprofile\AppData\Roaming\Adobe
[2011/05/23 07:19:36 | 000,000,000 | ---D | M] -- C:\Windows\system32\config\systemprofile\AppData\Roaming\Apple Computer
[2011/05/22 09:37:26 | 000,000,000 | ---D | M] -- C:\Windows\system32\config\systemprofile\AppData\Roaming\EndNote
[2012/06/07 00:15:45 | 000,000,000 | ---D | M] -- C:\Windows\system32\config\systemprofile\AppData\Roaming\Macromedia
[2011/05/21 21:58:46 | 000,000,000 | ---D | M] -- C:\Windows\system32\config\systemprofile\AppData\Roaming\Malwarebytes
[2011/05/22 09:37:26 | 000,000,000 | ---D | M] -- C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft
 
<  %systemroot%\SysWow64\config\systemprofile\*.exe /s >
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) -- C:\Windows\SysWow64\config\systemprofile\AppData\Local\Temp\RarSFX0\nircmd.exe
[2009/05/26 18:47:18 | 000,030,720 | ---- | M] (NirSoft) -- C:\Windows\SysWow64\config\systemprofile\AppData\Local\Temp\RarSFX0\nircmdc.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () -- C:\Windows\SysWow64\config\systemprofile\AppData\Local\Temp\RarSFX0\pev.exe
[2011/03/04 16:08:34 | 000,302,187 | ---- | M] () -- C:\Windows\SysWow64\config\systemprofile\AppData\Local\Temp\RarSFX0\proxycheck.exe
[2000/08/31 08:00:00 | 000,098,816 | ---- | M] () -- C:\Windows\SysWow64\config\systemprofile\AppData\Local\Temp\RarSFX0\sed.exe
[2000/08/31 08:00:00 | 000,161,792 | ---- | M] (SteelWerX) -- C:\Windows\SysWow64\config\systemprofile\AppData\Local\Temp\RarSFX0\swreg.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) -- C:\Windows\SysWow64\config\systemprofile\AppData\Local\Temp\RarSFX0\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) -- C:\Windows\SysWow64\config\systemprofile\AppData\Local\Temp\RarSFX0\winlogon.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () -- C:\Windows\SysWow64\config\systemprofile\AppData\Local\Temp\RarSFX0\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () -- C:\Windows\SysWow64\config\systemprofile\AppData\Local\Temp\RarSFX0\h\iexplore.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () -- C:\Windows\SysWow64\config\systemprofile\AppData\Local\Temp\RarSFX0\procs\iexplore.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) -- C:\Windows\SysWow64\config\systemprofile\AppData\Local\Temp\RarSFX1\nircmd.exe
[2009/05/26 18:47:18 | 000,030,720 | ---- | M] (NirSoft) -- C:\Windows\SysWow64\config\systemprofile\AppData\Local\Temp\RarSFX1\nircmdc.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () -- C:\Windows\SysWow64\config\systemprofile\AppData\Local\Temp\RarSFX1\pev.exe
[2011/03/04 16:08:34 | 000,302,187 | ---- | M] () -- C:\Windows\SysWow64\config\systemprofile\AppData\Local\Temp\RarSFX1\proxycheck.exe
[2000/08/31 08:00:00 | 000,098,816 | ---- | M] () -- C:\Windows\SysWow64\config\systemprofile\AppData\Local\Temp\RarSFX1\sed.exe
[2000/08/31 08:00:00 | 000,161,792 | ---- | M] (SteelWerX) -- C:\Windows\SysWow64\config\systemprofile\AppData\Local\Temp\RarSFX1\swreg.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) -- C:\Windows\SysWow64\config\systemprofile\AppData\Local\Temp\RarSFX1\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) -- C:\Windows\SysWow64\config\systemprofile\AppData\Local\Temp\RarSFX1\winlogon.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () -- C:\Windows\SysWow64\config\systemprofile\AppData\Local\Temp\RarSFX1\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () -- C:\Windows\SysWow64\config\systemprofile\AppData\Local\Temp\RarSFX1\h\iexplore.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () -- C:\Windows\SysWow64\config\systemprofile\AppData\Local\Temp\RarSFX1\procs\iexplore.exe
[2011/07/30 19:03:15 | 000,512,992 | ---- | M] () -- C:\Windows\SysWow64\config\systemprofile\Desktop\sdsetup_revwire207.exe
 
<  %systemroot%\SysWow64\config\systemprofile\*.* >
[2013/05/09 00:37:20 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config\systemprofile\ntuser.dat
[2013/05/09 02:55:52 | 000,000,000 | -HS- | M] () -- C:\Windows\SysWow64\config\systemprofile\ntuser.dat.LOG1
[2013/05/09 02:55:53 | 000,000,000 | -HS- | M] () -- C:\Windows\SysWow64\config\systemprofile\ntuser.dat.LOG2
 
<  %systemroot%\SysWow64\config\systemprofile\*. >
[2009/07/14 04:55:33 | 000,000,000 | --SD | M] -- C:\Windows\SysWow64\config\systemprofile\AppData
[2011/07/30 19:07:32 | 000,000,000 | ---D | M] -- C:\Windows\SysWow64\config\systemprofile\Desktop
[2011/05/22 00:44:35 | 000,000,000 | R--D | M] -- C:\Windows\SysWow64\config\systemprofile\Favorites
 
<  %systemroot%\SysWOW64\config\systemprofile\AppData\Local\*.* >
[2011/05/22 00:40:08 | 000,000,000 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\aqagnprb.log
[2011/05/22 01:09:34 | 000,000,024 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\cyqkcstl.log
[2011/05/19 06:39:17 | 000,004,011 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\hilielkg.log
[2011/05/19 06:39:19 | 000,000,927 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\oroovify.log
[2011/05/19 06:39:19 | 000,143,980 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\qkilihjf.log
[2011/05/19 06:39:17 | 000,003,146 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\uyxbkqgd.log
 
<  %systemroot%\SysWOW64\config\systemprofile\AppData\Local\*. >
[2012/02/22 00:07:46 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google
[2012/06/07 10:58:26 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft
[2011/10/27 07:19:13 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temp
 
<  %systemroot%\SysWOW64\config\systemprofile\AppData\Roaming\*.* >
 
<  %systemroot%\SysWOW64\config\systemprofile\AppData\Roaming\*. >
[2012/06/07 00:15:37 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Adobe
[2011/05/23 07:19:36 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Apple Computer
[2011/05/22 09:37:26 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\EndNote
[2012/06/07 00:15:45 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Macromedia
[2011/05/21 21:58:46 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Malwarebytes
[2011/05/22 09:37:26 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft
 
<  %systemroot%\ServiceProfiles\*.exe /s >
 
<  %systemroot%\ServiceProfiles\LocalService\AppData\Local\*.* >
[2012/06/07 12:03:24 | 002,355,036 | ---- | M] () -- C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
[2013/05/29 01:03:34 | 040,750,820 | ---- | M] () -- C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1700128684-2096351728-1832486127-1000-12288.dat
[2012/11/18 15:45:37 | 022,153,872 | ---- | M] () -- C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1700128684-2096351728-1832486127-1000-4096.dat
[2013/06/18 20:50:55 | 039,400,996 | ---- | M] () -- C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1700128684-2096351728-1832486127-1000-8192.dat
[2014/01/09 19:18:29 | 000,902,880 | ---- | M] () -- C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
[2014/03/27 19:05:58 | 000,002,048 | -HS- | M] () -- C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
[2014/03/27 19:05:58 | 000,002,048 | -HS- | M] () -- C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
[2014/02/05 12:58:42 | 016,777,216 | ---- | M] () -- C:\Windows\ServiceProfiles\LocalService\AppData\Local\~FontCache-FontFace.dat
[2014/03/24 21:52:50 | 008,388,608 | ---- | M] () -- C:\Windows\ServiceProfiles\LocalService\AppData\Local\~FontCache-S-1-5-21-1700128684-2096351728-1832486127-1000.dat
[2014/02/05 12:58:51 | 000,573,556 | ---- | M] () -- C:\Windows\ServiceProfiles\LocalService\AppData\Local\~FontCache-System.dat
 
<  %systemroot%\ServiceProfiles\LocalService\AppData\Local\*. >
[2009/07/14 04:45:47 | 000,000,000 | ---D | M] -- C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft
[2013/01/06 12:31:45 | 000,000,000 | ---D | M] -- C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp
 
<  %systemroot%\ServiceProfiles\LocalService\AppData\Local\Temp\*.exe >
 
<  %systemroot%\ServiceProfiles\LocalService\AppData\Local\Temp\*.dll >
 
<  %systemroot%\ServiceProfiles\LocalService\AppData\Local\Temp\*.tlb >
 
<  %systemroot%\ServiceProfiles\LocalService\AppData\Roaming\*.* >
 
<  %systemroot%\ServiceProfiles\LocalService\AppData\Roaming\*. >
[2009/12/08 14:07:37 | 000,000,000 | --SD | M] -- C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft
 
<  %systemroot%\ServiceProfiles\NetworkService\AppData\Local\*.* >
 
<  %systemroot%\ServiceProfiles\NetworkService\AppData\Local\*. >
[2009/10/21 09:21:42 | 000,000,000 | ---D | M] -- C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft
[2014/03/27 14:32:53 | 000,000,000 | ---D | M] -- C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp
 
<  %systemroot%\ServiceProfiles\NetworkService\AppData\Local\Temp\*.exe >
 
<  %systemroot%\ServiceProfiles\NetworkService\AppData\Local\Temp\*.dll >
 
<  %systemroot%\ServiceProfiles\NetworkService\AppData\Local\Temp\*.tlb >
 
<  %systemroot%\ServiceProfiles\NetworkService\AppData\Roaming\*.* >
 
<  %systemroot%\ServiceProfiles\NetworkService\AppData\Roaming\*. >
[2010/01/18 19:07:46 | 000,000,000 | --SD | M] -- C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft
 
<  %windir%\temp\*.exe /s >
 
<  %windir%\temp\*.* >
[2014/03/27 02:05:04 | 000,000,608 | ---- | M] () -- C:\Windows\temp\fwtsqmfile00.sqm
 
<  %windir%\temp\*. >
[2014/03/27 13:07:39 | 000,000,000 | ---D | M] -- C:\Windows\temp\HP
 
<  %windir%\*. >
[2009/07/14 05:32:39 | 000,000,000 | ---D | M] -- C:\Windows\addins
[2014/01/14 21:37:16 | 000,000,000 | ---D | M] -- C:\Windows\AppCompat
[2013/02/14 00:02:57 | 000,000,000 | ---D | M] -- C:\Windows\AppPatch
[2013/05/16 11:41:04 | 000,000,000 | R-SD | M] -- C:\Windows\assembly
[2013/05/05 23:04:47 | 000,000,000 | -H-D | M] -- C:\Windows\AxInstSV
[2011/10/27 08:07:57 | 000,000,000 | -HSD | M] -- C:\Windows\BitLockerDiscoveryVolumeContents
[2009/07/14 05:32:38 | 000,000,000 | ---D | M] -- C:\Windows\Boot
[2009/07/14 05:32:38 | 000,000,000 | ---D | M] -- C:\Windows\Branding
[2009/10/21 09:10:55 | 000,000,000 | ---D | M] -- C:\Windows\CSC
[2009/07/14 05:32:39 | 000,000,000 | ---D | M] -- C:\Windows\Cursors
[2013/06/15 23:51:51 | 000,000,000 | ---D | M] -- C:\Windows\debug
[2009/07/14 05:32:38 | 000,000,000 | ---D | M] -- C:\Windows\diagnostics
[2009/07/14 05:37:46 | 000,000,000 | ---D | M] -- C:\Windows\DigitalLocker
[2009/10/21 16:06:48 | 000,000,000 | ---D | M] -- C:\Windows\Downloaded Installations
[2012/08/30 19:23:40 | 000,000,000 | ---D | M] -- C:\Windows\Downloaded Program Files
[2012/01/12 13:08:52 | 000,000,000 | ---D | M] -- C:\Windows\ehome
[2009/07/14 05:37:46 | 000,000,000 | ---D | M] -- C:\Windows\en-US
[2012/08/20 10:27:50 | 000,000,000 | ---D | M] -- C:\Windows\ERDNT
[2013/06/18 20:52:14 | 000,000,000 | R-SD | M] -- C:\Windows\Fonts
[2009/07/14 07:26:03 | 000,000,000 | ---D | M] -- C:\Windows\Globalization
[2009/10/21 15:49:02 | 000,000,000 | ---D | M] -- C:\Windows\Help
[2009/07/14 05:37:46 | 000,000,000 | ---D | M] -- C:\Windows\IME
[2014/01/14 21:37:16 | 000,000,000 | ---D | M] -- C:\Windows\inf
[2014/03/25 23:52:11 | 000,000,000 | -HSD | M] -- C:\Windows\Installer
[2009/07/14 05:32:39 | 000,000,000 | ---D | M] -- C:\Windows\L2Schemas
[2010/12/04 01:22:01 | 000,000,000 | ---D | M] -- C:\Windows\LiveKernelReports
[2013/06/18 20:50:20 | 000,000,000 | ---D | M] -- C:\Windows\Logs
[2009/07/14 05:32:40 | 000,000,000 | R-SD | M] -- C:\Windows\Media
[2013/05/16 11:41:04 | 000,000,000 | ---D | M] -- C:\Windows\Microsoft.NET
[2009/07/14 02:34:34 | 000,000,000 | ---D | M] -- C:\Windows\ModemLogs
[2009/07/14 05:32:40 | 000,000,000 | ---D | M] -- C:\Windows\Offline Web Pages
[2009/10/21 09:19:35 | 000,000,000 | ---D | M] -- C:\Windows\Panther
[2009/10/21 09:33:52 | 000,000,000 | ---D | M] -- C:\Windows\PCHEALTH
[2009/07/14 05:32:38 | 000,000,000 | ---D | M] -- C:\Windows\Performance
[2009/07/14 03:20:10 | 000,000,000 | ---D | M] -- C:\Windows\PLA
[2013/06/18 20:52:18 | 000,000,000 | ---D | M] -- C:\Windows\PolicyDefinitions
[2014/03/27 20:43:20 | 000,000,000 | ---D | M] -- C:\Windows\Prefetch
[2014/01/14 21:37:13 | 000,000,000 | ---D | M] -- C:\Windows\registration
[2009/07/14 07:23:51 | 000,000,000 | ---D | M] -- C:\Windows\RemotePackages
[2013/06/19 14:16:39 | 000,000,000 | ---D | M] -- C:\Windows\rescache
[2010/07/04 10:46:01 | 000,000,000 | ---D | M] -- C:\Windows\Resources
[2009/07/14 02:35:47 | 000,000,000 | ---D | M] -- C:\Windows\SchCache
[2009/07/14 05:32:38 | 000,000,000 | ---D | M] -- C:\Windows\schemas
[2009/07/14 07:23:51 | 000,000,000 | ---D | M] -- C:\Windows\security
[2009/07/14 04:45:47 | 000,000,000 | ---D | M] -- C:\Windows\ServiceProfiles
[2011/10/27 08:08:00 | 000,000,000 | ---D | M] -- C:\Windows\servicing
[2009/07/14 04:45:50 | 000,000,000 | ---D | M] -- C:\Windows\Setup
[2010/12/20 21:51:56 | 000,000,000 | ---D | M] -- C:\Windows\ShellNew
[2009/10/21 09:51:44 | 000,000,000 | ---D | M] -- C:\Windows\SoftwareDistribution
[2009/07/14 05:37:44 | 000,000,000 | ---D | M] -- C:\Windows\Speech
[2010/03/03 04:45:50 | 000,000,000 | ---D | M] -- C:\Windows\Sun
[2009/07/14 02:36:55 | 000,000,000 | ---D | M] -- C:\Windows\system
[2014/03/27 19:10:20 | 000,000,000 | ---D | M] -- C:\Windows\System32
[2014/03/25 22:36:43 | 000,000,000 | ---D | M] -- C:\Windows\SysWOW64
[2009/07/14 04:57:13 | 000,000,000 | ---D | M] -- C:\Windows\TAPI
[2014/03/25 10:50:16 | 000,000,000 | ---D | M] -- C:\Windows\Tasks
[2014/03/27 20:43:11 | 000,000,000 | ---D | M] -- C:\Windows\temp
[2009/07/14 02:34:33 | 000,000,000 | ---D | M] -- C:\Windows\tracing
[2012/04/26 13:07:21 | 000,000,000 | ---D | M] -- C:\Windows\twain_32
[2009/07/14 03:20:14 | 000,000,000 | ---D | M] -- C:\Windows\Vss
[2009/07/14 05:32:38 | 000,000,000 | ---D | M] -- C:\Windows\Web
[2013/07/11 12:35:55 | 000,000,000 | ---D | M] -- C:\Windows\winsxs
 
<  %windir%\AppPatch\*.exe /s >
 
<  %windir%\ShellNew\*.* >
[2006/09/21 23:25:46 | 000,008,714 | ---- | M] () -- C:\Windows\ShellNew\EXCEL12.XLSX
[2009/06/10 20:44:28 | 000,004,544 | ---- | M] () -- C:\Windows\ShellNew\Journal.jnt
[2006/09/21 23:32:50 | 000,027,140 | ---- | M] () -- C:\Windows\ShellNew\PWRPNT12.PPTX
 
<  %windir%\installer\*. >
[2009/10/21 09:34:32 | 000,000,000 | -HSD | M] -- C:\Windows\installer\$PatchCache$
[2011/05/23 07:19:03 | 000,000,000 | ---D | M] -- C:\Windows\installer\{0E543634-7E25-4B8F-8D5B-97880E5E5088}
[2009/10/21 15:14:17 | 000,000,000 | ---D | M] -- C:\Windows\installer\{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
[2009/10/21 16:13:41 | 000,000,000 | ---D | M] -- C:\Windows\installer\{167F594F-8A62-48A9-B6EC-97B853464808}
[2011/05/23 07:21:40 | 000,000,000 | ---D | M] -- C:\Windows\installer\{18155797-EF2E-4699-9A16-FE787C4C10DB}
[2011/07/09 20:37:36 | 000,000,000 | ---D | M] -- C:\Windows\installer\{34610DE0-3C13-42CA-8E32-01FFA38AB6E8}
[2009/10/21 16:09:16 | 000,000,000 | ---D | M] -- C:\Windows\installer\{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}
[2009/10/21 16:10:02 | 000,000,000 | ---D | M] -- C:\Windows\installer\{44DD19EF-2DC7-4CA4-9FEA-82D97A1907E0}
[2011/05/23 07:20:15 | 000,000,000 | ---D | M] -- C:\Windows\installer\{57752979-A1C9-4C02-856B-FBB27AC4E02C}
[2010/02/25 20:56:45 | 000,000,000 | ---D | M] -- C:\Windows\installer\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
[2012/07/30 22:28:54 | 000,000,000 | ---D | M] -- C:\Windows\installer\{765d77cd-0eec-bc58-1ba1-aa06142c2a9b}
[2011/07/09 20:37:32 | 000,000,000 | ---D | M] -- C:\Windows\installer\{7E84FAC8-C518-40F9-9807-7455301D6D25}
[2011/05/23 07:18:51 | 000,000,000 | ---D | M] -- C:\Windows\installer\{853A4763-6643-4604-8D64-28BDD8925F4C}
[2009/10/22 08:58:07 | 000,000,000 | ---D | M] -- C:\Windows\installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
[2012/02/17 14:11:17 | 000,000,000 | ---D | M] -- C:\Windows\installer\{86B3F2D6-AC2B-0014-8AE1-F2F77F781B0C}
[2013/03/14 02:44:26 | 000,000,000 | ---D | M] -- C:\Windows\installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
[2009/12/25 16:53:20 | 000,000,000 | ---D | M] -- C:\Windows\installer\{8C0CAA7A-3272-4991-A808-2C7559DE3409}
[2011/05/23 07:19:36 | 000,000,000 | ---D | M] -- C:\Windows\installer\{8F473675-D702-45F9-8EBC-342B40C17BF5}
[2009/10/21 09:32:36 | 000,000,000 | ---D | M] -- C:\Windows\installer\{90120000-002A-0000-1000-0000000FF1CE}
[2010/12/20 21:52:17 | 000,000,000 | ---D | M] -- C:\Windows\installer\{90120000-0030-0000-0000-0000000FF1CE}
[2012/02/14 07:38:51 | 000,000,000 | ---D | M] -- C:\Windows\installer\{90120000-006E-0409-0000-0000000FF1CE}
[2013/03/14 02:46:00 | 000,000,000 | ---D | M] -- C:\Windows\installer\{91120000-002F-0000-0000-0000000FF1CE}
[2010/05/28 23:22:59 | 000,000,000 | ---D | M] -- C:\Windows\installer\{9B48B0AC-C813-4174-9042-476A887592C7}
[2009/10/21 16:09:23 | 000,000,000 | ---D | M] -- C:\Windows\installer\{A093D83F-429A-4AB2-A0CD-1F7E9C7B764A}
[2009/10/21 16:10:09 | 000,000,000 | ---D | M] -- C:\Windows\installer\{A3F5A799-C818-45F7-8091-F0387EFC6C2A}
[2009/10/21 16:07:25 | 000,000,000 | ---D | M] -- C:\Windows\installer\{A4F53D2C-1FED-4CDF-9D83-4AED82CD0436}
[2011/12/20 16:39:43 | 000,000,000 | ---D | M] -- C:\Windows\installer\{AC76BA86-7AD7-1033-7B44-A93000000001}
[2010/05/28 23:22:40 | 000,000,000 | ---D | M] -- C:\Windows\installer\{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}
[2009/10/21 16:10:16 | 000,000,000 | ---D | M] -- C:\Windows\installer\{B6425BB2-DF4F-4110-9BAA-3A7BCE1C3E0D}
[2009/10/21 16:06:37 | 000,000,000 | ---D | M] -- C:\Windows\installer\{BB93D30B-B395-44BB-A9ED-A0E057F07E53}
[2009/10/21 16:01:02 | 000,000,000 | ---D | M] -- C:\Windows\installer\{BCD5AE4F-3A54-4667-A614-820E0D480808}
[2009/10/21 16:09:07 | 000,000,000 | ---D | M] -- C:\Windows\installer\{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}
[2009/10/21 16:09:34 | 000,000,000 | ---D | M] -- C:\Windows\installer\{E738A392-F690-4A9D-808E-7BAF80E0B398}
[2009/10/21 09:57:05 | 000,000,000 | ---D | M] -- C:\Windows\installer\{ECD1A5BA-0023-4558-A006-8F27487E1D5D}
[2012/04/26 13:07:42 | 000,000,000 | ---D | M] -- C:\Windows\installer\{F26D0153-CD17-4662-8592-DD98498DE6E4}
[2010/05/28 23:22:39 | 000,000,000 | ---D | M] -- C:\Windows\installer\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}
[2009/12/09 22:09:07 | 000,000,000 | ---D | M] -- C:\Windows\installer\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
 
<  %windir%\system32\*. >
[2010/01/14 00:52:49 | 000,000,000 | -HSD | M] -- C:\Windows\system32\%APPDATA%
[2009/07/14 05:37:46 | 000,000,000 | ---D | M] -- C:\Windows\system32\0409
[2011/10/27 08:07:52 | 000,000,000 | ---D | M] -- C:\Windows\system32\AdvancedInstallers
[2009/07/14 03:20:16 | 000,000,000 | ---D | M] -- C:\Windows\system32\ar-SA
[2009/07/14 03:20:16 | 000,000,000 | ---D | M] -- C:\Windows\system32\bg-BG
[2009/07/14 02:35:36 | 000,000,000 | ---D | M] -- C:\Windows\system32\catroot
[2009/07/14 02:35:36 | 000,000,000 | ---D | M] -- C:\Windows\system32\catroot2
[2009/07/14 05:37:46 | 000,000,000 | ---D | M] -- C:\Windows\system32\com
[2009/07/14 03:20:14 | 000,000,000 | ---D | M] -- C:\Windows\system32\config
[2013/06/18 20:52:12 | 000,000,000 | ---D | M] -- C:\Windows\system32\cs-CZ
[2013/06/18 20:52:12 | 000,000,000 | ---D | M] -- C:\Windows\system32\da-DK
[2013/06/18 20:52:12 | 000,000,000 | ---D | M] -- C:\Windows\system32\de-DE
[2012/01/25 10:24:08 | 000,000,000 | ---D | M] -- C:\Windows\system32\directx
[2011/10/27 08:07:52 | 000,000,000 | ---D | M] -- C:\Windows\system32\Dism
[2013/01/07 23:13:36 | 000,000,000 | ---D | M] -- C:\Windows\system32\drivers
[2009/07/14 05:37:46 | 000,000,000 | ---D | M] -- C:\Windows\system32\DriverStore
[2013/06/18 20:52:13 | 000,000,000 | ---D | M] -- C:\Windows\system32\el-GR
[2011/10/27 08:07:52 | 000,000,000 | ---D | M] -- C:\Windows\system32\en
[2013/06/18 20:52:20 | 000,000,000 | ---D | M] -- C:\Windows\system32\en-US
[2013/06/18 20:52:13 | 000,000,000 | ---D | M] -- C:\Windows\system32\es-ES
[2009/07/14 03:20:17 | 000,000,000 | ---D | M] -- C:\Windows\system32\et-EE
[2013/06/18 20:52:13 | 000,000,000 | ---D | M] -- C:\Windows\system32\fi-FI
[2013/06/18 20:52:13 | 000,000,000 | ---D | M] -- C:\Windows\system32\fr-FR
[2009/07/14 05:32:38 | 000,000,000 | ---D | M] -- C:\Windows\system32\FxsTmp
[2009/07/14 02:34:27 | 000,000,000 | ---D | M] -- C:\Windows\system32\GroupPolicy
[2009/07/14 02:34:27 | 000,000,000 | ---D | M] -- C:\Windows\system32\GroupPolicyUsers
[2009/07/14 03:20:17 | 000,000,000 | ---D | M] -- C:\Windows\system32\he-IL
[2009/07/14 03:20:17 | 000,000,000 | ---D | M] -- C:\Windows\system32\hr-HR
[2013/06/18 20:52:13 | 000,000,000 | ---D | M] -- C:\Windows\system32\hu-HU
[2009/07/14 03:20:17 | 000,000,000 | ---D | M] -- C:\Windows\system32\icsxml
[2009/07/14 03:20:14 | 000,000,000 | ---D | M] -- C:\Windows\system32\IME
[2009/07/14 02:36:55 | 000,000,000 | ---D | M] -- C:\Windows\system32\inetsrv
[2009/07/14 03:20:17 | 000,000,000 | ---D | M] -- C:\Windows\system32\InstallShield
[2013/06/18 20:52:14 | 000,000,000 | ---D | M] -- C:\Windows\system32\it-IT
[2013/06/18 20:52:12 | 000,000,000 | ---D | M] -- C:\Windows\system32\ja-JP
[2013/06/18 20:52:13 | 000,000,000 | ---D | M] -- C:\Windows\system32\ko-KR
[2009/07/14 05:32:38 | 000,000,000 | ---D | M] -- C:\Windows\system32\LogFiles
[2009/07/14 03:20:17 | 000,000,000 | ---D | M] -- C:\Windows\system32\lt-LT
[2009/07/14 03:20:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\lv-LV
[2009/12/09 20:23:39 | 000,000,000 | ---D | M] -- C:\Windows\system32\Macromed
[2011/10/27 08:07:52 | 000,000,000 | ---D | M] -- C:\Windows\system32\manifeststore
[2013/06/18 20:52:21 | 000,000,000 | ---D | M] -- C:\Windows\system32\migration
[2011/10/27 08:07:52 | 000,000,000 | ---D | M] -- C:\Windows\system32\migwiz
[2009/07/14 03:20:14 | 000,000,000 | ---D | M] -- C:\Windows\system32\Msdtc
[2009/07/14 05:37:46 | 000,000,000 | ---D | M] -- C:\Windows\system32\MUI
[2013/06/18 20:52:12 | 000,000,000 | ---D | M] -- C:\Windows\system32\nb-NO
[2009/07/14 02:34:31 | 000,000,000 | ---D | M] -- C:\Windows\system32\NDF
[2009/07/14 03:20:14 | 000,000,000 | ---D | M] -- C:\Windows\system32\NetworkList
[2013/06/18 20:52:13 | 000,000,000 | ---D | M] -- C:\Windows\system32\nl-NL
[2011/10/27 08:07:53 | 000,000,000 | ---D | M] -- C:\Windows\system32\oobe
[2013/06/18 20:52:13 | 000,000,000 | ---D | M] -- C:\Windows\system32\pl-PL
[2009/07/14 05:37:46 | 000,000,000 | ---D | M] -- C:\Windows\system32\Printing_Admin_Scripts
[2013/06/18 20:52:14 | 000,000,000 | ---D | M] -- C:\Windows\system32\pt-BR
[2013/06/18 20:52:13 | 000,000,000 | ---D | M] -- C:\Windows\system32\pt-PT
[2009/07/14 03:20:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\ras
[2009/07/14 03:20:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\Recovery
[2009/07/14 05:32:38 | 000,000,000 | ---D | M] -- C:\Windows\system32\restore
[2009/07/14 03:20:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\ro-RO
[2013/06/18 20:52:12 | 000,000,000 | ---D | M] -- C:\Windows\system32\ru-RU
[2009/12/24 10:35:02 | 000,000,000 | ---D | M] -- C:\Windows\system32\Samsung_USB_Drivers
[2011/10/27 08:07:52 | 000,000,000 | ---D | M] -- C:\Windows\system32\Setup
[2009/07/14 03:20:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\sk-SK
[2009/07/14 03:20:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\sl-SI
[2009/07/14 05:37:46 | 000,000,000 | ---D | M] -- C:\Windows\system32\slmgr
[2009/07/14 05:32:38 | 000,000,000 | ---D | M] -- C:\Windows\system32\Speech
[2009/07/14 03:20:14 | 000,000,000 | ---D | M] -- C:\Windows\system32\spp
[2011/10/27 08:07:52 | 000,000,000 | ---D | M] -- C:\Windows\system32\sppui
[2009/07/14 03:20:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\sr-Latn-CS
[2013/06/18 20:52:13 | 000,000,000 | ---D | M] -- C:\Windows\system32\sv-SE
[2009/07/14 05:37:46 | 000,000,000 | ---D | M] -- C:\Windows\system32\sysprep
[2009/07/14 03:20:14 | 000,000,000 | ---D | M] -- C:\Windows\system32\Tasks
[2009/07/14 03:20:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\th-TH
[2013/06/18 20:52:13 | 000,000,000 | ---D | M] -- C:\Windows\system32\tr-TR
[2009/07/14 03:20:19 | 000,000,000 | ---D | M] -- C:\Windows\system32\uk-UA
[2010/05/26 02:01:07 | 000,000,000 | ---D | M] -- C:\Windows\system32\Wat
[2011/10/27 08:07:52 | 000,000,000 | ---D | M] -- C:\Windows\system32\wbem
[2009/07/14 05:37:46 | 000,000,000 | ---D | M] -- C:\Windows\system32\WCN
[2009/07/14 03:20:14 | 000,000,000 | ---D | M] -- C:\Windows\system32\wdi
[2009/07/14 05:32:38 | 000,000,000 | ---D | M] -- C:\Windows\system32\WindowsPowerShell
[2009/07/14 05:37:46 | 000,000,000 | ---D | M] -- C:\Windows\system32\winrm
[2009/10/21 17:12:59 | 000,000,000 | ---D | M] -- C:\Windows\system32\x64
[2013/06/18 20:52:12 | 000,000,000 | ---D | M] -- C:\Windows\system32\zh-CN
[2013/06/18 20:52:13 | 000,000,000 | ---D | M] -- C:\Windows\system32\zh-HK
[2013/06/18 20:52:13 | 000,000,000 | ---D | M] -- C:\Windows\system32\zh-TW
 
<  %windir%\sysnative\*. >
[2011/05/20 15:13:08 | 000,000,000 | -HSD | M] -- C:\Windows\sysnative\%APPDATA%
[2011/05/20 15:43:53 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\%LOCALAPPDATA%
[2009/07/14 05:37:46 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\0409
[2011/10/27 08:07:34 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\AdvancedInstallers
[2010/09/28 22:38:32 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\appmgmt
[2009/07/14 03:20:11 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\ar-SA
[2009/07/14 03:20:11 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\bg-BG
[2009/10/21 09:56:19 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\BioAPIFFDB
[2011/10/27 08:07:00 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\Boot
[2013/07/10 22:49:16 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\catroot
[2014/03/22 19:09:54 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\catroot2
[2009/10/21 09:19:47 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\CodeIntegrity
[2009/07/14 05:37:45 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\com
[2014/03/26 17:47:23 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\config
[2013/06/18 20:52:09 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\cs-CZ
[2013/06/18 20:52:08 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\da-DK
[2013/06/18 20:52:09 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\de-DE
[2011/10/27 08:07:33 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\Dism
[2014/03/26 00:23:17 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\drivers
[2014/01/14 21:37:17 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\DriverStore
[2011/07/09 20:37:45 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\DRVSTORE
[2013/06/18 20:52:09 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\el-GR
[2009/07/14 05:37:46 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\en
[2013/06/18 20:52:17 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\en-US
[2013/06/18 20:52:09 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\es-ES
[2009/07/14 03:20:14 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\et-EE
[2011/10/27 07:42:18 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\EventProviders
[2013/06/18 20:52:09 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\fi-FI
[2013/06/18 20:52:09 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\fr-FR
[2009/07/14 05:09:04 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\FxsTmp
[2013/10/20 00:26:08 | 000,000,000 | -H-D | M] -- C:\Windows\sysnative\GroupPolicy
[2009/07/14 02:34:27 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\GroupPolicyUsers
[2009/07/14 03:20:14 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\he-IL
[2009/07/14 03:20:14 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\hr-HR
[2013/06/18 20:52:09 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\hu-HU
[2009/07/14 03:20:14 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\ias
[2009/07/14 03:20:14 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\icsxml
[2009/07/14 03:20:11 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\IME
[2009/07/14 02:36:55 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\inetsrv
[2013/06/18 20:52:10 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\it-IT
[2013/06/18 20:52:08 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\ja-JP
[2013/06/18 20:52:09 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\ko-KR
[2014/03/27 13:13:37 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\LogFiles
[2009/07/14 03:20:14 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\lt-LT
[2009/07/14 03:20:14 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\lv-LV
[2011/10/27 21:43:56 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\Macromed
[2011/10/27 08:07:34 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\manifeststore
[2009/07/14 04:45:42 | 000,000,000 | --SD | M] -- C:\Windows\sysnative\Microsoft
[2013/06/18 20:52:18 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\migration
[2011/10/27 08:07:33 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\migwiz
[2009/07/14 03:20:14 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\Msdtc
[2009/07/14 05:37:45 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\MUI
[2013/06/18 20:52:08 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\nb-NO
[2014/01/19 18:38:14 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\NDF
[2009/07/14 03:20:11 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\NetworkList
[2013/06/18 20:52:09 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\nl-NL
[2011/10/27 08:07:35 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\oobe
[2013/06/18 20:52:09 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\pl-PL
[2009/07/14 05:37:45 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\Printing_Admin_Scripts
[2013/06/18 20:52:10 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\pt-BR
[2013/06/18 20:52:10 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\pt-PT
[2009/07/14 03:20:15 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\ras
[2009/10/21 09:19:26 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\Recovery
[2009/10/21 09:22:06 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\restore
[2009/07/14 03:20:15 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\ro-RO
[2013/06/18 20:52:08 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\ru-RU
[2011/10/27 08:07:34 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\Setup
[2009/07/14 03:20:15 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\sk-SK
[2009/07/14 03:20:15 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\sl-SI
[2009/07/14 05:37:46 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\slmgr
[2009/07/14 03:20:13 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\SMI
[2009/07/14 05:32:38 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\Speech
[2009/07/14 04:53:31 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\spool
[2009/07/14 03:20:13 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\spp
[2011/10/27 08:07:34 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\sppui
[2011/10/27 07:43:48 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\SPReview
[2009/07/14 03:20:16 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\sr-Latn-CS
[2013/06/18 20:52:09 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\sv-SE
[2009/10/21 09:13:28 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\sysprep
[2012/12/23 18:54:39 | 000,000,000 | -HSD | M] -- C:\Windows\sysnative\System32
[2014/03/27 14:32:59 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\Tasks
[2009/07/14 03:20:16 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\th-TH
[2013/06/18 20:52:09 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\tr-TR
[2009/07/14 03:20:16 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\uk-UA
[2010/05/26 02:01:07 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\Wat
[2014/01/14 21:37:17 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\wbem
[2009/07/14 05:37:45 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\WCN
[2012/07/17 07:03:09 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\wdi
[2014/01/14 21:37:17 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\wfp
[2009/07/14 05:32:38 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\WinBioDatabase
[2009/07/14 05:37:46 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\WinBioPlugIns
[2009/07/14 05:32:38 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\WindowsPowerShell
[2009/07/14 03:20:14 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\winevt
[2009/07/14 05:37:46 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\winrm
[2013/06/18 20:52:09 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\zh-CN
[2013/06/18 20:52:09 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\zh-HK
[2013/06/18 20:52:09 | 000,000,000 | ---D | M] -- C:\Windows\sysnative\zh-TW
 
<  %Temp%\smtmp\1\*.* >
 
<  %Temp%\smtmp\2\*.* >
 
<  %Temp%\smtmp\3\*.* >
 
<  %Temp%\smtmp\4\*.* >
 
<  %systemroot%\system32\*.dll /lockedfiles >
 
<  %systemroot%\syswow64\*.dll /lockedfiles >
 
<  %systemroot%\Tasks\*.job /lockedfiles >
 
<  %systemroot%\system32\drivers\*.sys /90 >
 
<  %systemroot%\system32\drivers\*.sys /lockedfiles >
 
<  %systemroot%\syswow64\drivers\*.sys /90 >
 
<  %systemroot%\syswow64\drivers\*.sys /lockedfiles >
 
<  %SYSTEMDRIVE%\*. /rp /s >
 
<  %systemroot%\assembly\tmp\*.* /S /MD5 >
 
<  %systemroot%\assembly\temp\*.* /S /MD5 >
 
<  %systemroot%\assembly\GAC\*.ini >
 
<  %systemroot%\assembly\GAC_32\*.ini >
 
<  %systemroot%\assembly\GAC_64\*.ini >
 
<  %SystemRoot%\assembly\GAC_MSIL\*.ini >
 
<  wsSystemRoot|l,n,u,@;True;False;True;$,{ /fn >
 
<  %systemdrive%\$Recycle.Bin|@;true;true;true /fp >
 
<  HKEY_CLASSES_ROOT\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24} /s >
"" = PSFactoryBuffer
[HKEY_CLASSES_ROOT\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemsvc.dll -- [2009/07/14 01:16:17 | 000,047,616 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
<  HKEY_CLASSES_ROOT\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /s >
 
<  HKEY_CURRENT_USER\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s >
 
<  HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1} /s >
 
<  HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} /s >
"" = MruPidlList
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 04:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
<  HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8} /s >
"" = Start Menu Pin
"ImplementsVerbs" = startpin;startunpin
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 04:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
<  HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24} /s >
"" = PSFactoryBuffer
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C857801-7381-11CF-884D-00AA004B2E24}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemsvc.dll -- [2009/07/14 01:16:17 | 000,047,616 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
<  HKEY_CLASSES_ROOT\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F} /s >
"" = Microsoft WBEM _WbemFetchRefresherMgr Proxy Helper
[HKEY_CLASSES_ROOT\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 12:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
<  HKEY_CLASSES_ROOT\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9} /s >
"" = ShellFolder for CD Burning
[HKEY_CLASSES_ROOT\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 04:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_CLASSES_ROOT\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\MergedFolder]
"Attributes" = 0x0
"AttributeMask" = 0xffffffff
"Location" = @shell32.dll,-12591 -- [2013/02/27 04:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ConflictOverlayIcon" = %SystemRoot%\system32\imageres.dll,-169 -- [2009/07/14 01:06:03 | 020,268,032 | ---- | M] (Microsoft Corporation)
 
<  HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9} /s >
 
<  HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F} /s >
"" = Microsoft WBEM _WbemFetchRefresherMgr Proxy Helper
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 12:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
<  HKEY_CURRENT_USER\Software\Microsoft\Command Processor /s >
"CompletionChar" = 9
"DefaultColor" = 0
"EnableExtensions" = 1
"PathCompletionChar" = 9
"DelayedExpansion" = 0
 
<  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor /s >
"CompletionChar" = 64
"DefaultColor" = 0
"EnableExtensions" = 1
"PathCompletionChar" = 64
"DelayedExpansion" = 0
 
<  HKCU\Software\Classes\CLSID\{ECD4FC4D-521C-11D0-B792-00A0C90312E1}\InprocServer32 /s >
 
<  HKLM\Software\Classes\CLSID\{E6BB64BE-0618-4353-9193-0AFE606D6F0C}\InprocServer32 /s >
 
<  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\scsimap /s >
 
<  HKEY_CLASSES_ROOT\CLSID\{118BEDCC-A901-4203-B4F2-ADCB957D1887} /s >
 
<  HKEY_CLASSES_ROOT\CLSID\{312BED3C-A901-4203-B4F2-ADCB957D1887} /s >
 
<  HKEY_CLASSES_ROOT\CLSID\{F12BE2CC-A901-4203-B4F2-ADCB957D1887} /s >
 
<  HKEY_CLASSES_ROOT\CLSID\{312BFDCE-A901-4203-B4F2-ADCB957D1887} /s >
 
<  HKEY_CLASSES_ROOT\CLSID\{212B3DCC-A901-4203-B4F2-ADCB957D1887} /s >
 
<  HKEY_CLASSES_ROOT\CLSID\{A12BEDCC-A901-4203-B4F2-ADCB957D1887} /s >
 
<  HKEY_CLASSES_ROOT\CLSID\{118BEDCA-A901-4203-B4F2-ADCB957D188F} /s >
 
<  HKEY_CLASSES_ROOT\CLSID\{118BEDCA-A901-4203-B4F2-ADCB957D188B} /s >
 
<  HKEY_CLASSES_ROOT\CLSID\{3543619C-D563-43f7-95EA-4DA7E1CC396A} /s >
 
<  HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3543619C-D563-43f7-95EA-4DA7E1CC396A} /s >
 
<  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{3543619C-D563-43f7-95EA-4DA7E1CC396A} /s >
 
<  HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers /s >
[HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileSystem]
"" = {217FC9C0-3AEA-1069-A2DB-08002B30309D}
[HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Sharing]
"" = {40dd6e20-7c17-11ce-a804-00aa003ca9f6}
 
<  HKEY_CLASSES_ROOT\Directory\Shellex\CopyHookHandlers\MSCopy /s >
 
<  HKEY_CURRENT_USER\Software\Classes\Directory\shellex\CopyHookHandlers /s >
 
<  HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers /s >
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers\FileSystem]
"" = {217FC9C0-3AEA-1069-A2DB-08002B30309D}
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers\Sharing]
"" = {40dd6e20-7c17-11ce-a804-00aa003ca9f6}
 
<  HKEY_CURRENT_USER\Software\MSOLoad /s >
 
<  type C:\WINDOWS\system.ini >> test.txt /c >
; for 16-bit app support
[386Enh]
woafont=dosapp.fon
EGA80WOA.FON=EGA80WOA.FON
EGA40WOA.FON=EGA40WOA.FON
CGA80WOA.FON=CGA80WOA.FON
CGA40WOA.FON=CGA40WOA.FON
[drivers]
wave=mmdrv.dll
timer=timer.drv
[mci]
 
<  bcdedit /enum all /v >C:\boot.txt /c >
 
<  type c:\diskreport.txt /c >
Microsoft DiskPart version 6.1.7601
Copyright © 1999-2008 Microsoft Corporation.
On computer: MATTHEW-PC
  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
  Volume 0     D                       DVD-ROM         0 B  No Media          
  Volume 1         System Rese  NTFS   Partition    100 MB  Healthy    System 
  Volume 2     C                NTFS   Partition     74 GB  Healthy    Boot   
 
< MD5 for: AFD.SYS  >
[2011/12/28 03:59:24 | 000,498,688 | ---- | M] (Microsoft Corporation) MD5=1C7857B62DE5994A75B054A9FD4C3825 -- C:\Windows\SysNative\drivers\afd.sys
[2011/12/28 03:59:24 | 000,498,688 | ---- | M] (Microsoft Corporation) MD5=1C7857B62DE5994A75B054A9FD4C3825 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17752_none_35e10b89752ee0f5\afd.sys
[2011/12/28 04:01:36 | 000,498,176 | ---- | M] (Microsoft Corporation) MD5=36A14FD1A23F57046361733B792CA8DB -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21887_none_364f3a028e605345\afd.sys
[2010/11/20 09:23:34 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=D31DC7A16DEA4A9BAF179F3D6FBDB38C -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys
[2011/04/25 02:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys
[2011/04/25 03:09:35 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=F4AD06143EAC303F55D0E86C40802976 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/14 01:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\ERDNT\cache64\atapi.sys
[2009/07/14 01:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/14 01:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/14 01:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CSC.SYS  >
[2010/11/20 09:27:13 | 000,514,560 | ---- | M] (Microsoft Corporation) MD5=54DA3DFD29ED9F1619B6F53F3CE55E49 -- C:\Windows\SysNative\drivers\csc.sys
[2010/11/20 09:27:13 | 000,514,560 | ---- | M] (Microsoft Corporation) MD5=54DA3DFD29ED9F1619B6F53F3CE55E49 -- C:\Windows\winsxs\amd64_microsoft-windows-offlinefiles-core_31bf3856ad364e35_6.1.7601.17514_none_fc6e4e567286d457\csc.sys
 
< MD5 for: DFSC.SYS  >
[2010/11/20 09:26:32 | 000,102,400 | ---- | M] (Microsoft Corporation) MD5=9BB2EF44EAA163B29C4A4587887A0FE4 -- C:\Windows\SysNative\drivers\dfsc.sys
[2010/11/20 09:26:32 | 000,102,400 | ---- | M] (Microsoft Corporation) MD5=9BB2EF44EAA163B29C4A4587887A0FE4 -- C:\Windows\winsxs\amd64_microsoft-windows-dfsclient_31bf3856ad364e35_6.1.7601.17514_none_e5c0334cfcbb6f1f\dfsc.sys
 
< MD5 for: DISK.SYS  >
[2009/07/14 01:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\SysNative\drivers\disk.sys
[2009/07/14 01:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\SysNative\DriverStore\FileRepository\disk.inf_amd64_neutral_10ce25bbc5a9cc43\disk.sys
[2009/07/14 01:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\winsxs\amd64_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_55bb738b8ddd8a01\disk.sys
 
< MD5 for: EXPLORER.EXE  >
[2011/02/26 05:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 06:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\ERDNT\cache86\explorer.exe
[2011/02/25 06:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 06:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 06:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 12:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 05:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 05:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temp\RarSFX0\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temp\RarSFX1\h\explorer.exe
[2010/11/20 13:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
 
< MD5 for: FASTFAT.SYS  >
[2009/07/13 23:23:29 | 000,204,800 | ---- | M] (Microsoft Corporation) MD5=0ADC83218B66A6DB380C330836F3E36D -- C:\Windows\SysNative\drivers\fastfat.sys
[2009/07/13 23:23:29 | 000,204,800 | ---- | M] (Microsoft Corporation) MD5=0ADC83218B66A6DB380C330836F3E36D -- C:\Windows\winsxs\amd64_microsoft-windows-fat_31bf3856ad364e35_6.1.7600.16385_none_0aa81d2771152f86\fastfat.sys
 
< MD5 for: I8042PRT.SYS  >
[2009/07/13 23:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 -- C:\Windows\SysNative\drivers\i8042prt.sys
[2009/07/13 23:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 -- C:\Windows\SysNative\DriverStore\FileRepository\keyboard.inf_amd64_neutral_0684fdc43059f486\i8042prt.sys
[2009/07/13 23:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 -- C:\Windows\SysNative\DriverStore\FileRepository\msmouse.inf_amd64_neutral_7a5f47d3150cc0eb\i8042prt.sys
[2009/07/13 23:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 -- C:\Windows\winsxs\amd64_keyboard.inf_31bf3856ad364e35_6.1.7601.17514_none_f5747347ef9876bf\i8042prt.sys
[2009/07/13 23:19:57 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=FA55C73D4AFFA7EE23AC4BE53B4592D3 -- C:\Windows\winsxs\amd64_msmouse.inf_31bf3856ad364e35_6.1.7600.16385_none_aa28fd23ec0c39f9\i8042prt.sys
 
< MD5 for: KBDCLASS.SYS  >
[2009/07/14 01:48:04 | 000,050,768 | ---- | M] (Microsoft Corporation) MD5=BC02336F1CBA7DCC7D1213BB588A68A5 -- C:\Windows\ERDNT\cache64\kbdclass.sys
[2009/07/14 01:48:04 | 000,050,768 | ---- | M] (Microsoft Corporation) MD5=BC02336F1CBA7DCC7D1213BB588A68A5 -- C:\Windows\SysNative\drivers\kbdclass.sys
[2009/07/14 01:48:04 | 000,050,768 | ---- | M] (Microsoft Corporation) MD5=BC02336F1CBA7DCC7D1213BB588A68A5 -- C:\Windows\SysNative\DriverStore\FileRepository\keyboard.inf_amd64_neutral_0684fdc43059f486\kbdclass.sys
[2009/07/14 01:48:04 | 000,050,768 | ---- | M] (Microsoft Corporation) MD5=BC02336F1CBA7DCC7D1213BB588A68A5 -- C:\Windows\winsxs\amd64_keyboard.inf_31bf3856ad364e35_6.1.7601.17514_none_f5747347ef9876bf\kbdclass.sys
 
< MD5 for: KBDHID.SYS  >
[2010/11/20 10:33:25 | 000,033,280 | ---- | M] (Microsoft Corporation) MD5=0705EFF5B42A9DB58548EEC3B26BB484 -- C:\Windows\SysNative\drivers\kbdhid.sys
[2010/11/20 10:33:25 | 000,033,280 | ---- | M] (Microsoft Corporation) MD5=0705EFF5B42A9DB58548EEC3B26BB484 -- C:\Windows\SysNative\DriverStore\FileRepository\keyboard.inf_amd64_neutral_0684fdc43059f486\kbdhid.sys
[2010/11/20 10:33:25 | 000,033,280 | ---- | M] (Microsoft Corporation) MD5=0705EFF5B42A9DB58548EEC3B26BB484 -- C:\Windows\winsxs\amd64_keyboard.inf_31bf3856ad364e35_6.1.7601.17514_none_f5747347ef9876bf\kbdhid.sys
 
< MD5 for: LSASS.EXE  >
[2009/07/14 01:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_04709031736ac277\lsass.exe
[2011/11/17 06:20:34 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0A10B74FBB437FF9A23F1D5DE4446A83 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.21861_none_04c1204e8cb39c3f\lsass.exe
[2012/06/04 07:51:10 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=79C908CAA6F43021EB05F4C733A927D1 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22010_none_04f609a88c8c279c\lsass.exe
[2011/11/17 06:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=C118A82CD78818C29AB228366EBF81C3 -- C:\Windows\ERDNT\cache64\lsass.exe
[2011/11/17 06:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=C118A82CD78818C29AB228366EBF81C3 -- C:\Windows\SysNative\lsass.exe
[2011/11/17 06:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=C118A82CD78818C29AB228366EBF81C3 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17725_none_0466c45b7371f20d\lsass.exe
[2011/11/17 06:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=C118A82CD78818C29AB228366EBF81C3 -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17856_none_044756c773895c5e\lsass.exe
 
< MD5 for: MOUCLASS.SYS  >
[2009/07/14 01:48:27 | 000,049,216 | ---- | M] (Microsoft Corporation) MD5=7D27EA49F3C1F687D357E77A470AEA99 -- C:\Windows\SysNative\drivers\mouclass.sys
[2009/07/14 01:48:27 | 000,049,216 | ---- | M] (Microsoft Corporation) MD5=7D27EA49F3C1F687D357E77A470AEA99 -- C:\Windows\SysNative\DriverStore\FileRepository\msmouse.inf_amd64_neutral_7a5f47d3150cc0eb\mouclass.sys
[2009/07/14 01:48:27 | 000,049,216 | ---- | M] (Microsoft Corporation) MD5=7D27EA49F3C1F687D357E77A470AEA99 -- C:\Windows\winsxs\amd64_msmouse.inf_31bf3856ad364e35_6.1.7600.16385_none_aa28fd23ec0c39f9\mouclass.sys
 
< MD5 for: MOUHID.SYS  >
[2009/07/14 00:00:20 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=D3BF052C40B0C4166D9FD86A4288C1E6 -- C:\Windows\SysNative\drivers\mouhid.sys
[2009/07/14 00:00:20 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=D3BF052C40B0C4166D9FD86A4288C1E6 -- C:\Windows\SysNative\DriverStore\FileRepository\msmouse.inf_amd64_neutral_7a5f47d3150cc0eb\mouhid.sys
[2009/07/14 00:00:20 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=D3BF052C40B0C4166D9FD86A4288C1E6 -- C:\Windows\winsxs\amd64_msmouse.inf_31bf3856ad364e35_6.1.7600.16385_none_aa28fd23ec0c39f9\mouhid.sys
 
< MD5 for: NETBT.SYS  >
[2010/11/20 09:23:20 | 000,261,632 | ---- | M] (Microsoft Corporation) MD5=09594D1089C523423B32A4229263F068 -- C:\Windows\SysNative\drivers\netbt.sys
[2010/11/20 09:23:20 | 000,261,632 | ---- | M] (Microsoft Corporation) MD5=09594D1089C523423B32A4229263F068 -- C:\Windows\winsxs\amd64_microsoft-windows-netbt_31bf3856ad364e35_6.1.7601.17514_none_be8acdd10de3b1a6\netbt.sys
 
< MD5 for: SERIAL.SYS  >
[2009/07/14 00:00:40 | 000,094,208 | ---- | M] (Microsoft Corporation) MD5=C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 -- C:\Windows\SysNative\drivers\serial.sys
[2009/07/14 00:00:40 | 000,094,208 | ---- | M] (Microsoft Corporation) MD5=C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 -- C:\Windows\SysNative\DriverStore\FileRepository\msports.inf_amd64_neutral_fdcfb86ce78678d1\serial.sys
[2009/07/14 00:00:40 | 000,094,208 | ---- | M] (Microsoft Corporation) MD5=C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 -- C:\Windows\winsxs\amd64_msports.inf_31bf3856ad364e35_6.1.7600.16385_none_548ca258d20f4ada\serial.sys
 
< MD5 for: SERVICES.EXE  >
[2009/07/14 01:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\ERDNT\cache64\services.exe
[2009/07/14 01:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/14 01:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
 
< MD5 for: SMSS.EXE  >
[2009/07/14 01:39:41 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=1911A3356FA3F77CCC825CCBAC038C2A -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_082f99a432e2a661\smss.exe
[2013/03/19 02:57:17 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=498E2A20E145199709CD100CDBA8603D -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.22280_none_0a9a7b3b492b4d05\smss.exe
[2013/03/19 03:06:33 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=F0371DE302FFFF8F086661611BE60848 -- C:\Windows\SysNative\smss.exe
[2013/03/19 03:06:33 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=F0371DE302FFFF8F086661611BE60848 -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7601.18113_none_0a5f8ec22fd235a9\smss.exe
 
< MD5 for: SPLDR.SYS  >
[2009/07/14 01:45:55 | 000,019,008 | ---- | M] (Microsoft Corporation) MD5=B9E31E5CACDFE584F34F730A677803F9 -- C:\Windows\SysNative\drivers\spldr.sys
[2009/07/14 01:45:55 | 000,019,008 | ---- | M] (Microsoft Corporation) MD5=B9E31E5CACDFE584F34F730A677803F9 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_c72819e06acceb59\spldr.sys
 
< MD5 for: SVCHOST.EXE  >
[2009/07/14 01:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache86\svchost.exe
[2009/07/14 01:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 01:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2013/04/04 13:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/14 01:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\ERDNT\cache64\svchost.exe
[2009/07/14 01:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/14 01:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
 
< MD5 for: TCPIP.SYS  >
[2011/09/29 17:41:37 | 001,912,176 | ---- | M] (Microsoft Corporation) MD5=3810F06A4D74A7D62641EE73D6B3C660 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_11c6e9949627e69c\tcpip.sys
[2013/05/08 06:14:42 | 001,900,392 | ---- | M] (Microsoft Corporation) MD5=3E94650745D4DAB67E161F5F32CEA597 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22319_none_11d29984961f0be0\tcpip.sys
[2010/11/20 13:33:57 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=509383E505C973ED7534A06B3D19688D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys
[2012/08/22 18:06:13 | 001,901,936 | ---- | M] (Microsoft Corporation) MD5=7880A26B7D3B96FDA8EFD9F985036B1D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22097_none_117a13de9661c145\tcpip.sys
[2012/03/30 10:26:36 | 001,901,424 | ---- | M] (Microsoft Corporation) MD5=885B202006EE17AE99B9FBCEC9AF88C9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_11a27a8e9643d23a\tcpip.sys
[2011/04/25 05:33:51 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=92CE29D95AC9DD2D0EE9061D551BA250 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_114de9497cfe9316\tcpip.sys
[2013/05/08 06:39:01 | 001,910,632 | ---- | M] (Microsoft Corporation) MD5=9849EA3843A2ADBDD1497E97A85D8CAE -- C:\Windows\SysNative\drivers\tcpip.sys
[2013/05/08 06:39:01 | 001,910,632 | ---- | M] (Microsoft Corporation) MD5=9849EA3843A2ADBDD1497E97A85D8CAE -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18148_none_11278ac57d1aa96b\tcpip.sys
[2011/06/21 06:20:30 | 001,914,752 | ---- | M] (Microsoft Corporation) MD5=A0EB71E0DC047C7CC95CD6AB4036296E -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21754_none_11a276c29643d7ec\tcpip.sys
[2012/03/30 11:35:47 | 001,918,320 | ---- | M] (Microsoft Corporation) MD5=ACB82BDA8F46C84F465C1AFA517DC4B9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_114ceccb7cff740d\tcpip.sys
[2013/01/03 06:00:54 | 001,913,192 | ---- | M] (Microsoft Corporation) MD5=B62A953F2BF3922C8764A29C34A22899 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18042_none_112187237d20143a\tcpip.sys
[2011/04/25 06:16:34 | 001,927,552 | ---- | M] (Microsoft Corporation) MD5=B77977AEB2FF159D01DB08A309989C5F -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_11cbb5de9625357a\tcpip.sys
[2013/01/04 05:47:43 | 001,901,416 | ---- | M] (Microsoft Corporation) MD5=B8C1AAC0523E1C33AEB0EF7572144BA2 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22209_none_11dd678a9616f2c8\tcpip.sys
[2011/06/21 06:34:00 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=F0E98C00A09FDF791525829A1D14240F -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17638_none_11327af77d12659c\tcpip.sys
[2012/08/22 18:12:50 | 001,913,200 | ---- | M] (Microsoft Corporation) MD5=F782CAD3CEDBB3F9FFE3BF2775D92DDC -- C:\Windows\ERDNT\cache64\tcpip.sys
[2012/08/22 18:12:50 | 001,913,200 | ---- | M] (Microsoft Corporation) MD5=F782CAD3CEDBB3F9FFE3BF2775D92DDC -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17939_none_113380f37d117668\tcpip.sys
[2011/09/29 16:29:28 | 001,923,952 | ---- | M] (Microsoft Corporation) MD5=FC62769E7BFF2896035AEED399108162 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_10f09b257d43f3eb\tcpip.sys
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 12:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache86\userinit.exe
[2010/11/20 12:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 12:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temp\RarSFX0\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temp\RarSFX1\userinit.exe
[2010/11/20 13:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\ERDNT\cache64\userinit.exe
[2010/11/20 13:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 13:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: VOLSNAP.SYS  >
[2010/11/20 13:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\SysNative\drivers\volsnap.sys
[2010/11/20 13:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\SysNative\DriverStore\FileRepository\volume.inf_amd64_neutral_df8bea40ac96ca21\volsnap.sys
[2010/11/20 13:34:02 | 000,295,808 | ---- | M] (Microsoft Corporation) MD5=0D08D2F3B3FF84E433346669B5E0F639 -- C:\Windows\winsxs\amd64_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_73dcbcf012b4850e\volsnap.sys
 
< MD5 for: WININIT.EXE  >
[2009/07/14 01:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\ERDNT\cache64\wininit.exe
[2009/07/14 01:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009/07/14 01:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009/07/14 01:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\ERDNT\cache86\wininit.exe
[2009/07/14 01:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009/07/14 01:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010/11/20 13:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe
[2010/11/20 13:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 13:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temp\RarSFX0\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temp\RarSFX1\winlogon.exe
[2013/04/04 13:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< MD5 for: WSOCK32.DLL  >
[2009/07/14 01:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=DF13A51A5C591887D2EC6AE64CEED0FA -- C:\Windows\SysWOW64\wsock32.dll
[2009/07/14 01:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=DF13A51A5C591887D2EC6AE64CEED0FA -- C:\Windows\winsxs\x86_microsoft-windows-winsock-legacy_31bf3856ad364e35_6.1.7600.16385_none_e33b8ccc72da5441\wsock32.dll
[2009/07/14 01:41:58 | 000,018,432 | ---- | M] (Microsoft Corporation) MD5=E36112A8A6C7F840169A7E92C12F4203 -- C:\Windows\SysNative\wsock32.dll
[2009/07/14 01:41:58 | 000,018,432 | ---- | M] (Microsoft Corporation) MD5=E36112A8A6C7F840169A7E92C12F4203 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-legacy_31bf3856ad364e35_6.1.7600.16385_none_3f5a28502b37c577\wsock32.dll
 
========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Documents and Settings] -> C:\Users -> Junction
[C:\ProgramData\Application Data] -> C:\ProgramData -> Junction
[C:\ProgramData\Desktop] -> C:\Users\Public\Desktop -> Junction
[C:\ProgramData\Documents] -> C:\Users\Public\Documents -> Junction
[C:\ProgramData\Favorites] -> C:\Users\Public\Favorites -> Junction
[C:\ProgramData\Start Menu] -> C:\ProgramData\Microsoft\Windows\Start Menu -> Junction
[C:\ProgramData\Templates] -> C:\ProgramData\Microsoft\Windows\Templates -> Junction
[C:\Users\All Users\Application Data] -> C:\ProgramData -> Junction
[C:\Users\All Users\Desktop] -> C:\Users\Public\Desktop -> Junction
[C:\Users\All Users\Documents] -> C:\Users\Public\Documents -> Junction
[C:\Users\All Users\Favorites] -> C:\Users\Public\Favorites -> Junction
[C:\Users\All Users\Start Menu] -> C:\ProgramData\Microsoft\Windows\Start Menu -> Junction
[C:\Users\All Users\Templates] -> C:\ProgramData\Microsoft\Windows\Templates -> Junction
[C:\Users\All Users] ->  -> Unknown point type
[C:\Users\Default User] -> C:\Users\Default -> Junction
[C:\Users\Default\AppData\Local\Application Data] -> C:\Users\Default\AppData\Local -> Junction
[C:\Users\Default\AppData\Local\History] -> C:\Users\Default\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Users\Default\AppData\Local\Temporary Internet Files] -> C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Users\Default\Application Data] -> C:\Users\Default\AppData\Roaming -> Junction
[C:\Users\Default\Documents\My Music] -> C:\Users\Default\Music -> Junction
[C:\Users\Default\Documents\My Pictures] -> C:\Users\Default\Pictures -> Junction
[C:\Users\Default\Documents\My Videos] -> C:\Users\Default\Videos -> Junction
[C:\Users\Default\Local Settings] -> C:\Users\Default\AppData\Local -> Junction
[C:\Users\Default\My Documents] -> C:\Users\Default\Documents -> Junction
[C:\Users\Default\NetHood] -> C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\Users\Default\PrintHood] -> C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\Users\Default\Recent] -> C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent -> Junction
[C:\Users\Default\SendTo] -> C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
[C:\Users\Default\Start Menu] -> C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\Users\Default\Templates] -> C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates -> Junction
[C:\Users\Matthew\AppData\Local\Application Data] -> C:\Users\Matthew\AppData\Local -> Junction
[C:\Users\Matthew\AppData\Local\History] -> C:\Users\Matthew\AppData\Local\Microsoft\Windows\History -> Junction
[C:\Users\Matthew\AppData\Local\Temporary Internet Files] -> C:\Users\Matthew\AppData\Local\Microsoft\Windows\Temporary Internet Files -> Junction
[C:\Users\Matthew\Application Data] -> C:\Users\Matthew\AppData\Roaming -> Junction
[C:\Users\Matthew\Cookies] -> C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Cookies -> Junction
[C:\Users\Matthew\Documents\My Music] -> C:\Users\Matthew\Music -> Junction
[C:\Users\Matthew\Documents\My Pictures] -> C:\Users\Matthew\Pictures -> Junction
[C:\Users\Matthew\Documents\My Videos] -> C:\Users\Matthew\Videos -> Junction
[C:\Users\Matthew\Local Settings] -> C:\Users\Matthew\AppData\Local -> Junction
[C:\Users\Matthew\My Documents] -> C:\Users\Matthew\Documents -> Junction
[C:\Users\Matthew\NetHood] -> C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Network Shortcuts -> Junction
[C:\Users\Matthew\PrintHood] -> C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Printer Shortcuts -> Junction
[C:\Users\Matthew\Recent] -> C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Recent -> Junction
[C:\Users\Matthew\SendTo] -> C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\SendTo -> Junction
[C:\Users\Matthew\Start Menu] -> C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu -> Junction
[C:\Users\Matthew\Templates] -> C:\Users\Matthew\AppData\Roaming\Microsoft\Windows\Templates -> Junction
[C:\Users\Public\Documents\My Music] -> C:\Users\Public\Music -> Junction
[C:\Users\Public\Documents\My Pictures] -> C:\Users\Public\Pictures -> Junction
[C:\Users\Public\Documents\My Videos] -> C:\Users\Public\Videos -> Junction

< End of report >



#12 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:57 AM

Posted 28 March 2014 - 04:32 AM

Hello,

 

 

We need to run an OTL Fix

  • Please reopen otlDesktopIcon.png on your desktop.
  • Copy and Paste the following code into the customFix.png textbox. Do not include the word "Quote"

     

    :OTL
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    [2013/06/23 10:51:04 | 000,182,028 | ---- | M] () -- C:\Users\Matthew\AppData\Local\e433e0ea-2e44-488f-b3fa-c49c698ec3d7
    [2011/07/30 15:36:09 | 000,000,120 | ---- | M] () -- C:\Users\Matthew\AppData\Local\Lpunocovofa.dat
    [2012/07/30 22:28:54 | 000,000,000 | --SD | M] -- C:\Users\Matthew\AppData\Local\{765d77cd-0eec-bc58-1ba1-aa06142c2a9b}
    [2012/07/30 22:28:54 | 000,000,000 | ---D | M] -- C:\Windows\installer\{765d77cd-0eec-bc58-1ba1-aa06142c2a9b}
    [2011/11/07 09:22:01 | 000,000,000 | ---D | M] -- C:\ProgramData\boost_interprocess
    [2011/05/22 00:40:08 | 000,000,000 | ---- | M] () -- C:\Windows\system32\config\systemprofile\AppData\Local\aqagnprb.log
    [2011/05/22 01:09:34 | 000,000,024 | ---- | M] () -- C:\Windows\system32\config\systemprofile\AppData\Local\cyqkcstl.log
    [2011/05/19 06:39:17 | 000,004,011 | ---- | M] () -- C:\Windows\system32\config\systemprofile\AppData\Local\hilielkg.log
    [2011/05/19 06:39:19 | 000,000,927 | ---- | M] () -- C:\Windows\system32\config\systemprofile\AppData\Local\oroovify.log
    [2011/05/19 06:39:19 | 000,143,980 | ---- | M] () -- C:\Windows\system32\config\systemprofile\AppData\Local\qkilihjf.log
    [2011/05/19 06:39:17 | 000,003,146 | ---- | M] () -- C:\Windows\system32\config\systemprofile\AppData\Local\uyxbkqgd.log
    [2011/05/22 00:40:08 | 000,000,000 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\aqagnprb.log
    [2011/05/22 01:09:34 | 000,000,024 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\cyqkcstl.log
    [2011/05/19 06:39:17 | 000,004,011 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\hilielkg.log
    [2011/05/19 06:39:19 | 000,000,927 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\oroovify.log
    [2011/05/19 06:39:19 | 000,143,980 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\qkilihjf.log
    [2011/05/19 06:39:17 | 000,003,146 | ---- | M] () -- C:\Windows\SysWOW64\config\systemprofile\AppData\Local\uyxbkqgd.log
    [2010/01/14 00:52:49 | 000,000,000 | -HSD | M] -- C:\Windows\system32\%APPDATA%
    [2011/05/20 15:13:08 | 000,000,000 | -HSD | M] -- C:\Windows\sysnative\%APPDATA%
    :files
    C:\Microsoft_SDK
    netsh winsock reset catalog /c
    ipconfig /flushdns /c
    C:\Users\Matthew\AppData\Roaming\Atemmi
    C:\Users\Matthew\AppData\Roaming\Taocu
    C:\Users\Matthew\AppData\Roaming\Umrom
    type C:\TDSSKiller.3.0.0.26_26.03.2014_00.23.09_log.txt >> test.txt /c
    C:\Users\All Users\Microsoft\Windows Defender\LocalCopy\*.* /s
    :reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "TCP Query User{42B37402-2210-4E68-B5AF-994CF686E200}C:\users\matthew\appdata\roaming\taocu\sauni.exe"=-
    "TCP Query User{9BC87608-00B4-4782-8D93-714915684CE1}C:\users\matthew\appdata\local\temp\jiydco\heje.exe"=-
    "UDP Query User{9E7C50B3-A1D6-4C1C-976F-8AE046FB9E27}C:\users\matthew\appdata\local\temp\jiydco\heje.exe"=-
    "UDP Query User{ED778C4B-E1B9-456A-9DF7-2D6A9A1F06E0}C:\users\matthew\appdata\roaming\taocu\sauni.exe"=-
    :commands
    [emptytemp]

     

  • Push runFixbutton.png
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click btnOK.png.
  • A report will open. Copy and Paste that report in your next reply.
  • If a report is not shown please navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present.
  • Copy/paste the content of the log back here in your next post.

 

 

 

Regards,

Georgi


cXfZ4wS.png


#13 mrthehoople

mrthehoople
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:09:57 PM

Posted 28 March 2014 - 09:14 AM

Hi Georgi, It ran successfully.  Log pasted below.  I've bought you a couple of beers...

 

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
C:\Users\Matthew\AppData\Local\e433e0ea-2e44-488f-b3fa-c49c698ec3d7 moved successfully.
C:\Users\Matthew\AppData\Local\Lpunocovofa.dat moved successfully.
C:\Users\Matthew\AppData\Local\{765d77cd-0eec-bc58-1ba1-aa06142c2a9b} folder moved successfully.
C:\Windows\installer\{765d77cd-0eec-bc58-1ba1-aa06142c2a9b} folder moved successfully.
C:\ProgramData\boost_interprocess\3E7D6BD6219DCC01 folder moved successfully.
C:\ProgramData\boost_interprocess folder moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\aqagnprb.log moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\cyqkcstl.log moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\hilielkg.log moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\oroovify.log moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\qkilihjf.log moved successfully.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\uyxbkqgd.log moved successfully.
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\aqagnprb.log not found.
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\cyqkcstl.log not found.
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\hilielkg.log not found.
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\oroovify.log not found.
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\qkilihjf.log not found.
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\uyxbkqgd.log not found.
C:\Windows\SysWow64\%APPDATA%\Microsoft\Windows\IETldCache folder moved successfully.
C:\Windows\SysWow64\%APPDATA%\Microsoft\Windows folder moved successfully.
C:\Windows\SysWow64\%APPDATA%\Microsoft folder moved successfully.
C:\Windows\SysWow64\%APPDATA% folder moved successfully.
C:\Windows\sysnative\%APPDATA%\Microsoft\Windows\IETldCache folder moved successfully.
C:\Windows\sysnative\%APPDATA%\Microsoft\Windows folder moved successfully.
C:\Windows\sysnative\%APPDATA%\Microsoft folder moved successfully.
C:\Windows\sysnative\%APPDATA% folder moved successfully.
File EY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] not found.
File ptytemp] not found.
 
OTL by OldTimer - Version 3.2.69.0 log created on 03282014_140959

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...



#14 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:57 AM

Posted 28 March 2014 - 11:26 AM

Hello,

 

You didn't copy the fix correctly - the following section is missing:

 

:files
C:\Microsoft_SDK
netsh winsock reset catalog /c
ipconfig /flushdns /c
C:\Users\Matthew\AppData\Roaming\Atemmi
C:\Users\Matthew\AppData\Roaming\Taocu
C:\Users\Matthew\AppData\Roaming\Umrom
type C:\TDSSKiller.3.0.0.26_26.03.2014_00.23.09_log.txt >> test.txt /c
C:\Users\All Users\Microsoft\Windows Defender\LocalCopy\*.* /s
:reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"TCP Query User{42B37402-2210-4E68-B5AF-994CF686E200}C:\users\matthew\appdata\roaming\taocu\sauni.exe"=-
"TCP Query User{9BC87608-00B4-4782-8D93-714915684CE1}C:\users\matthew\appdata\local\temp\jiydco\heje.exe"=-
"UDP Query User{9E7C50B3-A1D6-4C1C-976F-8AE046FB9E27}C:\users\matthew\appdata\local\temp\jiydco\heje.exe"=-
"UDP Query User{ED778C4B-E1B9-456A-9DF7-2D6A9A1F06E0}C:\users\matthew\appdata\roaming\taocu\sauni.exe"=-
:commands
[emptytemp]

 

Each new command should be on a new line:

 

6cZ97Jp.png

 

Can you please repeat the fix (make sure that there isn't free space at the beginning of each line before you press the fix button)... :)

 

Thanks! :)

 

 

Regards,

Georgi


cXfZ4wS.png


#15 mrthehoople

mrthehoople
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:09:57 PM

Posted 28 March 2014 - 02:51 PM

oops, try again...

 

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 not found.
File C:\Users\Matthew\AppData\Local\e433e0ea-2e44-488f-b3fa-c49c698ec3d7 not found.
File C:\Users\Matthew\AppData\Local\Lpunocovofa.dat not found.
Folder C:\Users\Matthew\AppData\Local\{765d77cd-0eec-bc58-1ba1-aa06142c2a9b}\ not found.
Folder C:\Windows\installer\{765d77cd-0eec-bc58-1ba1-aa06142c2a9b}\ not found.
Folder C:\ProgramData\boost_interprocess\ not found.
File C:\Windows\system32\config\systemprofile\AppData\Local\aqagnprb.log not found.
File C:\Windows\system32\config\systemprofile\AppData\Local\cyqkcstl.log not found.
File C:\Windows\system32\config\systemprofile\AppData\Local\hilielkg.log not found.
File C:\Windows\system32\config\systemprofile\AppData\Local\oroovify.log not found.
File C:\Windows\system32\config\systemprofile\AppData\Local\qkilihjf.log not found.
File C:\Windows\system32\config\systemprofile\AppData\Local\uyxbkqgd.log not found.
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\aqagnprb.log not found.
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\cyqkcstl.log not found.
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\hilielkg.log not found.
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\oroovify.log not found.
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\qkilihjf.log not found.
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\uyxbkqgd.log not found.
Folder C:\Windows\system32\%APPDATA%\ not found.
Folder C:\Windows\sysnative\%APPDATA%\ not found.
========== FILES ==========
C:\Microsoft_SDK\lib\include folder moved successfully.
C:\Microsoft_SDK\lib folder moved successfully.
C:\Microsoft_SDK folder moved successfully.
< netsh winsock reset catalog /c >
Access is denied.
C:\Users\Matthew\Desktop\cmd.bat deleted successfully.
C:\Users\Matthew\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Could not flush the DNS Resolver Cache: Function failed during execution.
C:\Users\Matthew\Desktop\cmd.bat deleted successfully.
C:\Users\Matthew\Desktop\cmd.txt deleted successfully.
C:\Users\Matthew\AppData\Roaming\Atemmi folder moved successfully.
C:\Users\Matthew\AppData\Roaming\Taocu folder moved successfully.
C:\Users\Matthew\AppData\Roaming\Umrom folder moved successfully.
< type C:\TDSSKiller.3.0.0.26_26.03.2014_00.23.09_log.txt >> test.txt /c >
00:23:09.0216 0x112c  TDSS rootkit removing tool 3.0.0.26 Mar 24 2014 07:28:43
00:23:13.0196 0x112c  ============================================================
00:23:13.0196 0x112c  Current date / time: 2014/03/26 00:23:13.0196
00:23:13.0196 0x112c  SystemInfo:
00:23:13.0196 0x112c 
00:23:13.0196 0x112c  OS Version: 6.1.7601 ServicePack: 1.0
00:23:13.0196 0x112c  Product type: Workstation
00:23:13.0196 0x112c  ComputerName: MATTHEW-PC
00:23:13.0196 0x112c  UserName: Matthew
00:23:13.0196 0x112c  Windows directory: C:\Windows
00:23:13.0196 0x112c  System windows directory: C:\Windows
00:23:13.0196 0x112c  Running under WOW64
00:23:13.0196 0x112c  Processor architecture: Intel x64
00:23:13.0196 0x112c  Number of processors: 2
00:23:13.0196 0x112c  Page size: 0x1000
00:23:13.0196 0x112c  Boot type: Normal boot
00:23:13.0196 0x112c  ============================================================
00:23:17.0527 0x112c  KLMD registered as C:\Windows\system32\drivers\55261970.sys
00:23:17.0745 0x112c  System UUID: {008721A2-F8A9-7D3E-59A3-8A4135C5FE59}
00:23:19.0076 0x112c  Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:23:19.0076 0x112c  ============================================================
00:23:19.0076 0x112c  \Device\Harddisk0\DR0:
00:23:19.0076 0x112c  MBR partitions:
00:23:19.0076 0x112c  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
00:23:19.0076 0x112c  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x94DC800
00:23:19.0076 0x112c  ============================================================
00:23:19.0170 0x112c  C: <-> \Device\Harddisk0\DR0\Partition2
00:23:19.0217 0x112c  ============================================================
00:23:19.0217 0x112c  Initialize success
00:23:19.0217 0x112c  ============================================================
00:23:21.0718 0x12a0  ============================================================
00:23:21.0718 0x12a0  Scan started
00:23:21.0718 0x12a0  Mode: Manual;
00:23:21.0718 0x12a0  ============================================================
00:23:21.0718 0x12a0  KSN ping started
00:23:24.0536 0x12a0  KSN ping finished: true
00:23:26.0662 0x12a0  ================ Scan system memory ========================
00:23:26.0662 0x12a0  System memory - ok
00:23:26.0662 0x12a0  ================ Scan services =============================
00:23:27.0006 0x12a0  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
00:23:27.0037 0x12a0  1394ohci - ok
00:23:27.0130 0x12a0  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
00:23:27.0177 0x12a0  ACPI - ok
00:23:27.0240 0x12a0  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
00:23:27.0255 0x12a0  AcpiPmi - ok
00:23:27.0598 0x12a0  [ 9D96B0D5855FD1B98023B3EEC9F06786, E4C79233158BE8AA4E9C6DD71585E5D2703A5156531EB3D692D7D81BC443E844 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
00:23:27.0614 0x12a0  AdobeFlashPlayerUpdateSvc - ok
00:23:27.0723 0x12a0  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
00:23:27.0739 0x12a0  adp94xx - ok
00:23:27.0817 0x12a0  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
00:23:27.0832 0x12a0  adpahci - ok
00:23:27.0864 0x12a0  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
00:23:27.0879 0x12a0  adpu320 - ok
00:23:27.0910 0x12a0  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
00:23:27.0926 0x12a0  AeLookupSvc - ok
00:23:28.0035 0x12a0  [ 1C7857B62DE5994A75B054A9FD4C3825, 83F963D7E636532B1AD30B1E727EC429317CA540F6EB3BB268FCC0B163B67767 ] AFD             C:\Windows\system32\drivers\afd.sys
00:23:28.0066 0x12a0  AFD - ok
00:23:28.0160 0x12a0  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
00:23:28.0176 0x12a0  agp440 - ok
00:23:28.0222 0x12a0  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
00:23:28.0222 0x12a0  ALG - ok
00:23:28.0269 0x12a0  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
00:23:28.0269 0x12a0  aliide - ok
00:23:28.0300 0x12a0  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
00:23:28.0300 0x12a0  amdide - ok
00:23:28.0378 0x12a0  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
00:23:28.0410 0x12a0  AmdK8 - ok
00:23:28.0441 0x12a0  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
00:23:28.0508 0x12a0  AmdPPM - ok
00:23:28.0617 0x12a0  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
00:23:28.0633 0x12a0  amdsata - ok
00:23:28.0680 0x12a0  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
00:23:28.0695 0x12a0  amdsbs - ok
00:23:28.0727 0x12a0  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
00:23:28.0727 0x12a0  amdxata - ok
00:23:28.0852 0x12a0  [ D5EC94CB176F682EAFC823ECA8D90DC6, 354E73431CF46982ED8D9339AF54DA6148A6ABE5A13739D1F8A30C1949C1FF2D ] ApfiltrService  C:\Windows\system32\DRIVERS\Apfiltr.sys
00:23:28.0867 0x12a0  ApfiltrService - ok
00:23:28.0961 0x12a0  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
00:23:28.0976 0x12a0  AppID - ok
00:23:29.0008 0x12a0  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
00:23:29.0008 0x12a0  AppIDSvc - ok
00:23:29.0054 0x12a0  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
00:23:29.0070 0x12a0  Appinfo - ok
00:23:29.0288 0x12a0  [ 20F6F19FE9E753F2780DC2FA083AD597, 5106F0F9BA8A7DE49260A9B13BF8EC45ACA6A166FA8B10B4F69C3BB54F6840A1 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
00:23:29.0304 0x12a0  Apple Mobile Device - ok
00:23:29.0366 0x12a0  [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt         C:\Windows\System32\appmgmts.dll
00:23:29.0366 0x12a0  AppMgmt - ok
00:23:29.0429 0x12a0  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\DRIVERS\arc.sys
00:23:29.0429 0x12a0  arc - ok
00:23:29.0460 0x12a0  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
00:23:29.0460 0x12a0  arcsas - ok
00:23:29.0507 0x12a0  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
00:23:29.0507 0x12a0  AsyncMac - ok
00:23:29.0569 0x12a0  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
00:23:29.0569 0x12a0  atapi - ok
00:23:29.0694 0x12a0  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
00:23:29.0756 0x12a0  AudioEndpointBuilder - ok
00:23:29.0772 0x12a0  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
00:23:29.0788 0x12a0  AudioSrv - ok
00:23:29.0850 0x12a0  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
00:23:29.0881 0x12a0  AxInstSV - ok
00:23:29.0975 0x12a0  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
00:23:30.0022 0x12a0  b06bdrv - ok
00:23:30.0068 0x12a0  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
00:23:30.0084 0x12a0  b57nd60a - ok
00:23:30.0193 0x12a0  [ 4D7DADD33E359414BD93E9E8A4542484, 5EBDDB1A643404134437AA7427094672F2E9592DD0EB6F7BC01A52DE9CAA4076 ] BCM42RLY        C:\Windows\system32\drivers\BCM42RLY.sys
00:23:30.0193 0x12a0  BCM42RLY - ok
00:23:30.0380 0x12a0  [ FB4FDA64F2E8552EAEB5986C3F34462C, EFC81E1227339FC721B926633BE15B5476A161452D6D054455F4B1FE87D9B891 ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl664.sys
00:23:30.0515 0x12a0  BCM43XX - ok
00:23:30.0593 0x12a0  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
00:23:30.0608 0x12a0  BDESVC - ok
00:23:30.0608 0x12a0  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
00:23:30.0624 0x12a0  Beep - ok
00:23:30.0827 0x12a0  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
00:23:30.0858 0x12a0  BFE - ok
00:23:30.0936 0x12a0  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\system32\qmgr.dll
00:23:31.0014 0x12a0  BITS - ok
00:23:31.0076 0x12a0  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
00:23:31.0092 0x12a0  blbdrive - ok
00:23:31.0217 0x12a0  [ F2060A34C8A75BC24A9222EB4F8C07BD, 14EE16BF7E55716C1ADC3F133582A03339844088CF01E929B5A8FB8FA515F714 ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe
00:23:31.0248 0x12a0  Bonjour Service - ok
00:23:31.0326 0x12a0  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
00:23:31.0341 0x12a0  bowser - ok
00:23:31.0357 0x12a0  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
00:23:31.0357 0x12a0  BrFiltLo - ok
00:23:31.0388 0x12a0  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
00:23:31.0419 0x12a0  BrFiltUp - ok
00:23:31.0451 0x12a0  [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
00:23:31.0466 0x12a0  BridgeMP - ok
00:23:31.0529 0x12a0  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
00:23:31.0529 0x12a0  Browser - ok
00:23:31.0575 0x12a0  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
00:23:31.0591 0x12a0  Brserid - ok
00:23:31.0622 0x12a0  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
00:23:31.0622 0x12a0  BrSerWdm - ok
00:23:31.0638 0x12a0  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
00:23:31.0638 0x12a0  BrUsbMdm - ok
00:23:31.0653 0x12a0  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
00:23:31.0653 0x12a0  BrUsbSer - ok
00:23:31.0669 0x12a0  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
00:23:31.0669 0x12a0  BTHMODEM - ok
00:23:31.0731 0x12a0  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
00:23:31.0731 0x12a0  bthserv - ok
00:23:31.0965 0x12a0  [ 2D3E922E76F940F6B3FEE5BED95D0CF9, C8C90B83063EC12F5F0A32E1F657715AB29621BA95390479AB76250ACF1C8C2A ] buttonsvc64     C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
00:23:31.0981 0x12a0  buttonsvc64 - ok
00:23:32.0043 0x12a0  catchme - ok
00:23:32.0075 0x12a0  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
00:23:32.0075 0x12a0  cdfs - ok
00:23:32.0168 0x12a0  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
00:23:32.0184 0x12a0  cdrom - ok
00:23:32.0246 0x12a0  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
00:23:32.0262 0x12a0  CertPropSvc - ok
00:23:32.0293 0x12a0  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
00:23:32.0293 0x12a0  circlass - ok
00:23:32.0340 0x12a0  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
00:23:32.0355 0x12a0  CLFS - ok
00:23:32.0579 0x12a0  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:23:32.0610 0x12a0  clr_optimization_v2.0.50727_32 - ok
00:23:32.0719 0x12a0  [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
00:23:32.0719 0x12a0  clr_optimization_v2.0.50727_64 - ok
00:23:32.0891 0x12a0  [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:23:32.0922 0x12a0  clr_optimization_v4.0.30319_32 - ok
00:23:32.0984 0x12a0  [ C6F9AF94DCD58122A4D7E89DB6BED29D, CB0E5AE60EC76323585FB86D89E8DB7ADB5EDF6EA3D0B27E9ECE75B8CAA8BFDE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
00:23:33.0000 0x12a0  clr_optimization_v4.0.30319_64 - ok
00:23:33.0078 0x12a0  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
00:23:33.0078 0x12a0  CmBatt - ok
00:23:33.0125 0x12a0  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
00:23:33.0125 0x12a0  cmdide - ok
00:23:33.0187 0x12a0  [ 9AC4F97C2D3E93367E2148EA940CD2CD, 530E089E5CF868AECDB2B5548EBE76E0CA98FC74A72897292AB2485734402E3B ] CNG             C:\Windows\system32\Drivers\cng.sys
00:23:33.0203 0x12a0  CNG - ok
00:23:33.0250 0x12a0  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
00:23:33.0265 0x12a0  Compbatt - ok
00:23:33.0343 0x12a0  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
00:23:33.0359 0x12a0  CompositeBus - ok
00:23:33.0374 0x12a0  COMSysApp - ok
00:23:33.0406 0x12a0  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
00:23:33.0406 0x12a0  crcdisk - ok
00:23:33.0577 0x12a0  [ 8BFD7CF64F99C7AFCBE5EBF0DCF3843A, 82E2432ECDE3245FF3803427A72FC3AA9370357D315EEBA141A98F75B1B97532 ] Credential Vault Host Control Service C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
00:23:33.0624 0x12a0  Credential Vault Host Control Service - ok
00:23:33.0764 0x12a0  [ 1021F6695625D62F9D95E7A9E9BF88E6, 7823D2050EE0C5ACCE6AC4FF6074B024189CA1FB90BF9B6DA00CDFF84EED3EF4 ] Credential Vault Host Storage C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
00:23:33.0764 0x12a0  Credential Vault Host Storage - ok
00:23:33.0827 0x12a0  [ D8129C49798CBBFB2E4351D4B7B8EF9C, 7C125DBA3F88E7C6D98AE0869EDB7995360904A913923528ABD0429B2608C313 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
00:23:33.0827 0x12a0  CryptSvc - ok
00:23:33.0889 0x12a0  [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC             C:\Windows\system32\drivers\csc.sys
00:23:33.0920 0x12a0  CSC - ok
00:23:34.0030 0x12a0  [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService      C:\Windows\System32\cscsvc.dll
00:23:34.0076 0x12a0  CscService - ok
00:23:34.0092 0x12a0  [ 12D89F98F31B03BBA0B91EC7C24061F3, 2ED0AEDAFDA716AE15475D9491CE3C9E35707E55FA6A0F89D2B418E6B974D74F ] cvusbdrv        C:\Windows\system32\Drivers\cvusbdrv.sys
00:23:34.0108 0x12a0  cvusbdrv - ok
00:23:34.0232 0x12a0  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
00:23:34.0264 0x12a0  DcomLaunch - ok
00:23:34.0451 0x12a0  [ 33BB31F4B963E942D6076043EFD9CC6F, 23D93ED148E5A72B8EF2E7ABF99C92BD2FBE57A68647D6C5791EBB28F1229ABE ] dcpsysmgrsvc    C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
00:23:34.0627 0x12a0  dcpsysmgrsvc - ok
00:23:34.0690 0x12a0  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
00:23:34.0690 0x12a0  defragsvc - ok
00:23:34.0752 0x12a0  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
00:23:34.0752 0x12a0  DfsC - ok
00:23:34.0815 0x12a0  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
00:23:34.0830 0x12a0  Dhcp - ok
00:23:34.0846 0x12a0  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
00:23:34.0861 0x12a0  discache - ok
00:23:34.0877 0x12a0  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
00:23:34.0893 0x12a0  Disk - ok
00:23:34.0971 0x12a0  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
00:23:34.0971 0x12a0  Dnscache - ok
00:23:35.0033 0x12a0  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
00:23:35.0049 0x12a0  dot3svc - ok
00:23:35.0142 0x12a0  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
00:23:35.0142 0x12a0  DPS - ok
00:23:35.0173 0x12a0  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
00:23:35.0173 0x12a0  drmkaud - ok
00:23:35.0314 0x12a0  [ AF2E16242AA723F68F461B6EAE2EAD3D, 3973633C6D231DB8D92DE310D3A0836C64639B9A20C6C56385FB218A707C1BC3 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
00:23:35.0423 0x12a0  DXGKrnl - ok
00:23:35.0532 0x12a0  [ 761B9EDD97A021AA1922501B7A056635, 5F2BD5B086B3E0E3B11237152E0F3CE6D1CC0F927EC72808D59C4CCC9187A6D0 ] e1yexpress      C:\Windows\system32\DRIVERS\e1y62x64.sys
00:23:35.0532 0x12a0  e1yexpress - ok
00:23:35.0579 0x12a0  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
00:23:35.0595 0x12a0  EapHost - ok
00:23:35.0860 0x12a0  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
00:23:36.0000 0x12a0  ebdrv - ok
00:23:36.0063 0x12a0  [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] EFS             C:\Windows\System32\lsass.exe
00:23:36.0063 0x12a0  EFS - ok
00:23:36.0156 0x12a0  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
00:23:36.0234 0x12a0  ehRecvr - ok
00:23:36.0250 0x12a0  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
00:23:36.0265 0x12a0  ehSched - ok
00:23:36.0406 0x12a0  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
00:23:36.0473 0x12a0  elxstor - ok
00:23:36.0489 0x12a0  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
00:23:36.0504 0x12a0  ErrDev - ok
00:23:36.0598 0x12a0  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
00:23:36.0660 0x12a0  EventSystem - ok
00:23:36.0723 0x12a0  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
00:23:36.0738 0x12a0  exfat - ok
00:23:36.0770 0x12a0  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
00:23:36.0770 0x12a0  fastfat - ok
00:23:36.0863 0x12a0  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
00:23:36.0941 0x12a0  Fax - ok
00:23:36.0972 0x12a0  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
00:23:36.0972 0x12a0  fdc - ok
00:23:36.0988 0x12a0  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
00:23:37.0004 0x12a0  fdPHost - ok
00:23:37.0019 0x12a0  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
00:23:37.0019 0x12a0  FDResPub - ok
00:23:37.0050 0x12a0  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
00:23:37.0082 0x12a0  FileInfo - ok
00:23:37.0097 0x12a0  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
00:23:37.0097 0x12a0  Filetrace - ok
00:23:37.0128 0x12a0  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
00:23:37.0128 0x12a0  flpydisk - ok
00:23:37.0206 0x12a0  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
00:23:37.0222 0x12a0  FltMgr - ok
00:23:37.0503 0x12a0  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
00:23:37.0596 0x12a0  FontCache - ok
00:23:37.0659 0x12a0  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
00:23:37.0674 0x12a0  FontCache3.0.0.0 - ok
00:23:37.0706 0x12a0  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
00:23:37.0721 0x12a0  FsDepends - ok
00:23:37.0799 0x12a0  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
00:23:37.0846 0x12a0  Fs_Rec - ok
00:23:37.0908 0x12a0  [ 1F7B25B858FA27015169FE95E54108ED, 72DD12E924AA7273B3E4BDD2A2C581DECE304C8EF3D44EA79ABB032F3F95DCE5 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
00:23:37.0924 0x12a0  fvevol - ok
00:23:37.0940 0x12a0  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
00:23:37.0940 0x12a0  gagp30kx - ok
00:23:38.0002 0x12a0  [ E403AACF8C7BB11375122D2464560311, 0427B8FFD999D256EA1A5135F218692959A7577CB32354D3087CF0FB4F0577DF ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
00:23:38.0002 0x12a0  GEARAspiWDM - ok
00:23:38.0111 0x12a0  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
00:23:38.0158 0x12a0  gpsvc - ok
00:23:38.0205 0x12a0  gupdate - ok
00:23:38.0220 0x12a0  gupdatem - ok
00:23:38.0252 0x12a0  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
00:23:38.0252 0x12a0  hcw85cir - ok
00:23:38.0361 0x12a0  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
00:23:38.0392 0x12a0  HdAudAddService - ok
00:23:38.0408 0x12a0  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
00:23:38.0423 0x12a0  HDAudBus - ok
00:23:38.0454 0x12a0  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
00:23:38.0459 0x12a0  HidBatt - ok
00:23:38.0506 0x12a0  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
00:23:38.0522 0x12a0  HidBth - ok
00:23:38.0537 0x12a0  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
00:23:38.0553 0x12a0  HidIr - ok
00:23:38.0584 0x12a0  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\System32\hidserv.dll
00:23:38.0600 0x12a0  hidserv - ok
00:23:38.0647 0x12a0  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
00:23:38.0647 0x12a0  HidUsb - ok
00:23:38.0693 0x12a0  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
00:23:38.0693 0x12a0  hkmsvc - ok
00:23:38.0771 0x12a0  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
00:23:38.0818 0x12a0  HomeGroupListener - ok
00:23:38.0896 0x12a0  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
00:23:38.0896 0x12a0  HomeGroupProvider - ok
00:23:38.0943 0x12a0  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
00:23:38.0974 0x12a0  HpSAMD - ok
00:23:39.0068 0x12a0  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
00:23:39.0083 0x12a0  HTTP - ok
00:23:39.0146 0x12a0  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
00:23:39.0161 0x12a0  hwpolicy - ok
00:23:39.0239 0x12a0  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
00:23:39.0239 0x12a0  i8042prt - ok
00:23:39.0380 0x12a0  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
00:23:39.0411 0x12a0  iaStorV - ok
00:23:39.0583 0x12a0  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
00:23:39.0676 0x12a0  idsvc - ok
00:23:40.0583 0x12a0  [ 677AA5991026A65ADA128C4B59CF2BAD, 013F9D7362960EEE1DB70EE8B90A896EACA0B752924717FD019A6DD3BFF50C00 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
00:23:40.0942 0x12a0  igfx - ok
00:23:41.0035 0x12a0  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
00:23:41.0035 0x12a0  iirsp - ok
00:23:41.0144 0x12a0  [ FCD84C381E0140AF901E58D48882D26B, 76955FFC230C801E8ED890E32076075F04CD6E5EC79E594FDE6D23797A36B406 ] IKEEXT          C:\Windows\System32\ikeext.dll
00:23:41.0238 0x12a0  IKEEXT - ok
00:23:41.0269 0x12a0  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
00:23:41.0300 0x12a0  intelide - ok
00:23:41.0332 0x12a0  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
00:23:41.0363 0x12a0  intelppm - ok
00:23:41.0394 0x12a0  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
00:23:41.0410 0x12a0  IPBusEnum - ok
00:23:41.0456 0x12a0  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:23:41.0456 0x12a0  IpFilterDriver - ok
00:23:41.0566 0x12a0  [ A34A587FFFD45FA649FBA6D03784D257, C9A2BCD4E2A5EB6E320092A3AFD5737ECDCDA0B83EE42314A23C4978F2974767 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
00:23:41.0597 0x12a0  iphlpsvc - ok
00:23:41.0644 0x12a0  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
00:23:41.0659 0x12a0  IPMIDRV - ok
00:23:41.0706 0x12a0  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
00:23:41.0706 0x12a0  IPNAT - ok
00:23:41.0831 0x12a0  [ A9E53E1A9C4274EEBC00D36AE5ED40DE, 49123A8C6975CD291D4952ACC8B5835538549545C8BCEF7923D4FB54D697446D ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
00:23:41.0878 0x12a0  iPod Service - ok
00:23:41.0924 0x12a0  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
00:23:41.0924 0x12a0  IRENUM - ok
00:23:41.0940 0x12a0  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
00:23:41.0940 0x12a0  isapnp - ok
00:23:42.0002 0x12a0  [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
00:23:42.0018 0x12a0  iScsiPrt - ok
00:23:42.0034 0x12a0  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
00:23:42.0049 0x12a0  kbdclass - ok
00:23:42.0174 0x12a0  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
00:23:42.0205 0x12a0  kbdhid - ok
00:23:42.0252 0x12a0  [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] KeyIso          C:\Windows\system32\lsass.exe
00:23:42.0252 0x12a0  KeyIso - ok
00:23:42.0299 0x12a0  [ 97A7070AEA4C058B6418519E869A63B4, 15345C2D6CA159BD498002974A0BD21CAB611124D85E3320248B47652AEF23C8 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
00:23:42.0330 0x12a0  KSecDD - ok
00:23:42.0361 0x12a0  [ 26C43A7C2862447EC59DEDA188D1DA07, 5363BF87E650FE2010ACA9417D6920FF4ED752256FF47732882E9B2BA1ED154B ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
00:23:42.0377 0x12a0  KSecPkg - ok
00:23:42.0408 0x12a0  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
00:23:42.0439 0x12a0  ksthunk - ok
00:23:42.0494 0x12a0  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
00:23:42.0540 0x12a0  KtmRm - ok
00:23:42.0665 0x12a0  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\System32\srvsvc.dll
00:23:42.0696 0x12a0  LanmanServer - ok
00:23:42.0743 0x12a0  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
00:23:42.0759 0x12a0  LanmanWorkstation - ok
00:23:43.0274 0x12a0  [ 4CCC8AABE7880C56BA10043B8FBCA3EB, 642C76203092C8766963EF9F790C1CB1DF956B3E3530276733978F46D209C4B7 ] LeapFrog Connect Device Service C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
00:23:43.0523 0x12a0  LeapFrog Connect Device Service - ok
00:23:43.0554 0x12a0  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
00:23:43.0570 0x12a0  lltdio - ok
00:23:43.0679 0x12a0  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
00:23:43.0695 0x12a0  lltdsvc - ok
00:23:43.0710 0x12a0  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
00:23:43.0710 0x12a0  lmhosts - ok
00:23:43.0742 0x12a0  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
00:23:43.0742 0x12a0  LSI_FC - ok
00:23:43.0788 0x12a0  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
00:23:43.0804 0x12a0  LSI_SAS - ok
00:23:43.0851 0x12a0  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
00:23:43.0851 0x12a0  LSI_SAS2 - ok
00:23:43.0866 0x12a0  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
00:23:43.0866 0x12a0  LSI_SCSI - ok
00:23:43.0944 0x12a0  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
00:23:43.0976 0x12a0  luafv - ok
00:23:44.0022 0x12a0  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
00:23:44.0038 0x12a0  Mcx2Svc - ok
00:23:44.0116 0x12a0  MDM - ok
00:23:44.0147 0x12a0  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
00:23:44.0163 0x12a0  megasas - ok
00:23:44.0194 0x12a0  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
00:23:44.0210 0x12a0  MegaSR - ok
00:23:44.0241 0x12a0  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
00:23:44.0256 0x12a0  MMCSS - ok
00:23:44.0272 0x12a0  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
00:23:44.0272 0x12a0  Modem - ok
00:23:44.0288 0x12a0  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
00:23:44.0288 0x12a0  monitor - ok
00:23:44.0350 0x12a0  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
00:23:44.0350 0x12a0  mouclass - ok
00:23:44.0381 0x12a0  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
00:23:44.0381 0x12a0  mouhid - ok
00:23:44.0444 0x12a0  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
00:23:44.0464 0x12a0  mountmgr - ok
00:23:44.0605 0x12a0  [ 338037EFA0E8E8699B2667D57B751574, 59E0D39806D0C4EB57913AA013242837FD39AD378726AEE42D250CBA87C1C3BF ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
00:23:44.0620 0x12a0  MozillaMaintenance - ok
00:23:44.0683 0x12a0  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
00:23:44.0698 0x12a0  mpio - ok
00:23:44.0761 0x12a0  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
00:23:44.0776 0x12a0  mpsdrv - ok
00:23:45.0104 0x12a0  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
00:23:45.0166 0x12a0  MpsSvc - ok
00:23:45.0244 0x12a0  [ DC722758B8261E1ABAFD31A3C0A66380, 88BBE073E2CCD1DAB4656DDC53D5161E8A91D035ADAC1465D0CEBA86F1BB6D9A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
00:23:45.0260 0x12a0  MRxDAV - ok
00:23:45.0338 0x12a0  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
00:23:45.0369 0x12a0  mrxsmb - ok
00:23:45.0463 0x12a0  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:23:45.0478 0x12a0  mrxsmb10 - ok
00:23:45.0556 0x12a0  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:23:45.0572 0x12a0  mrxsmb20 - ok
00:23:45.0665 0x12a0  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
00:23:45.0665 0x12a0  msahci - ok
00:23:45.0697 0x12a0  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
00:23:45.0712 0x12a0  msdsm - ok
00:23:45.0743 0x12a0  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
00:23:45.0759 0x12a0  MSDTC - ok
00:23:45.0837 0x12a0  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
00:23:45.0853 0x12a0  Msfs - ok
00:23:45.0884 0x12a0  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
00:23:45.0899 0x12a0  mshidkmdf - ok
00:23:45.0962 0x12a0  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
00:23:45.0962 0x12a0  msisadrv - ok
00:23:46.0071 0x12a0  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
00:23:46.0071 0x12a0  MSiSCSI - ok
00:23:46.0087 0x12a0  msiserver - ok
00:23:46.0133 0x12a0  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
00:23:46.0149 0x12a0  MSKSSRV - ok
00:23:46.0165 0x12a0  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
00:23:46.0165 0x12a0  MSPCLOCK - ok
00:23:46.0180 0x12a0  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
00:23:46.0180 0x12a0  MSPQM - ok
00:23:46.0321 0x12a0  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
00:23:46.0352 0x12a0  MsRPC - ok
00:23:46.0367 0x12a0  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
00:23:46.0383 0x12a0  mssmbios - ok
00:23:46.0399 0x12a0  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
00:23:46.0414 0x12a0  MSTEE - ok
00:23:46.0445 0x12a0  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
00:23:46.0463 0x12a0  MTConfig - ok
00:23:46.0528 0x12a0  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
00:23:46.0544 0x12a0  Mup - ok
00:23:46.0684 0x12a0  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
00:23:46.0747 0x12a0  napagent - ok
00:23:46.0840 0x12a0  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
00:23:46.0856 0x12a0  NativeWifiP - ok
00:23:47.0059 0x12a0  [ 79B47FD40D9A817E932F9D26FAC0A81C, 53E260B8BFC50BA45FA73BFCF4E58C233890D0EAA9DEFDCCBB55FD3EB992FF2D ] NDIS            C:\Windows\system32\drivers\ndis.sys
00:23:47.0090 0x12a0  NDIS - ok
00:23:47.0137 0x12a0  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
00:23:47.0152 0x12a0  NdisCap - ok
00:23:47.0215 0x12a0  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
00:23:47.0230 0x12a0  NdisTapi - ok
00:23:47.0308 0x12a0  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
00:23:47.0324 0x12a0  Ndisuio - ok
00:23:47.0433 0x12a0  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
00:23:47.0433 0x12a0  NdisWan - ok
00:23:47.0511 0x12a0  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
00:23:47.0511 0x12a0  NDProxy - ok
00:23:47.0558 0x12a0  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
00:23:47.0574 0x12a0  NetBIOS - ok
00:23:47.0636 0x12a0  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
00:23:47.0652 0x12a0  NetBT - ok
00:23:47.0667 0x12a0  [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] Netlogon        C:\Windows\system32\lsass.exe
00:23:47.0683 0x12a0  Netlogon - ok
00:23:47.0730 0x12a0  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
00:23:47.0745 0x12a0  Netman - ok
00:23:47.0823 0x12a0  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
00:23:47.0870 0x12a0  netprofm - ok
00:23:47.0917 0x12a0  [ 3E5A36127E201DDF663176B66828FAFE, 5A08BA9EFB1A72DF1DD839BA5FA2B8994012BA62A515588FF62333B33B60045B ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:23:47.0917 0x12a0  NetTcpPortSharing - ok
00:23:47.0979 0x12a0  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
00:23:47.0979 0x12a0  nfrd960 - ok
00:23:48.0088 0x12a0  [ 1EE99A89CC788ADA662441D1E9830529, 6B4FDD74BB81E12BD4B25A3E8AECB0FA77FA0075D454DD1D6DC1790ADF1F2AA8 ] NlaSvc          C:\Windows\System32\nlasvc.dll
00:23:48.0135 0x12a0  NlaSvc - ok
00:23:48.0213 0x12a0  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
00:23:48.0229 0x12a0  Npfs - ok
00:23:48.0244 0x12a0  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
00:23:48.0260 0x12a0  nsi - ok
00:23:48.0276 0x12a0  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
00:23:48.0307 0x12a0  nsiproxy - ok
00:23:48.0488 0x12a0  [ B98F8C6E31CD07B2E6F71F7F648E38C0, 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
00:23:48.0551 0x12a0  Ntfs - ok
00:23:48.0598 0x12a0  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
00:23:48.0598 0x12a0  Null - ok
00:23:48.0676 0x12a0  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
00:23:48.0691 0x12a0  nvraid - ok
00:23:48.0738 0x12a0  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
00:23:48.0754 0x12a0  nvstor - ok
00:23:48.0800 0x12a0  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
00:23:48.0816 0x12a0  nv_agp - ok
00:23:48.0910 0x12a0  [ 404B0121AE1A75D9A63B6934EB07C258, 86C423955252DDD519407F22C9A28B3AA952C088494470D622ECDC1C6569FC7E ] OA001Ufd        C:\Windows\system32\DRIVERS\OA001Ufd.sys
00:23:48.0925 0x12a0  OA001Ufd - ok
00:23:49.0003 0x12a0  [ 4B69D156DB42B26425AB3B172FA50D92, 8509249144328ACB4A5000FF9DAA6F3139EFBF1414BE26EA719F04443D3BF154 ] OA001Vid        C:\Windows\system32\DRIVERS\OA001Vid.sys
00:23:49.0019 0x12a0  OA001Vid - ok
00:23:49.0159 0x12a0  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
00:23:49.0206 0x12a0  odserv - ok
00:23:49.0268 0x12a0  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
00:23:49.0268 0x12a0  ohci1394 - ok
00:23:49.0393 0x12a0  [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:23:49.0424 0x12a0  ose - ok
00:23:49.0534 0x12a0  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
00:23:49.0565 0x12a0  p2pimsvc - ok
00:23:49.0612 0x12a0  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
00:23:49.0643 0x12a0  p2psvc - ok
00:23:49.0721 0x12a0  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
00:23:49.0736 0x12a0  Parport - ok
00:23:49.0814 0x12a0  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
00:23:49.0846 0x12a0  partmgr - ok
00:23:49.0924 0x12a0  [ 363B3F857ABEE85767E01E3044C539CD, F6CB6C4B5B206E75BC8EB125363B1A095BA24FCC997A10605D59FCE44BA8651C ] PBADRV          C:\Windows\system32\DRIVERS\PBADRV64.sys
00:23:49.0939 0x12a0  PBADRV - ok
00:23:50.0002 0x12a0  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
00:23:50.0033 0x12a0  PcaSvc - ok
00:23:50.0111 0x12a0  [ BC0018C2D29F655188A0ED3FA94FDB24, BCF7F2CA5E30F569AEB69049BA3C196982C72EA7264CFBA59D7123041BA96E5A ] pccsmcfd        C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
00:23:50.0126 0x12a0  pccsmcfd - ok
00:23:50.0236 0x12a0  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
00:23:50.0251 0x12a0  pci - ok
00:23:50.0267 0x12a0  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
00:23:50.0282 0x12a0  pciide - ok
00:23:50.0314 0x12a0  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
00:23:50.0329 0x12a0  pcmcia - ok
00:23:50.0360 0x12a0  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
00:23:50.0376 0x12a0  pcw - ok
00:23:50.0454 0x12a0  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
00:23:50.0511 0x12a0  PEAUTH - ok
00:23:50.0838 0x12a0  [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
00:23:50.0932 0x12a0  PeerDistSvc - ok
00:23:51.0291 0x12a0  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
00:23:51.0291 0x12a0  PerfHost - ok
00:23:51.0431 0x12a0  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
00:23:51.0494 0x12a0  pla - ok
00:23:51.0696 0x12a0  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
00:23:51.0743 0x12a0  PlugPlay - ok
00:23:51.0774 0x12a0  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
00:23:51.0790 0x12a0  PNRPAutoReg - ok
00:23:51.0837 0x12a0  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
00:23:51.0852 0x12a0  PNRPsvc - ok
00:23:51.0977 0x12a0  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
00:23:52.0008 0x12a0  PolicyAgent - ok
00:23:52.0071 0x12a0  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
00:23:52.0086 0x12a0  Power - ok
00:23:52.0118 0x12a0  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
00:23:52.0149 0x12a0  PptpMiniport - ok
00:23:52.0164 0x12a0  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
00:23:52.0180 0x12a0  Processor - ok
00:23:52.0242 0x12a0  [ 5C78838B4D166D1A27DB3A8A820C799A, BBF7E1D0B6754CF06BF3936671FDF5BF6E845CA5678D0940EA54E9212B539B7F ] ProfSvc         C:\Windows\system32\profsvc.dll
00:23:52.0258 0x12a0  ProfSvc - ok
00:23:52.0274 0x12a0  [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] ProtectedStorage C:\Windows\system32\lsass.exe
00:23:52.0274 0x12a0  ProtectedStorage - ok
00:23:52.0367 0x12a0  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
00:23:52.0367 0x12a0  Psched - ok
00:23:52.0461 0x12a0  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
00:23:52.0606 0x12a0  ql2300 - ok
00:23:52.0637 0x12a0  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
00:23:52.0653 0x12a0  ql40xx - ok
00:23:52.0684 0x12a0  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
00:23:52.0700 0x12a0  QWAVE - ok
00:23:52.0731 0x12a0  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
00:23:52.0747 0x12a0  QWAVEdrv - ok
00:23:52.0809 0x12a0  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
00:23:52.0825 0x12a0  RasAcd - ok
00:23:52.0871 0x12a0  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
00:23:52.0871 0x12a0  RasAgileVpn - ok
00:23:52.0887 0x12a0  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
00:23:52.0903 0x12a0  RasAuto - ok
00:23:52.0996 0x12a0  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
00:23:53.0012 0x12a0  Rasl2tp - ok
00:23:53.0105 0x12a0  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
00:23:53.0137 0x12a0  RasMan - ok
00:23:53.0168 0x12a0  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
00:23:53.0183 0x12a0  RasPppoe - ok
00:23:53.0215 0x12a0  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
00:23:53.0230 0x12a0  RasSstp - ok
00:23:53.0324 0x12a0  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
00:23:53.0339 0x12a0  rdbss - ok
00:23:53.0371 0x12a0  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
00:23:53.0386 0x12a0  rdpbus - ok
00:23:53.0402 0x12a0  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
00:23:53.0433 0x12a0  RDPCDD - ok
00:23:53.0511 0x12a0  [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
00:23:53.0527 0x12a0  RDPDR - ok
00:23:53.0605 0x12a0  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
00:23:53.0605 0x12a0  RDPENCDD - ok
00:23:53.0620 0x12a0  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
00:23:53.0620 0x12a0  RDPREFMP - ok
00:23:53.0839 0x12a0  [ 70CBA1A0C98600A2AA1863479B35CB90, 91A133297921B4955817176251AFC5283DA3C7D2099700C4C92ECC94DBE9A99E ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
00:23:53.0854 0x12a0  RdpVideoMiniport - ok
00:23:53.0901 0x12a0  [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
00:23:53.0901 0x12a0  RDPWD - ok
00:23:53.0995 0x12a0  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
00:23:54.0010 0x12a0  rdyboost - ok
00:23:54.0073 0x12a0  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
00:23:54.0073 0x12a0  RemoteAccess - ok
00:23:54.0104 0x12a0  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
00:23:54.0119 0x12a0  RemoteRegistry - ok
00:23:54.0182 0x12a0  [ 9C23519FC1FD331AAAEDC145AB947293, 14F98B720418ABD4C4AEF293E4C3B3BEB3163B0B676B57FFACF42D1755E4496F ] rimmptsk        C:\Windows\system32\DRIVERS\rimmpx64.sys
00:23:54.0182 0x12a0  rimmptsk - ok
00:23:54.0244 0x12a0  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
00:23:54.0244 0x12a0  RpcEptMapper - ok
00:23:54.0291 0x12a0  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
00:23:54.0291 0x12a0  RpcLocator - ok
00:23:54.0353 0x12a0  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
00:23:54.0369 0x12a0  RpcSs - ok
00:23:54.0431 0x12a0  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
00:23:54.0468 0x12a0  rspndr - ok
00:23:54.0655 0x12a0  [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
00:23:54.0655 0x12a0  s3cap - ok
00:23:54.0686 0x12a0  [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] SamSs           C:\Windows\system32\lsass.exe
00:23:54.0686 0x12a0  SamSs - ok
00:23:54.0795 0x12a0  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
00:23:54.0811 0x12a0  sbp2port - ok
00:23:54.0826 0x12a0  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
00:23:54.0842 0x12a0  SCardSvr - ok
00:23:54.0904 0x12a0  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
00:23:54.0904 0x12a0  scfilter - ok
00:23:54.0982 0x12a0  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
00:23:55.0076 0x12a0  Schedule - ok
00:23:55.0123 0x12a0  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
00:23:55.0123 0x12a0  SCPolicySvc - ok
00:23:55.0185 0x12a0  [ 111E0EBC0AD79CB0FA014B907B231CF0, B7D43D156C2524938503CF8E99C4D1F7A5C55E16C0368F57F4CD23C6D833B38F ] sdbus           C:\Windows\system32\drivers\sdbus.sys
00:23:55.0185 0x12a0  sdbus - ok
00:23:55.0248 0x12a0  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
00:23:55.0263 0x12a0  SDRSVC - ok
00:23:55.0310 0x12a0  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
00:23:55.0310 0x12a0  secdrv - ok
00:23:55.0372 0x12a0  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
00:23:55.0372 0x12a0  seclogon - ok
00:23:55.0544 0x12a0  [ C7E916ACA04D95F663B367C715792C6A, B0FBBC883F6D0C8EBC0AA6667FB0C701475E094F00A64905ADE28866FF006095 ] SecureStorageService C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
00:23:55.0575 0x12a0  SecureStorageService - ok
00:23:55.0606 0x12a0  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\system32\sens.dll
00:23:55.0606 0x12a0  SENS - ok
00:23:55.0653 0x12a0  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
00:23:55.0653 0x12a0  SensrSvc - ok
00:23:55.0731 0x12a0  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
00:23:55.0731 0x12a0  Serenum - ok
00:23:55.0778 0x12a0  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
00:23:55.0778 0x12a0  Serial - ok
00:23:55.0809 0x12a0  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
00:23:55.0856 0x12a0  sermouse - ok
00:23:56.0121 0x12a0  [ 3EC8DE67B1C78C31E54C0F030E6BD7D5, 3D9C8CE5EEDFC4EB4C1BF7182C86185C40E8ED40946702BFC16EFBDF93B9778D ] ServiceLayer    C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
00:23:56.0152 0x12a0  ServiceLayer - ok
00:23:56.0199 0x12a0  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
00:23:56.0215 0x12a0  SessionEnv - ok
00:23:56.0246 0x12a0  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys
00:23:56.0262 0x12a0  sffdisk - ok
00:23:56.0262 0x12a0  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
00:23:56.0262 0x12a0  sffp_mmc - ok
00:23:56.0277 0x12a0  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys
00:23:56.0277 0x12a0  sffp_sd - ok
00:23:56.0308 0x12a0  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
00:23:56.0308 0x12a0  sfloppy - ok
00:23:56.0371 0x12a0  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
00:23:56.0402 0x12a0  SharedAccess - ok
00:23:56.0454 0x12a0  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
00:23:56.0516 0x12a0  ShellHWDetection - ok
00:23:56.0547 0x12a0  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
00:23:56.0547 0x12a0  SiSRaid2 - ok
00:23:56.0579 0x12a0  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
00:23:56.0594 0x12a0  SiSRaid4 - ok
00:23:56.0703 0x12a0  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
00:23:56.0750 0x12a0  Smb - ok
00:23:57.0140 0x12a0  SMManager - ok
00:23:57.0187 0x12a0  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
00:23:57.0187 0x12a0  SNMPTRAP - ok
00:23:57.0234 0x12a0  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
00:23:57.0234 0x12a0  spldr - ok
00:23:57.0343 0x12a0  [ B96C17B5DC1424D56EEA3A99E97428CD, AF0A85066A7983878DC1C663811CE61C6CA1912DC956184F878B7B82DB93C651 ] Spooler         C:\Windows\System32\spoolsv.exe
00:23:57.0374 0x12a0  Spooler - ok
00:23:57.0561 0x12a0  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
00:23:57.0686 0x12a0  sppsvc - ok
00:23:57.0733 0x12a0  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
00:23:57.0764 0x12a0  sppuinotify - ok
00:23:57.0842 0x12a0  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
00:23:57.0858 0x12a0  srv - ok
00:23:58.0092 0x12a0  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
00:23:58.0107 0x12a0  srv2 - ok
00:23:58.0154 0x12a0  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
00:23:58.0154 0x12a0  srvnet - ok
00:23:58.0201 0x12a0  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
00:23:58.0217 0x12a0  SSDPSRV - ok
00:23:58.0263 0x12a0  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
00:23:58.0263 0x12a0  SstpSvc - ok
00:23:58.0295 0x12a0  StarOpen - ok
00:23:58.0310 0x12a0  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
00:23:58.0310 0x12a0  stexstor - ok
00:23:58.0357 0x12a0  [ DECACB6921DED1A38642642685D77DAC, 1633711CE973F818EBCCCA28538772431167C33ECDD44D1E846A9436598B52DC ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
00:23:58.0357 0x12a0  StillCam - ok
00:23:58.0419 0x12a0  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
00:23:58.0451 0x12a0  stisvc - ok
00:23:58.0565 0x12a0  [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
00:23:58.0580 0x12a0  storflt - ok
00:23:58.0612 0x12a0  [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc         C:\Windows\system32\storsvc.dll
00:23:58.0627 0x12a0  StorSvc - ok
00:23:58.0658 0x12a0  [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc         C:\Windows\system32\drivers\storvsc.sys
00:23:58.0658 0x12a0  storvsc - ok
00:23:58.0705 0x12a0  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
00:23:58.0721 0x12a0  swenum - ok
00:23:58.0752 0x12a0  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
00:23:58.0783 0x12a0  swprv - ok
00:23:58.0799 0x12a0  Synth3dVsc - ok
00:23:58.0892 0x12a0  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
00:23:58.0970 0x12a0  SysMain - ok
00:23:59.0017 0x12a0  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
00:23:59.0017 0x12a0  TabletInputService - ok
00:23:59.0080 0x12a0  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
00:23:59.0095 0x12a0  TapiSrv - ok
00:23:59.0126 0x12a0  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
00:23:59.0142 0x12a0  TBS - ok
00:23:59.0251 0x12a0  [ 9849EA3843A2ADBDD1497E97A85D8CAE, 71984DB2555989A0934E158281EA5F966109EC925B064B2045469A0E77971A7C ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
00:23:59.0329 0x12a0  Tcpip - ok
00:23:59.0438 0x12a0  [ 9849EA3843A2ADBDD1497E97A85D8CAE, 71984DB2555989A0934E158281EA5F966109EC925B064B2045469A0E77971A7C ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
00:23:59.0516 0x12a0  TCPIP6 - ok
00:23:59.0610 0x12a0  [ DF687E3D8836BFB04FCC0615BF15A519, 7C5B1E72673B4299DFC21E869F0FBB28198CA54DF4F4AF7080005F2D82467784 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
00:23:59.0610 0x12a0  tcpipreg - ok
00:23:59.0704 0x12a0  tcsd_win32.exe - ok
00:23:59.0875 0x12a0  [ 5A54D918A99299F3B33FBBA900C85590, 42FFF70B77A3E6ACD9E8027C51D22DED02A0D6842039BCD819E81E46DE89BE2A ] TdmService      C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
00:23:59.0984 0x12a0  TdmService - ok
00:24:00.0016 0x12a0  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
00:24:00.0016 0x12a0  TDPIPE - ok
00:24:00.0078 0x12a0  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
00:24:00.0094 0x12a0  TDTCP - ok
00:24:00.0140 0x12a0  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
00:24:00.0140 0x12a0  tdx - ok
00:24:00.0218 0x12a0  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
00:24:00.0218 0x12a0  TermDD - ok
00:24:00.0312 0x12a0  [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService     C:\Windows\System32\termsrv.dll
00:24:00.0343 0x12a0  TermService - ok
00:24:00.0359 0x12a0  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
00:24:00.0374 0x12a0  Themes - ok
00:24:00.0406 0x12a0  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
00:24:00.0406 0x12a0  THREADORDER - ok
00:24:00.0421 0x12a0  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
00:24:00.0421 0x12a0  TrkWks - ok
00:24:00.0535 0x12a0  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
00:24:00.0582 0x12a0  TrustedInstaller - ok
00:24:00.0660 0x12a0  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30, CA302C2ED6A6BF4670BAAA4F5C14C0238CF0C80316856AA0DB053F4D593033AC ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
00:24:00.0676 0x12a0  tssecsrv - ok
00:24:00.0785 0x12a0  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
00:24:00.0785 0x12a0  TsUsbFlt - ok
00:24:00.0801 0x12a0  tsusbhub - ok
00:24:00.0879 0x12a0  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
00:24:00.0879 0x12a0  tunnel - ok
00:24:00.0941 0x12a0  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
00:24:00.0941 0x12a0  uagp35 - ok
00:24:01.0019 0x12a0  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
00:24:01.0019 0x12a0  udfs - ok
00:24:01.0081 0x12a0  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
00:24:01.0081 0x12a0  UI0Detect - ok
00:24:01.0144 0x12a0  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
00:24:01.0144 0x12a0  uliagpkx - ok
00:24:01.0222 0x12a0  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\drivers\umbus.sys
00:24:01.0222 0x12a0  umbus - ok
00:24:01.0269 0x12a0  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
00:24:01.0269 0x12a0  UmPass - ok
00:24:01.0347 0x12a0  [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService    C:\Windows\System32\umrdp.dll
00:24:01.0362 0x12a0  UmRdpService - ok
00:24:01.0409 0x12a0  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
00:24:01.0425 0x12a0  upnphost - ok
00:24:01.0518 0x12a0  [ 54D4B48D443E7228BF64CF7CDC3118AC, 4C953166EAECFD217218E386B411A4BDDA86AE65DCF352D271DF8E3D7DECC85F ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
00:24:01.0518 0x12a0  USBAAPL64 - ok
00:24:01.0534 0x12a0  [ 6F1A3157A1C89435352CEB543CDB359C, 325B46220779C5FE3B6F19FF794474837FAB9675D9C98ACB68CCE47B1CFE5F12 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
00:24:01.0549 0x12a0  usbccgp - ok
00:24:01.0877 0x12a0  [ AF0892A803FDDA7492F595368E3B68E7, F263346DEB4D742EB436CF578F187AC8521D84CED52E98475E6198EC52244F07 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
00:24:01.0877 0x12a0  usbcir - ok
00:24:01.0893 0x12a0  [ C025055FE7B87701EB042095DF1A2D7B, D7B34B6C2C5BD3C8141895AC21BB637EA5E3C4F7A85EEF4C4C36E6BB2045A3D9 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
00:24:01.0893 0x12a0  usbehci - ok
00:24:01.0939 0x12a0  [ 287C6C9410B111B68B52CA298F7B8C24, 98900C08FE662A00DF8B37837B2BEBF9ACB7989C387AF36B2109B05A4F462D4E ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
00:24:01.0939 0x12a0  usbhub - ok
00:24:01.0986 0x12a0  [ 9840FC418B4CBD632D3D0A667A725C31, 776D86A032DCA2842EF7AADB35473193CA80547223EFAA7F110F296C377077B0 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
00:24:01.0986 0x12a0  usbohci - ok
00:24:02.0017 0x12a0  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
00:24:02.0017 0x12a0  usbprint - ok
00:24:02.0095 0x12a0  [ AAA2513C8AED8B54B189FD0C6B1634C0, 02FEE0B756AA559C29477A19861AC16D5A3152DC3C897C7D466423438B6A5E42 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
00:24:02.0111 0x12a0  usbscan - ok
00:24:02.0127 0x12a0  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:24:02.0361 0x12a0  USBSTOR - ok
00:24:02.0392 0x12a0  [ 62069A34518BCF9C1FD9E74B3F6DB7CD, C58E21424718729324B285BEE1C96551540FCC3FD650B2D10895EBA48D981E25 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
00:24:02.0392 0x12a0  usbuhci - ok
00:24:02.0423 0x12a0  [ 454800C2BC7F3927CE030141EE4F4C50, 10901E62DAA70657C499AD590DECCCA6E46FDDF4A193B2F19279E1B8ED7B1E44 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
00:24:02.0439 0x12a0  usbvideo - ok
00:24:02.0537 0x12a0  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
00:24:02.0600 0x12a0  UxSms - ok
00:24:02.0662 0x12a0  [ C118A82CD78818C29AB228366EBF81C3, 00820F3065871DCBA52A27C7F73BA470C4F2CB26EFB7F76FEF8B1207F81B284D ] VaultSvc        C:\Windows\system32\lsass.exe
00:24:02.0678 0x12a0  VaultSvc - ok
00:24:02.0771 0x12a0  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
00:24:02.0787 0x12a0  vdrvroot - ok
00:24:03.0052 0x12a0  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
00:24:03.0068 0x12a0  vds - ok
00:24:03.0114 0x12a0  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
00:24:03.0114 0x12a0  vga - ok
00:24:03.0146 0x12a0  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
00:24:03.0146 0x12a0  VgaSave - ok
00:24:03.0161 0x12a0  VGPU - ok
00:24:03.0192 0x12a0  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
00:24:03.0208 0x12a0  vhdmp - ok
00:24:03.0224 0x12a0  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
00:24:03.0239 0x12a0  viaide - ok
00:24:03.0302 0x12a0  [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus           C:\Windows\system32\drivers\vmbus.sys
00:24:03.0317 0x12a0  vmbus - ok
00:24:03.0426 0x12a0  [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
00:24:03.0458 0x12a0  VMBusHID - ok
00:24:03.0489 0x12a0  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
00:24:03.0489 0x12a0  volmgr - ok
00:24:03.0629 0x12a0  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
00:24:03.0660 0x12a0  volmgrx - ok
00:24:03.0692 0x12a0  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
00:24:03.0707 0x12a0  volsnap - ok
00:24:03.0754 0x12a0  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
00:24:03.0754 0x12a0  vsmraid - ok
00:24:03.0957 0x12a0  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
00:24:04.0097 0x12a0  VSS - ok
00:24:04.0160 0x12a0  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
00:24:04.0191 0x12a0  vwifibus - ok
00:24:04.0222 0x12a0  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
00:24:04.0222 0x12a0  vwififlt - ok
00:24:04.0300 0x12a0  [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
00:24:04.0300 0x12a0  vwifimp - ok
00:24:04.0331 0x12a0  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
00:24:04.0362 0x12a0  W32Time - ok
00:24:04.0394 0x12a0  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
00:24:04.0425 0x12a0  WacomPen - ok
00:24:04.0804 0x12a0  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
00:24:04.0820 0x12a0  WANARP - ok
00:24:04.0835 0x12a0  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
00:24:04.0835 0x12a0  Wanarpv6 - ok
00:24:05.0132 0x12a0  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
00:24:05.0194 0x12a0  WatAdminSvc - ok
00:24:05.0662 0x12a0  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
00:24:05.0740 0x12a0  wbengine - ok
00:24:05.0818 0x12a0  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
00:24:05.0865 0x12a0  WbioSrvc - ok
00:24:06.0005 0x12a0  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
00:24:06.0021 0x12a0  wcncsvc - ok
00:24:06.0068 0x12a0  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
00:24:06.0068 0x12a0  WcsPlugInService - ok
00:24:06.0099 0x12a0  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
00:24:06.0099 0x12a0  Wd - ok
00:24:06.0161 0x12a0  [ 441BD2D7B4F98134C3A4F9FA570FD250, FF20815273014C5A27C2B75E2C70FE674809293627056199F502DFDF4CECFCA1 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
00:24:06.0177 0x12a0  Wdf01000 - ok
00:24:06.0193 0x12a0  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
00:24:06.0208 0x12a0  WdiServiceHost - ok
00:24:06.0208 0x12a0  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
00:24:06.0208 0x12a0  WdiSystemHost - ok
00:24:06.0271 0x12a0  [ 3DB6D04E1C64272F8B14EB8BC4616280, 9138642B1C19F895D4ECFD930160C80FBF15813CE63BBF4C899842C300FD3026 ] WebClient       C:\Windows\System32\webclnt.dll
00:24:06.0271 0x12a0  WebClient - ok
00:24:06.0380 0x12a0  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
00:24:06.0411 0x12a0  Wecsvc - ok
00:24:06.0427 0x12a0  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
00:24:06.0442 0x12a0  wercplsupport - ok
00:24:06.0556 0x12a0  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
00:24:06.0619 0x12a0  WerSvc - ok
00:24:06.0868 0x12a0  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
00:24:06.0884 0x12a0  WfpLwf - ok
00:24:06.0915 0x12a0  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
00:24:06.0931 0x12a0  WIMMount - ok
00:24:07.0056 0x12a0  WinDefend - ok
00:24:07.0196 0x12a0  WinHttpAutoProxySvc - ok
00:24:07.0258 0x12a0  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
00:24:07.0258 0x12a0  Winmgmt - ok
00:24:07.0648 0x12a0  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\Windows\system32\WsmSvc.dll
00:24:07.0758 0x12a0  WinRM - ok
00:24:07.0836 0x12a0  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
00:24:07.0851 0x12a0  WinUsb - ok
00:24:07.0929 0x12a0  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
00:24:07.0960 0x12a0  Wlansvc - ok
00:24:08.0132 0x12a0  [ 98F138897EF4246381D197CB81846D62, A9FA88475AFBB8883297708608EC7C1AC29F229C3299A84D557172604813A18C ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
00:24:08.0210 0x12a0  wlidsvc - ok
00:24:08.0226 0x12a0  wltrysvc - ok
00:24:08.0257 0x12a0  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
00:24:08.0272 0x12a0  WmiAcpi - ok
00:24:08.0304 0x12a0  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
00:24:08.0319 0x12a0  wmiApSrv - ok
00:24:08.0350 0x12a0  WMPNetworkSvc - ok
00:24:08.0366 0x12a0  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
00:24:08.0366 0x12a0  WPCSvc - ok
00:24:08.0413 0x12a0  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
00:24:08.0413 0x12a0  WPDBusEnum - ok
00:24:08.0480 0x12a0  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
00:24:08.0480 0x12a0  ws2ifsl - ok
00:24:08.0558 0x12a0  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\system32\wscsvc.dll
00:24:08.0558 0x12a0  wscsvc - ok
00:24:08.0558 0x12a0  WSearch - ok
00:24:08.0683 0x12a0  [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv        C:\Windows\system32\wuaueng.dll
00:24:08.0761 0x12a0  wuauserv - ok
00:24:08.0808 0x12a0  [ D3381DC54C34D79B22CEE0D65BA91B7C, 70DC4ADCA4C0C28BB133287511E329D1B6B9B97F96CDE5B1D2F1F59FE1A965D9 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
00:24:08.0808 0x12a0  WudfPf - ok
00:24:08.0933 0x12a0  [ CF8D590BE3373029D57AF80914190682, FB9641777E90A58C063FBE95F081DC6D2F4770827DE19108A9DC3E3D6B17B4BF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
00:24:08.0933 0x12a0  WUDFRd - ok
00:24:08.0995 0x12a0  [ 7A95C95B6C4CF292D689106BCAE49543, 9029F489E1E817CE12839B8C6656E46190497D445DC3F43C20CF96E5E6BD0691 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
00:24:09.0011 0x12a0  wudfsvc - ok
00:24:09.0073 0x12a0  [ 9A3452B3C2A46C073166C5CF49FAD1AE, D6F95F51D8E37BA4CF403965EC08CCFEEA9EEFDBFC7752432EAEC19925BDA115 ] WwanSvc         C:\Windows\System32\wwansvc.dll
00:24:09.0073 0x12a0  WwanSvc - ok
00:24:09.0135 0x12a0  ================ Scan global ===============================
00:24:09.0151 0x12a0  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
00:24:09.0213 0x12a0  [ 0C27239FEA4DB8A2AAC9E502186B7264, 102AA14D7A3CCCE913D9887AF4CCE87EA649A21BEF5196DFFCAD7E8F0B6A7293 ] C:\Windows\system32\winsrv.dll
00:24:09.0260 0x12a0  [ 0C27239FEA4DB8A2AAC9E502186B7264, 102AA14D7A3CCCE913D9887AF4CCE87EA649A21BEF5196DFFCAD7E8F0B6A7293 ] C:\Windows\system32\winsrv.dll
00:24:09.0291 0x12a0  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
00:24:09.0323 0x12a0  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
00:24:09.0338 0x12a0  [ Global ] - ok
00:24:09.0338 0x12a0  ================ Scan MBR ==================================
00:24:09.0354 0x12a0  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
00:24:09.0697 0x12a0  \Device\Harddisk0\DR0 - ok
00:24:09.0697 0x12a0  ================ Scan VBR ==================================
00:24:09.0697 0x12a0  [ 4B33E8102C1BF4EAC1AA32E288B5D5D4 ] \Device\Harddisk0\DR0\Partition1
00:24:09.0697 0x12a0  \Device\Harddisk0\DR0\Partition1 - ok
00:24:09.0713 0x12a0  [ 3EFBC23DDBF25B71ECF22981FB77FE59 ] \Device\Harddisk0\DR0\Partition2
00:24:09.0713 0x12a0  \Device\Harddisk0\DR0\Partition2 - ok
00:24:09.0713 0x12a0  Waiting for KSN requests completion. In queue: 50
00:24:10.0716 0x12a0  Waiting for KSN requests completion. In queue: 50
00:24:11.0730 0x12a0  Waiting for KSN requests completion. In queue: 50
00:24:13.0181 0x12a0  Win FW state via NFP2: enabled
00:24:15.0973 0x12a0  ============================================================
00:24:15.0973 0x12a0  Scan finished
00:24:15.0973 0x12a0  ============================================================
00:24:15.0989 0x1304  Detected object count: 0
00:24:15.0989 0x1304  Actual detected object count: 0
00:24:20.0872 0x0f60  Deinitialize success
C:\Users\Matthew\Desktop\cmd.bat deleted successfully.
C:\Users\Matthew\Desktop\cmd.txt deleted successfully.
C:\Users\All Users\Microsoft\Windows Defender\LocalCopy\{50868F94-5A34-8704-AC35-CBC98C8F65FF}-heje.exe moved successfully.
C:\Users\All Users\Microsoft\Windows Defender\LocalCopy\{72D633E6-0DA2-4B38-B01D-CB62C63DBA16} moved successfully.
C:\Users\All Users\Microsoft\Windows Defender\LocalCopy\{A7FDA881-C1C1-465E-AB0B-7BE72ED78401} moved successfully.
C:\Users\All Users\Microsoft\Windows Defender\LocalCopy\{ACD106BC-A7D8-A1AD-A233-AA66486F89D5}-heje.exe moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{42B37402-2210-4E68-B5AF-994CF686E200}C:\users\matthew\appdata\roaming\taocu\sauni.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{9BC87608-00B4-4782-8D93-714915684CE1}C:\users\matthew\appdata\local\temp\jiydco\heje.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{9E7C50B3-A1D6-4C1C-976F-8AE046FB9E27}C:\users\matthew\appdata\local\temp\jiydco\heje.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{ED778C4B-E1B9-456A-9DF7-2D6A9A1F06E0}C:\users\matthew\appdata\roaming\taocu\sauni.exe deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Matthew
->Temp folder emptied: 13781842 bytes
->Temporary Internet Files folder emptied: 54110840 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 35329430 bytes
->Flash cache emptied: 864 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 9708 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 2412213 bytes
 
Total Files Cleaned = 101.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 03282014_194704

Files\Folders moved on Reboot...
C:\Users\Matthew\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Matthew\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\7A7E08C8-3FF5-45F2-873D-A84D669DC82F.dat moved successfully.
C:\Users\Matthew\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat moved successfully.
C:\Users\Matthew\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T3ZCLIKQ\wTH8U0osOYl[1].htm moved successfully.
C:\Users\Matthew\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T3ZCLIKQ\zbot-infection[2].htm moved successfully.
C:\Users\Matthew\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E9WAPJ4S\postmessageRelay[2].htm moved successfully.
C:\Users\Matthew\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E9WAPJ4S\wTH8U0osOYl[2].htm moved successfully.
C:\Users\Matthew\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3A3HEUW6\fastbutton[2].htm moved successfully.
C:\Users\Matthew\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3A3HEUW6\like[4].htm moved successfully.
C:\Users\Matthew\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users