Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

30+ DLLHOST.EXE *32 running in task manager


  • This topic is locked This topic is locked
59 replies to this topic

#1 BartW

BartW

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:11:41 PM

Posted 10 July 2014 - 09:27 AM

Thank you in advance for your help.  I am having a problem with my computer, numerous DLLHOST.exe *32 in my task manager, the computer is slow.  Im running McAfee and it says I am ok.  I also ran malwarebytes and now I have a window constantly popping up saying an outbound connection was blocked and there are two IP addresses that alternate as the window comes up.  If I disable my network card, the DLLHOST programs drop out of the task manager. Thank you again for your help

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17207
Run by RonWa at 9:17:35 on 2014-07-10
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.12187.9799 [GMT -5:00]
.
AV: McAfee VirusScan Enterprise *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Sony\VAIO Boot Manager\ActiveDelayDeviceService.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
C:\Windows\System32\svchost.exe -k HPZ12
c:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe
C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Citrix\ICA Client\ssonsvr.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\McAfee\Common Framework\McTray.exe
C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Windows\system32\taskeng.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
C:\Program Files (x86)\Citrix\ICA Client\WFCRUN32.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Sony\Keyboard Shortcuts\KeyboardShortcuts.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Sony\VAIO Care\VCPerfService.exe
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uDefault_Page_URL = hxxp://sony.msn.com
mStart Page = about:blank
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20130102141009.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
uRun: [GoToMeeting] "C:\Program Files (x86)\Citrix\GoToMeeting\1350\g2mstart.exe" "/Trigger RunAtLogon"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
mRun: [Dolby Home Theater v4] "C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe" -autostart
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun: [PMBVolumeWatcher] c:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
mRun: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
mRun: [ShStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: Run = "C:\Users\ronwa\AppData\Roaming\Microsoft\Windows\rasphone.exe"
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-Windows\System: AllowX-ForestPolicy-and-RUP = dword:1
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{BB8D3B29-AFBD-4D69-A562-9A58341CCF70} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{BB8D3B29-AFBD-4D69-A562-9A58341CCF70}\354514E444142544 : DHCPNameServer = 10.21.0.98 10.21.0.90
TCP: Interfaces\{BB8D3B29-AFBD-4D69-A562-9A58341CCF70}\46C696E6B6 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{BB8D3B29-AFBD-4D69-A562-9A58341CCF70}\8495144545F57455543545 : DHCPNameServer = 12.127.16.67 12.127.16.68 8.8.8.8
TCP: Interfaces\{D517B92F-B646-4561-A4F5-80319699BA34} : DHCPNameServer = 192.168.1.254
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-mStart Page = about:blank
x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20130102141009.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
x64-DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab
x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-3-11 16152]
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2013-1-2 665768]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2013-1-2 303464]
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2013-9-5 30496]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2010-7-14 87600]
R2 ActiveDelayDeviceService;ActiveDelayDeviceService;C:\Program Files (x86)\Sony\VAIO Boot Manager\ActiveDelayDeviceService.exe [2012-10-20 78472]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-1-9 659968]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-12-19 1014096]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-12-19 1104208]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-1-11 135952]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-10-20 13592]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-10-20 2429544]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-3 628448]
R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-10-20 127320]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-10-20 162648]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-7-9 1809720]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-7-9 860472]
R2 McAfeeFramework;McAfee Framework Service;C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [2012-8-21 132712]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2013-1-2 201864]
R2 McTaskManager;McAfee Task Manager;C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [2012-8-14 210056]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2013-1-2 170440]
R2 Motorola Device Manager;Motorola Device Manager Service;C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2012-10-23 120728]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [2012-2-21 473960]
R2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2011-11-30 260768]
R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2012-10-20 105024]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-10-20 362840]
R2 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2012-10-20 535688]
R2 VSNService;VSNService;C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [2012-10-20 978056]
R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2011-12-8 594704]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2012-1-9 195584]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\System32\drivers\ArcSoftKsUFilter.sys [2012-10-20 19968]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2011-12-13 94720]
R3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2011-12-13 747008]
R3 ibtfltcoex;ibtfltcoex;C:\Windows\System32\drivers\iBtFltCoex.sys [2011-12-14 60416]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-4-4 331264]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-3-11 356120]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-3-11 788760]
R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2012-2-28 25496]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-7-9 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-7-9 122584]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-7-9 63704]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2013-1-2 274880]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-10-20 676968]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2012-1-15 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2012-1-9 195584]
S3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-12-19 1304912]
S3 BTCFilterService;USB Networking Driver Filter Service;C:\Windows\System32\drivers\motfilt.sys [2009-1-29 6144]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-20 71168]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y60x64.sys [2009-6-10 281088]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-7-10 111616]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2012-2-28 34232]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2013-1-2 101200]
S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\System32\drivers\motccgp.sys [2012-6-11 22016]
S3 motccgpfl;MotCcgpFlService;C:\Windows\System32\drivers\motccgpfl.sys [2012-1-25 9728]
S3 Motousbnet;Motorola USB Networking Driver Service;C:\Windows\System32\drivers\Motousbnet.sys [2012-6-8 27136]
S3 motusbdevice;Motorola USB Dev Driver;C:\Windows\System32\drivers\motusbdevice.sys [2011-11-8 11776]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-12-8 273168]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-7-10 19456]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2012-10-20 340072]
S3 SOHCImp;VAIO Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2012-1-6 138392]
S3 SOHDs;VAIO Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2012-1-6 74904]
S3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-12-1 289952]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-7-10 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-7-10 30208]
S3 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-12-29 960160]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-12-21 550128]
S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-12-21 382720]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-8-26 101600]
S3 VCService;VCService;C:\Program Files\Sony\VAIO Care\VCService.exe [2012-1-20 54432]
S3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update Common\VUAgent.exe [2012-1-13 1256040]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-1-3 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-07-10 13:51:33 -------- d-----w- C:\Users\ronwa\AppData\Local\CrashDumps
2014-07-10 13:04:12 30208 ----a-w- C:\Windows\System32\drivers\TsUsbGD.sys
2014-07-10 13:04:12 19456 ----a-w- C:\Windows\System32\drivers\rdpvideominiport.sys
2014-07-10 13:04:12 15360 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll
2014-07-10 13:04:10 3174912 ----a-w- C:\Windows\System32\rdpcorets.dll
2014-07-10 13:04:10 243200 ----a-w- C:\Windows\System32\rdpudd.dll
2014-07-10 13:04:10 228864 ----a-w- C:\Windows\System32\rdpendp_winip.dll
2014-07-10 13:04:10 192000 ----a-w- C:\Windows\SysWow64\rdpendp_winip.dll
2014-07-10 13:04:05 30312 ----a-w- C:\Windows\System32\drivers\TrueSight.sys
2014-07-10 13:01:29 -------- d-----w- C:\ProgramData\RogueKiller
2014-07-10 12:52:57 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-07-10 12:52:57 366592 ----a-w- C:\Windows\System32\qdvd.dll
2014-07-10 12:52:56 792576 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
2014-07-10 12:52:56 1030144 ----a-w- C:\Windows\System32\TSWorkspace.dll
2014-07-10 12:44:14 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2014-07-10 12:44:14 1719296 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2014-07-10 12:44:14 1389568 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2014-07-10 12:44:14 1380864 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2014-07-10 12:44:14 1354240 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2014-07-10 12:44:13 519168 ----a-w- C:\Windows\System32\aepdu.dll
2014-07-10 12:44:12 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-07-10 12:42:22 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-07-10 12:42:22 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-07-10 12:42:19 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2014-07-10 12:42:16 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-07-10 12:42:16 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-07-10 12:42:16 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-07-09 20:31:10 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-07-09 20:15:16 -------- d-----w- C:\TDSSKiller_Quarantine
2014-07-09 19:48:59 -------- d-sh--w- C:\$RECYCLE.BIN
2014-07-09 19:48:58 -------- d-----w- C:\Users\ronwa\AppData\Local\temp
2014-07-09 16:59:57 -------- d-----w- C:\Program Files (x86)\ESET
2014-07-09 16:35:34 208896 ----a-w- C:\Windows\MBR.exe
2014-07-09 16:35:33 98816 ----a-w- C:\Windows\sed.exe
2014-07-09 16:35:33 256000 ----a-w- C:\Windows\PEV.exe
2014-07-09 15:31:23 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2014-07-09 15:31:05 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-07-09 14:55:18 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-07-09 14:51:54 92888 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-07-09 14:51:53 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-07-09 14:51:53 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-07-09 14:51:48 -------- d-----w- C:\ProgramData\Malwarebytes
2014-07-09 14:51:48 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-09 14:51:10 -------- d-----w- C:\Users\ronwa\AppData\Local\Programs
2014-07-08 19:03:06 -------- d-----w- C:\Users\ronwa\AppData\Roaming\Aronuh
2014-06-30 17:43:48 163504 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2014-06-11 18:23:43 801280 ----a-w- C:\Windows\System32\usp10.dll
2014-06-11 18:23:43 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
2014-06-11 18:23:43 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2014-06-11 18:23:42 288192 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2014-06-11 18:23:41 2048 ----a-w- C:\Windows\SysWow64\msxml6r.dll
2014-06-11 18:23:41 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2014-06-11 18:23:41 2048 ----a-w- C:\Windows\System32\msxml6r.dll
2014-06-11 18:23:41 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2014-06-11 18:23:41 2002432 ----a-w- C:\Windows\System32\msxml6.dll
2014-06-11 18:23:41 1882112 ----a-w- C:\Windows\System32\msxml3.dll
2014-06-11 18:23:41 1389056 ----a-w- C:\Windows\SysWow64\msxml6.dll
2014-06-11 18:23:41 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
.
==================== Find3M  ====================
.
2014-07-10 12:49:05 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-10 12:49:05 699056 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-06-19 01:06:55 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-06-19 01:06:24 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-06-19 00:42:57 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-06-19 00:42:49 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-06-19 00:41:52 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-06-19 00:41:16 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-06-19 00:24:30 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-06-19 00:24:12 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-06-19 00:23:53 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-06-19 00:14:28 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-06-18 23:59:04 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-06-18 23:56:37 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-06-18 23:51:38 5721088 ----a-w- C:\Windows\System32\jscript9.dll
2014-06-18 23:38:40 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-06-18 23:37:23 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-06-18 23:36:35 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-06-18 23:35:55 62464 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-06-18 23:27:45 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-06-18 23:27:07 2040832 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-06-18 23:23:27 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-06-18 23:22:40 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-06-18 23:06:10 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-06-18 22:58:27 2266112 ----a-w- C:\Windows\System32\wininet.dll
2014-06-18 22:52:18 4254720 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-06-18 22:46:23 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-06-18 22:45:59 1964544 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-06-18 22:13:59 1791488 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-06-18 02:18:30 692736 ----a-w- C:\Windows\System32\osk.exe
2014-06-18 01:51:32 646144 ----a-w- C:\Windows\SysWow64\osk.exe
2014-06-18 01:10:36 3157504 ----a-w- C:\Windows\System32\win32k.sys
2014-05-30 08:08:52 210944 ----a-w- C:\Windows\System32\wdigest.dll
2014-05-30 08:08:49 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2014-05-30 08:08:47 340992 ----a-w- C:\Windows\System32\schannel.dll
2014-05-30 08:08:41 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2014-05-30 08:08:41 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2014-05-30 08:08:36 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-05-30 08:08:31 22016 ----a-w- C:\Windows\System32\credssp.dll
2014-05-30 07:52:51 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2014-05-30 07:52:49 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2014-05-30 07:52:45 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2014-05-30 07:52:41 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2014-05-30 07:52:40 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2014-05-30 07:52:36 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2014-05-30 07:52:30 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2014-04-12 02:22:05 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2014-04-12 02:22:05 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-04-12 02:19:38 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2014-04-12 02:19:38 136192 ----a-w- C:\Windows\System32\sspicli.dll
2014-04-12 02:19:37 28160 ----a-w- C:\Windows\System32\secur32.dll
2014-04-12 02:19:05 31232 ----a-w- C:\Windows\System32\lsass.exe
.
============= FINISH:  9:18:35.47 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:41 AM

Posted 10 July 2014 - 09:49 AM

Hi there,

please run a FRST scan:


Please download Farbar Recovery Scan Tool and save it to your Desktop.
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.


#3 BartW

BartW
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:11:41 PM

Posted 10 July 2014 - 10:00 AM

Wow, thank you for getting back with me so quickly.  I really appreciate your help.  Here are the logs:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-07-2014
Ran by RonWa (administrator) on LPT02527 on 10-07-2014 09:53:13
Running from C:\Users\ronwa\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Boot Manager\ActiveDelayDeviceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\ssonsvr.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
() C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\McTray.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
() C:\Program Files (x86)\Sony\Keyboard Shortcuts\KeyboardShortcuts.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
(Sony of America Corporation) C:\Program Files\Sony\VAIO Care\listener.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Improvement\vim.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAdmin.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Improvement\vim.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [506712 2011-02-03] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-09] (Intel Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [60552 2011-09-20] (Sony Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] => c:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [693608 2012-02-21] (Sony Corporation)
HKLM-x32\...\Run: [McAfeeUpdaterUI] => C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe [333416 2012-08-21] (McAfee, Inc.)
HKLM-x32\...\Run: [ShStatEXE] => C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE [215656 2012-08-14] (McAfee, Inc.)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [304568 2010-10-12] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1264667008-2504301194-1484543345-4784\...\Run: [GoToMeeting] => C:\Program Files (x86)\Citrix\GoToMeeting\1350\g2mstart.exe [40304 2014-06-24] (Citrix Online, a division of Citrix Systems, Inc.)
HKU\S-1-5-21-1264667008-2504301194-1484543345-4784\...\Policies\Explorer: [Run] "C:\Users\ronwa\AppData\Roaming\Microsoft\Windows\rasphone.exe"
HKU\S-1-5-21-1264667008-2504301194-1484543345-4784\...\MountPoints2: {947c240d-9ac3-11e2-8305-5453edb0e661} - D:\EMP_UDSe.exe /autorun
HKU\S-1-5-21-1264667008-2504301194-1484543345-4784\...\MountPoints2: {cc1e31ab-567c-11e2-b6a4-5453edb0e661} - F:\MotorolaDeviceManagerSetup.exe -a
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://sony.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20130102141009.dll (McAfee, Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20130102141009.dll (McAfee, Inc.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll No File
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @playstation.com/PsndlCheck,version=1.00 - C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF Plugin-x32: @sony.com/ReaderDesktop - C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation)
FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 - C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\ronwa\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF Extension: IDS_SS_NAME - C:\Program Files (x86)\Common Files\McAfee\SystemCore [2013-01-02]

==================== Services (Whitelisted) =================

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 ActiveDelayDeviceService; C:\Program Files (x86)\Sony\VAIO Boot Manager\ActiveDelayDeviceService.exe [78472 2011-09-20] (Sony Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [127320 2012-03-23] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [162648 2012-03-23] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [132712 2012-08-21] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [201864 2013-01-02] (McAfee, Inc.)
R2 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [210056 2012-08-14] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [170440 2013-01-02] (McAfee, Inc.)
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [120728 2012-10-23] ()
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] ()
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-01-18] (Hewlett-Packard) [File not signed]
R2 PMBDeviceInfoProvider; c:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [473960 2012-02-21] (Sony Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-01-18] (Hewlett-Packard) [File not signed]
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [260768 2011-11-30] (Sony Corporation)
R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [105024 2011-02-23] (ArcSoft, Inc.)
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [960160 2011-12-29] (Sony Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-10] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [160952 2013-01-02] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [274880 2013-01-02] (McAfee, Inc.)
U3 mfeavfk01; No ImagePath
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [665768 2013-01-02] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [101200 2013-01-02] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [303464 2013-01-02] (McAfee, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-07-10 09:53 - 2014-07-10 09:53 - 00021827 _____ () C:\Users\ronwa\Desktop\FRST.txt
2014-07-10 09:53 - 2014-07-10 09:53 - 00000000 ____D () C:\FRST
2014-07-10 09:52 - 2014-07-10 09:52 - 02084352 _____ (Farbar) C:\Users\ronwa\Desktop\FRST64.exe
2014-07-10 09:27 - 2014-07-10 09:27 - 00000000 ____D () C:\Users\ronwa\AppData\Local\Adobe
2014-07-10 09:18 - 2014-07-10 09:19 - 00031913 _____ () C:\Users\ronwa\Desktop\dds.txt
2014-07-10 09:18 - 2014-07-10 09:19 - 00019359 _____ () C:\Users\ronwa\Desktop\attach.txt
2014-07-10 09:16 - 2014-07-10 09:16 - 00688992 ____R (Swearware) C:\Users\ronwa\Desktop\dds.com
2014-07-10 08:51 - 2014-07-10 09:53 - 00000000 ____D () C:\Users\ronwa\AppData\Local\CrashDumps
2014-07-10 08:33 - 2014-07-10 08:34 - 00000000 ____D () C:\Users\ronwa\Desktop\RK_Quarantine
2014-07-10 08:07 - 2013-10-01 21:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-07-10 08:07 - 2013-10-01 21:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-07-10 08:07 - 2013-10-01 21:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-07-10 08:07 - 2013-10-01 20:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-07-10 08:07 - 2013-10-01 20:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-07-10 08:07 - 2013-10-01 20:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-07-10 08:07 - 2013-10-01 20:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-07-10 08:07 - 2013-10-01 19:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-07-10 08:07 - 2013-10-01 19:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-07-10 08:07 - 2013-10-01 19:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-07-10 08:07 - 2013-10-01 19:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-07-10 08:07 - 2013-10-01 19:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-07-10 08:07 - 2013-10-01 18:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-07-10 08:07 - 2013-10-01 18:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-07-10 08:07 - 2013-10-01 18:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-07-10 08:07 - 2013-10-01 17:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-07-10 08:07 - 2013-10-01 15:57 - 06578176 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-07-10 08:07 - 2013-10-01 15:55 - 05698048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-07-10 08:07 - 2013-04-10 18:12 - 00169984 _____ (Xerox Corporation) C:\Windows\system32\xrzkrlai.dll
2014-07-10 08:04 - 2014-07-10 08:35 - 00030312 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-07-10 08:04 - 2012-08-23 09:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-07-10 08:04 - 2012-08-23 09:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-07-10 08:04 - 2012-08-23 09:08 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
2014-07-10 08:04 - 2012-08-23 08:24 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-07-10 08:04 - 2012-08-23 06:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2014-07-10 08:04 - 2012-08-23 05:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2014-07-10 08:04 - 2012-08-23 04:51 - 03174912 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-07-10 08:01 - 2014-07-10 08:01 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-10 07:52 - 2013-09-24 21:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-07-10 07:52 - 2013-09-24 20:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-07-10 07:52 - 2012-05-04 06:00 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-07-10 07:52 - 2012-05-04 04:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-07-10 07:44 - 2014-06-29 21:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-10 07:44 - 2014-06-29 21:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-10 07:43 - 2014-06-20 15:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-10 07:43 - 2014-06-20 14:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-10 07:43 - 2014-06-18 20:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-10 07:43 - 2014-06-18 20:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-10 07:43 - 2014-06-18 20:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-10 07:43 - 2014-06-18 19:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-10 07:43 - 2014-06-18 19:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-10 07:43 - 2014-06-18 19:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-10 07:43 - 2014-06-18 19:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-10 07:43 - 2014-06-18 19:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-10 07:43 - 2014-06-18 19:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-10 07:43 - 2014-06-18 19:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-10 07:43 - 2014-06-18 19:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-10 07:43 - 2014-06-18 19:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-10 07:43 - 2014-06-18 19:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-10 07:43 - 2014-06-18 19:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-10 07:43 - 2014-06-18 19:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-10 07:43 - 2014-06-18 19:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-10 07:43 - 2014-06-18 19:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-10 07:43 - 2014-06-18 18:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-10 07:43 - 2014-06-18 18:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-10 07:43 - 2014-06-18 18:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-10 07:43 - 2014-06-18 18:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-10 07:43 - 2014-06-18 18:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-10 07:43 - 2014-06-18 18:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-10 07:43 - 2014-06-18 18:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-10 07:43 - 2014-06-18 18:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-10 07:43 - 2014-06-18 18:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-10 07:43 - 2014-06-18 18:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-10 07:43 - 2014-06-18 18:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-10 07:43 - 2014-06-18 18:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-10 07:43 - 2014-06-18 18:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-10 07:43 - 2014-06-18 18:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-10 07:43 - 2014-06-18 18:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-10 07:43 - 2014-06-18 18:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-10 07:43 - 2014-06-18 18:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-10 07:43 - 2014-06-18 18:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-10 07:43 - 2014-06-18 18:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-10 07:43 - 2014-06-18 18:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-10 07:43 - 2014-06-18 18:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-10 07:43 - 2014-06-18 18:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-10 07:43 - 2014-06-18 18:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-10 07:43 - 2014-06-18 17:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-10 07:43 - 2014-06-18 17:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-10 07:43 - 2014-06-18 17:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-10 07:43 - 2014-06-18 17:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-10 07:43 - 2014-06-18 17:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-10 07:43 - 2014-06-18 17:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-10 07:43 - 2014-06-18 17:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-10 07:43 - 2014-06-18 17:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-10 07:43 - 2014-06-18 17:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-10 07:43 - 2014-06-18 17:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-10 07:43 - 2014-06-18 17:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-10 07:43 - 2014-06-18 17:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-10 07:43 - 2014-06-18 17:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-10 07:43 - 2014-06-18 17:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-10 07:43 - 2014-06-17 21:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-10 07:43 - 2014-06-17 20:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-10 07:43 - 2014-06-17 20:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-10 07:43 - 2014-05-30 03:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-10 07:43 - 2014-05-30 03:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-10 07:43 - 2014-05-30 03:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-10 07:43 - 2014-05-30 03:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-10 07:43 - 2014-05-30 03:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-10 07:43 - 2014-05-30 03:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-10 07:43 - 2014-05-30 03:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-10 07:43 - 2014-05-30 02:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-10 07:43 - 2014-05-30 02:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-10 07:43 - 2014-05-30 02:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-10 07:43 - 2014-05-30 02:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-10 07:43 - 2014-05-30 02:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-10 07:43 - 2014-05-30 02:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-10 07:43 - 2014-05-30 02:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-10 07:42 - 2014-06-06 05:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-10 07:42 - 2014-06-06 04:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-10 07:42 - 2014-06-05 09:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-10 07:42 - 2014-06-05 09:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-10 07:42 - 2014-06-05 09:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-10 07:42 - 2014-05-30 01:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-10 07:32 - 2014-07-10 07:32 - 00000085 _____ () C:\Windows\wininit.ini
2014-07-09 15:31 - 2014-07-09 15:56 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-07-09 15:29 - 2014-07-09 15:56 - 00000000 ____D () C:\Users\ronwa\Desktop\mbar
2014-07-09 15:15 - 2014-07-09 15:15 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-07-09 15:13 - 2014-07-09 15:18 - 00000000 ____D () C:\Users\TEMP
2014-07-09 14:48 - 2014-07-09 14:48 - 00026302 _____ () C:\ComboFix.txt
2014-07-09 11:59 - 2014-07-09 11:59 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-07-09 11:35 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-07-09 11:35 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-07-09 11:35 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-07-09 11:35 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-07-09 11:35 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-07-09 11:35 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2014-07-09 11:35 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2014-07-09 11:35 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2014-07-09 11:34 - 2014-07-09 14:48 - 00000000 ____D () C:\Qoobox
2014-07-09 11:33 - 2014-07-09 14:48 - 00000000 ____D () C:\Windows\erdnt
2014-07-09 11:32 - 2014-07-09 11:32 - 05216105 ____R (Swearware) C:\Users\ronwa\Desktop\ComboFix.exe
2014-07-09 10:32 - 2014-07-09 10:32 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-07-09 10:31 - 2014-07-10 07:33 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-07-09 10:31 - 2014-07-10 07:32 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-07-09 09:55 - 2014-07-10 09:28 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-09 09:53 - 2014-07-09 09:53 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-09 09:53 - 2014-07-09 09:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-09 09:51 - 2014-07-09 15:30 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-09 09:51 - 2014-07-09 09:52 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-09 09:51 - 2014-07-09 09:51 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-09 09:51 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-09 09:51 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-08 15:05 - 2014-07-10 07:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-07-08 15:05 - 2014-07-08 15:05 - 00001808 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2014-07-08 14:03 - 2014-07-09 10:19 - 00000000 ____D () C:\Users\ronwa\AppData\Roaming\Aronuh
2014-07-08 11:39 - 2014-07-08 11:39 - 02758434 _____ () C:\Users\ronwa\Desktop\SPS Docs.zip
2014-07-08 08:40 - 2014-07-08 09:39 - 00000000 ____D () C:\Users\ronwa\Desktop\SPS Docs
2014-06-26 09:36 - 2014-06-26 10:11 - 00026624 _____ () C:\Users\ronwa\Desktop\budget2014.xls
2014-06-24 14:48 - 2014-07-10 09:44 - 00000538 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1264667008-2504301194-1484543345-4784.job
2014-06-24 14:48 - 2014-07-07 12:33 - 00003566 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-1264667008-2504301194-1484543345-4784
2014-06-24 09:04 - 2014-06-24 14:29 - 00151109 _____ () C:\Users\ronwa\Desktop\SPS Assessment Tool 140624.xlsx
2014-06-19 10:37 - 2014-07-09 07:35 - 01117990 _____ () C:\Users\ronwa\Desktop\Standard Production System.pptx
2014-06-19 10:37 - 2014-07-08 10:23 - 00000000 ____D () C:\Users\ronwa\Desktop\SPS
2014-06-17 13:26 - 2014-06-17 13:26 - 00000165 ____H () C:\Users\ronwa\Desktop\~$SPS event check list.xlsx
2014-06-11 13:23 - 2014-04-24 21:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-11 13:23 - 2014-04-24 21:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-11 13:23 - 2014-04-04 21:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-11 13:23 - 2014-04-04 21:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-11 13:23 - 2014-03-26 09:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-11 13:23 - 2014-03-26 09:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-11 13:23 - 2014-03-26 09:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-11 13:23 - 2014-03-26 09:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-11 13:23 - 2014-03-26 09:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-11 13:23 - 2014-03-26 09:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-11 13:23 - 2014-03-26 09:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-11 13:23 - 2014-03-26 09:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll

==================== One Month Modified Files and Folders =======

2014-07-10 09:53 - 2014-07-10 09:53 - 00021827 _____ () C:\Users\ronwa\Desktop\FRST.txt
2014-07-10 09:53 - 2014-07-10 09:53 - 00000000 ____D () C:\FRST
2014-07-10 09:53 - 2014-07-10 08:51 - 00000000 ____D () C:\Users\ronwa\AppData\Local\CrashDumps
2014-07-10 09:52 - 2014-07-10 09:52 - 02084352 _____ (Farbar) C:\Users\ronwa\Desktop\FRST64.exe
2014-07-10 09:51 - 2012-10-20 04:13 - 01740494 _____ () C:\Windows\WindowsUpdate.log
2014-07-10 09:49 - 2012-10-20 05:35 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-10 09:44 - 2014-06-24 14:48 - 00000538 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1264667008-2504301194-1484543345-4784.job
2014-07-10 09:28 - 2014-07-09 09:55 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-10 09:27 - 2014-07-10 09:27 - 00000000 ____D () C:\Users\ronwa\AppData\Local\Adobe
2014-07-10 09:21 - 2009-07-13 23:45 - 00021216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-10 09:21 - 2009-07-13 23:45 - 00021216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-10 09:20 - 2013-04-30 09:57 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-10 09:19 - 2014-07-10 09:18 - 00031913 _____ () C:\Users\ronwa\Desktop\dds.txt
2014-07-10 09:19 - 2014-07-10 09:18 - 00019359 _____ () C:\Users\ronwa\Desktop\attach.txt
2014-07-10 09:19 - 2009-07-14 00:13 - 00006458 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-10 09:16 - 2014-07-10 09:16 - 00688992 ____R (Swearware) C:\Users\ronwa\Desktop\dds.com
2014-07-10 09:15 - 2013-04-30 09:57 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-10 09:15 - 2013-01-07 12:39 - 00000000 ____D () C:\Temp
2014-07-10 09:13 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-10 09:13 - 2009-07-13 23:51 - 00057242 _____ () C:\Windows\setupact.log
2014-07-10 08:35 - 2014-07-10 08:04 - 00030312 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-07-10 08:34 - 2014-07-10 08:33 - 00000000 ____D () C:\Users\ronwa\Desktop\RK_Quarantine
2014-07-10 08:28 - 2009-07-13 22:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-10 08:10 - 2010-11-20 22:47 - 00286784 _____ () C:\Windows\PFRO.log
2014-07-10 08:10 - 2009-07-13 23:45 - 00337264 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-10 08:08 - 2014-05-12 10:26 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-10 08:08 - 2012-02-24 00:58 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-10 08:08 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-10 08:08 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-10 08:08 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-07-10 08:06 - 2013-07-31 17:37 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-10 08:03 - 2013-01-02 15:08 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-10 08:01 - 2014-07-10 08:01 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-10 07:59 - 2012-10-20 04:27 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-10 07:59 - 2012-10-20 04:26 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-07-10 07:49 - 2012-10-20 05:35 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-10 07:49 - 2012-10-20 05:35 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-10 07:49 - 2012-10-20 05:35 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-10 07:33 - 2014-07-09 10:31 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-07-10 07:33 - 2013-04-30 09:58 - 00000000 ____D () C:\Program Files\Google
2014-07-10 07:33 - 2013-04-30 09:57 - 00000000 ____D () C:\Program Files (x86)\Google
2014-07-10 07:32 - 2014-07-10 07:32 - 00000085 _____ () C:\Windows\wininit.ini
2014-07-10 07:32 - 2014-07-09 10:31 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-07-10 07:31 - 2014-07-08 15:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-07-10 07:30 - 2013-04-30 09:57 - 00000000 ____D () C:\Users\ronwa\AppData\Local\Google
2014-07-09 15:56 - 2014-07-09 15:31 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-07-09 15:56 - 2014-07-09 15:29 - 00000000 ____D () C:\Users\ronwa\Desktop\mbar
2014-07-09 15:30 - 2014-07-09 09:51 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-09 15:18 - 2014-07-09 15:13 - 00000000 ____D () C:\Users\TEMP
2014-07-09 15:15 - 2014-07-09 15:15 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-07-09 14:48 - 2014-07-09 14:48 - 00026302 _____ () C:\ComboFix.txt
2014-07-09 14:48 - 2014-07-09 11:34 - 00000000 ____D () C:\Qoobox
2014-07-09 14:48 - 2014-07-09 11:33 - 00000000 ____D () C:\Windows\erdnt
2014-07-09 14:47 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini
2014-07-09 11:59 - 2014-07-09 11:59 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-07-09 11:38 - 2013-06-21 13:49 - 00000000 ____D () C:\Quarantine
2014-07-09 11:32 - 2014-07-09 11:32 - 05216105 ____R (Swearware) C:\Users\ronwa\Desktop\ComboFix.exe
2014-07-09 10:32 - 2014-07-09 10:32 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-07-09 10:19 - 2014-07-08 14:03 - 00000000 ____D () C:\Users\ronwa\AppData\Roaming\Aronuh
2014-07-09 10:19 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Web
2014-07-09 09:53 - 2014-07-09 09:53 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-09 09:53 - 2014-07-09 09:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-09 09:52 - 2014-07-09 09:51 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-09 09:51 - 2014-07-09 09:51 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-09 07:35 - 2014-06-19 10:37 - 01117990 _____ () C:\Users\ronwa\Desktop\Standard Production System.pptx
2014-07-08 15:05 - 2014-07-08 15:05 - 00001808 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2014-07-08 11:39 - 2014-07-08 11:39 - 02758434 _____ () C:\Users\ronwa\Desktop\SPS Docs.zip
2014-07-08 10:23 - 2014-06-19 10:37 - 00000000 ____D () C:\Users\ronwa\Desktop\SPS
2014-07-08 10:02 - 2013-09-09 14:19 - 00000000 ____D () C:\Users\ronwa\Desktop\Lean
2014-07-08 09:39 - 2014-07-08 08:40 - 00000000 ____D () C:\Users\ronwa\Desktop\SPS Docs
2014-07-07 12:33 - 2014-06-24 14:48 - 00003566 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-1264667008-2504301194-1484543345-4784
2014-06-29 21:09 - 2014-07-10 07:44 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-29 21:04 - 2014-07-10 07:44 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-26 17:40 - 2013-01-02 18:51 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-26 10:11 - 2014-06-26 09:36 - 00026624 _____ () C:\Users\ronwa\Desktop\budget2014.xls
2014-06-25 12:48 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-06-25 07:19 - 2013-09-09 14:18 - 00000000 ____D () C:\Users\ronwa\Desktop\Old docs
2014-06-25 07:17 - 2014-04-22 13:23 - 00000000 ____D () C:\Users\ronwa\Desktop\PFI
2014-06-25 07:17 - 2013-09-09 14:23 - 00000000 ____D () C:\Users\ronwa\Desktop\HR
2014-06-24 14:48 - 2013-12-16 09:22 - 00002216 _____ () C:\Users\ronwa\Desktop\GoToWebinar.lnk
2014-06-24 14:48 - 2013-12-16 09:22 - 00001376 _____ () C:\Users\ronwa\Desktop\GoToMeeting.lnk
2014-06-24 14:29 - 2014-06-24 09:04 - 00151109 _____ () C:\Users\ronwa\Desktop\SPS Assessment Tool 140624.xlsx
2014-06-24 12:15 - 2013-04-30 09:57 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-24 12:15 - 2013-04-30 09:57 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-20 15:14 - 2014-07-10 07:43 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-06-20 14:39 - 2014-07-10 07:43 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-06-20 06:48 - 2013-01-02 14:31 - 00000240 _____ () C:\Windows\system32\config\netlogon.ftl
2014-06-18 20:39 - 2014-07-10 07:43 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-18 20:06 - 2014-07-10 07:43 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-18 20:06 - 2014-07-10 07:43 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-18 19:48 - 2014-07-10 07:43 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-18 19:42 - 2014-07-10 07:43 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-18 19:42 - 2014-07-10 07:43 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-18 19:41 - 2014-07-10 07:43 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-06-18 19:41 - 2014-07-10 07:43 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-18 19:32 - 2014-07-10 07:43 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-18 19:31 - 2014-07-10 07:43 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-18 19:26 - 2014-07-10 07:43 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-18 19:24 - 2014-07-10 07:43 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-18 19:24 - 2014-07-10 07:43 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-18 19:23 - 2014-07-10 07:43 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-18 19:16 - 2014-07-10 07:43 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-18 19:14 - 2014-07-10 07:43 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-18 19:09 - 2014-07-10 07:43 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-18 18:59 - 2014-07-10 07:43 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-18 18:56 - 2014-07-10 07:43 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-18 18:53 - 2014-07-10 07:43 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-18 18:51 - 2014-07-10 07:43 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-18 18:50 - 2014-07-10 07:43 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-18 18:48 - 2014-07-10 07:43 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-18 18:39 - 2014-07-10 07:43 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-18 18:38 - 2014-07-10 07:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-18 18:37 - 2014-07-10 07:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-18 18:36 - 2014-07-10 07:43 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-18 18:35 - 2014-07-10 07:43 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-06-18 18:33 - 2014-07-10 07:43 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-18 18:32 - 2014-07-10 07:43 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-18 18:28 - 2014-07-10 07:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-18 18:28 - 2014-07-10 07:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-18 18:27 - 2014-07-10 07:43 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-18 18:27 - 2014-07-10 07:43 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-18 18:25 - 2014-07-10 07:43 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-18 18:23 - 2014-07-10 07:43 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-18 18:22 - 2014-07-10 07:43 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-18 18:12 - 2014-07-10 07:43 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-18 18:06 - 2014-07-10 07:43 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-18 18:01 - 2014-07-10 07:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-18 17:59 - 2014-07-10 07:43 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-18 17:58 - 2014-07-10 07:43 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-18 17:58 - 2014-07-10 07:43 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-18 17:52 - 2014-07-10 07:43 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-18 17:51 - 2014-07-10 07:43 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-18 17:49 - 2014-07-10 07:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-18 17:46 - 2014-07-10 07:43 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-18 17:45 - 2014-07-10 07:43 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-18 17:35 - 2014-07-10 07:43 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-18 17:34 - 2014-07-10 07:43 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-18 17:15 - 2014-07-10 07:43 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-18 17:13 - 2014-07-10 07:43 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-18 17:09 - 2014-07-10 07:43 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-18 17:07 - 2014-07-10 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-17 21:18 - 2014-07-10 07:43 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-06-17 20:51 - 2014-07-10 07:43 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-06-17 20:10 - 2014-07-10 07:43 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-06-17 13:26 - 2014-06-17 13:26 - 00000165 ____H () C:\Users\ronwa\Desktop\~$SPS event check list.xlsx

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-07-09 02:02

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-07-2014
Ran by RonWa at 2014-07-10 09:53:53
Running from C:\Users\ronwa\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: McAfee VirusScan Enterprise (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee VirusScan Enterprise Antispyware Module (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
2007 Microsoft Office Suite Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.4 - Hewlett-Packard) Hidden
ACID Music Studio 8.0 (x32 Version: 8.0.178 - Sony) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{CCE825DB-347A-4004-A186-5F4A6FDD8547}) (Version: 2.3.2 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Application Manager for VAIO (HKLM-x32\...\Application Manager for VAIO) (Version:  - )
ArcSoft Magic-i Visual Effects 2 (HKLM-x32\...\{61438020-DDD4-42FA-99A2-50225441980A}) (Version: 2.0.1.161 - ArcSoft)
ArcSoft WebCam Companion 4 (HKLM-x32\...\{C793AD32-2BB8-4CC4-ABD3-A1469C21593C}) (Version: 4.0.21.457 - ArcSoft)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BOSaNOVA Secure (HKLM\...\BOSaNOVA Secure) (Version: 8.09.1 - )
Citrix Online Launcher (HKLM-x32\...\{9976E1A1-E6AE-4C45-A89E-E26D2C4E01CE}) (Version: 1.0.162 - Citrix)
Citrix online plug-in (DV) (x32 Version: 12.1.0.30 - Citrix Systems, Inc.) Hidden
Citrix online plug-in (HDX) (x32 Version: 12.1.0.30 - Citrix Systems, Inc.) Hidden
Citrix online plug-in (HKLM-x32\...\CitrixOnlinePluginFull) (Version: 12.1.0.30 - Citrix Systems, Inc.)
Citrix online plug-in (PNA) (x32 Version: 12.1.0.30 - Citrix Systems, Inc.) Hidden
Citrix online plug-in (SSON) (x32 Version: 12.1.0.30 - Citrix Systems, Inc.) Hidden
Citrix online plug-in (USB) (x32 Version: 12.1.0.30 - Citrix Systems, Inc.) Hidden
Citrix online plug-in (Web) (x32 Version: 12.1.0.30 - Citrix Systems, Inc.) Hidden
Citrix Receiver Inside (x32 Version: 3.4.0.29585 - Citrix Systems, Inc.) Hidden
Citrix Receiver Updater (x32 Version: 3.4.0.29577 - Citrix Systems, Inc.) Hidden
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.5009.52 - CyberLink Corp.)
CyberLink PowerDVD (x32 Version: 9.0.5009.52 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.7000.4 - Dolby Laboratories Inc)
DVD Architect Studio 5.0 (x32 Version: 5.0.157 - Sony) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
FDUx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
GoToMeeting 6.3.0.1468 (HKCU\...\GoToMeeting) (Version: 6.3.0.1468 - CitrixOnline)
HP ENVY 4500 series Basic Device Software (HKLM\...\{09E7A8FD-2FD4-46D6-98A1-93E8E16260ED}) (Version: 32.1.145.46951 - Hewlett-Packard Co.)
iCloud (HKLM\...\{D0CB24F4-084F-40DE-B6B9-A03626E682F0}) (Version: 2.1.1.3 - Apple Inc.)
Intel PROSet Wireless (Version:  - ) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.4.1441 - Intel Corporation)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2712 - Intel Corporation)
Intel® PROSet/Wireless for Bluetooth® + High Speed (HKLM\...\{2C0E6BD4-65B1-4E82-B2AC-43EFFC8F100C}) (Version: 15.0.0.0083 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{F0932859-AA60-459E-B843-0BDECA34E2C7}) (Version: 2.0.0.0086 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation)
Intel® WiDi (HKLM\...\{4E4282C3-F66E-4852-837A-7675527178C2}) (Version: 3.1.26.0 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Intel® PROSet/Wireless WiFi Software (HKLM\...\{DF7756DD-656A-45C3-BA71-74673E8259A9}) (Version: 15.00.0000.0708 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
Java Auto Updater (x32 Version: 2.1.5.1 - Sun Microsystems, Inc.) Hidden
Java™ 7 Update 1 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417001FF}) (Version: 7.0.10 - Oracle)
Java™ 7 Update 1 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217001FF}) (Version: 7.0.10 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Keyboard_Shortcuts (x32 Version: 1.1.0.12190 - Sony Corporation) Hidden
KUx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MaX Compression Client (HKLM-x32\...\{101923F1-624C-4180-8FE9-2F3D019A4AAE}) (Version: 6.0.0.1219 - C2C Systems Ltd)
McAfee Agent (HKLM-x32\...\{1995804A-B1A2-4826-99DD-CEA1352D090B}) (Version: 4.6.0.2935 - McAfee, Inc.)
McAfee VirusScan Enterprise (HKLM-x32\...\{CE15D1B6-19B6-4D4D-8F43-CF5D2C3356FF}) (Version: 8.8.02004 - McAfee, Inc.)
Media Gallery (HKLM\...\{0EB7792D-EFA2-42AB-9A22-F33D9458E974}) (Version: 2.1.0.13300 - Sony Corporation)
Media Go (x32 Version: 2.0.317 - Sony) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (Version: 2.3.188.0 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Standard 2007 (HKLM-x32\...\STANDARD) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Standard 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.3.4 - Motorola Mobility)
Motorola Device Software Update (x32 Version: 12.10.3002 - Motorola Mobility) Hidden
Motorola Mobile Drivers Installation 5.9.0 (Version: 5.9.0 - Motorola Inc.) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT Redists (x32 Version: 1.0 - Sony Creative Software Inc.) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NVIDIA Control Panel 296.18 (Version: 296.18 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 296.18 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 296.18 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.62.312 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.7.12 (Version: 1.7.12 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.11.1111 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.11.1111 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.11.1111 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.7.12 - NVIDIA Corporation) Hidden
Oasis2Service (HKLM-x32\...\{E50FC5DB-7CBD-407D-A46E-0C13E45BC386}) (Version: 1.0.4 - DDNi)
Oce PCL6 T1 Printer Driver (HKLM-x32\...\Oce PCL6 T1 Printer Driver) (Version: 1.00.000 - Oce)
PlayMemories Home (x32 Version: 6.1.01.14210 - Sony Corporation) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayStation®Network Downloader (x32 Version: 2.07.00849 - Sony Computer Entertainment Inc.) Hidden
PlayStation®Store (x32 Version: 4.5.15.13232 - Sony Computer Entertainment Inc.) Hidden
Reader for PC (x32 Version: 1.1.02.10070 - Sony Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.53.216.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6570 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.92 - Realtek Semiconductor Corp.)
Remote Keyboard (x32 Version: 1.2.0.09270 - Sony Corporation) Hidden
Remote Play with PlayStation®3 (x32 Version: 1.1.0.21090 - Sony Corporation) Hidden
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Sound Forge Audio Studio 10.0 (x32 Version: 10.0.176 - Sony) Hidden
SSLx64 (Version: 1.0.0 - Sony Corporation ) Hidden
SSLx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.0.0.5 - Synaptics Incorporated)
TrackID™ with BRAVIA (x32 Version: 1.2.0.09270 - Sony Corportaion) Hidden
TriDef 3D (Sony) 2.0.5 (HKLM-x32\...\experience-sony-bundle) (Version: 2.0.5 - Dynamic Digital Depth Australia Pty Ltd)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_STANDARD_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_STANDARD_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_STANDARD_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_STANDARD_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_STANDARD_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2883030) 32-Bit Edition (HKLM-x32\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{F5DCAB53-C2FD-4E5A-8C83-0F37485E5E89}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_STANDARD_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_STANDARD_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_STANDARD_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
V3DPx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
VAIO - Microsoft Visual C++ 2010 SP1 Runtime 10.0.40219.325 (HKLM\...\{34EB42BE-F4D3-44C1-B28E-9740115DB72C}) (Version: 1.0.00.01300 - Sony Corporation)
VAIO - PlayMemories Home Plug-in (HKLM\...\{886C0C18-F905-49B2-90BA-EFC0FEDF27C6}) (Version: 2.0.00.14200 - Sony Corporation)
VAIO - Remote Keyboard (x32 Version: 1.2.0.09270 - Sony Corporation) Hidden
VAIO - Remote Keyboard with PlayStation®3 (x32 Version: 1.2.0.09210 - Sony Corporation) Hidden
VAIO - Remote Play with PlayStation®3 (x32 Version: 1.1.0.21090 - Sony Corporation) Hidden
VAIO - TrackID™ with BRAVIA (x32 Version: 1.2.0.09270 - Sony Corporation) Hidden
VAIO 3D Portal (x32 Version: 1.2.0.10131 - Sony Corporation) Hidden
VAIO Care (HKLM\...\{471F7C0A-CA3A-4F4C-8346-DE36AD5E23D1}) (Version: 7.3.0.14170 - Sony Corporation)
VAIO Control Center (x32 Version: 5.2.2.16060 - Sony Corporation) Hidden
VAIO CPU Fan Diagnostic (x32 Version: 1.1.0.09200 - Sony Corporation) Hidden
VAIO Data Restore Tool (x32 Version: 1.9.0.13190 - Sony Corporation) Hidden
VAIO Easy Connect (x32 Version: 1.1.2.01120 - Sony Corporation) Hidden
VAIO Gate (x32 Version: 2.4.1.09230 - Sony Corporation) Hidden
VAIO Gate Default (x32 Version: 2.5.2.02090 - Sony Corporation) Hidden
VAIO Gesture Control (x32 Version: 1.0.0.12300 - Sony Corporation) Hidden
VAIO Help and Support (x32 Version: 17.00.0109 - Sony Corporation) Hidden
VAIO Improvement (x32 Version: 1.3.0.12280 - Sony Corporation) Hidden
VAIO Manual (x32 Version: 2.3.0.12300 - Sony Corporation) Hidden
VAIO Messenger (HKLM-x32\...\VAIO Messenger) (Version: 2.0.550.0 - DDNi)
VAIO OOBE (x32 Version: 12.2.1.2483 - Sony Corporation) Hidden
VAIO Sample Contents (x32 Version: 1.4.0.09010 - Sony Corporation) Hidden
VAIO Satisfaction Survey. (x32 Version: 3.0 - Sony Electronics Inc.) Hidden
VAIO Smart Network (x32 Version: 3.11.1.15220 - Sony Corporation) Hidden
VAIO Transfer Support (x32 Version: 1.7.0.02231 - Sony Corporation) Hidden
VAIO Update (x32 Version: 5.7.0.13130 - Sony Corporation) Hidden
VAIO Update Merge Module x64 (Version: 5.7.13130 - Sony Corporation) Hidden
VBMx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
VCCx64 (Version: 1.0.0 - Sony Corporation) Hidden
VCCx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
Vegas Movie Studio HD Platinum 11.0 (x32 Version: 11.0.256 - Sony) Hidden
VHD (x32 Version: 1.0.0 - Microsoft) Hidden
VIx64 (Version: 1.0.0 - Sony Corporation) Hidden
VIx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VMLx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VPMx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VSNx64 (Version: 1.0.0 - Sony Corporation) Hidden
VSNx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VSSTx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VSSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VU5x64 (Version: 1.0.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
VWSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Restore Points  =========================

03-06-2014 19:59:59 Scheduled Checkpoint
11-06-2014 14:21:23 Scheduled Checkpoint
19-06-2014 17:35:17 Scheduled Checkpoint
23-06-2014 16:48:43 Windows Update
30-06-2014 17:43:57 Scheduled Checkpoint
07-07-2014 17:57:28 Scheduled Checkpoint
09-07-2014 16:35:52 ComboFix created restore point
10-07-2014 12:57:17 Windows Update

==================== Hosts content: ==========================

2009-07-13 21:34 - 2014-07-09 14:47 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {02FA8038-5541-4E02-837F-9F1C728C4687} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {036B872C-D37A-437C-98F7-DC900F98557E} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-01-31] (Sony Corporation)
Task: {094A86A6-2B20-46C1-8F14-DD6E8D868493} - System32\Tasks\Sony Corporation\VAIO Gesture Control\VCGULogonTask => C:\Program Files (x86)\Sony\VAIO Camera Gesture Utility\VCGU.exe [2011-12-27] (Sony Corporation)
Task: {1251AA9D-B929-48CC-B5B0-FBF4DACF76E3} - System32\Tasks\Sony Corporation\VAIO Care\AutoCheckMessage => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-01-31] (Sony Corporation)
Task: {16F04EAB-DF52-4315-B0CA-F25A9B585A28} - System32\Tasks\VAIO® Messenger (User) => C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe [2013-07-03] (Digital Delivery Networks, Inc.)
Task: {1DD2A754-D3EF-4556-83F1-BF9A9E472C9C} - System32\Tasks\Sony Corporation\VAIO Smart Network\VSN Logon Start => net
Task: {2C8D2E95-9174-41C9-B997-F846F0BE378E} - System32\Tasks\Sony Corporation\VAIO Care\VCCheckIolo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-01-31] (Sony Corporation)
Task: {336A613E-172D-4BDD-AD22-8ED9E2DEF910} - System32\Tasks\Sony Corporation\VAIO Gate\StartExecuteProxy => C:\Program Files\Sony\VAIO Gate\ExecutionProxy.exe [2011-09-23] (Sony Corporation)
Task: {379761E0-C97A-4A49-809B-9522C64BA240} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {3A398737-E249-43F8-874A-FC03153AB920} - System32\Tasks\Sony Corporation\VAIO Power Management\VPM Unlock => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2012-01-10] (Sony Corporation)
Task: {438F15A1-7C98-442F-9E27-128FF33BA35C} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {4ADF3137-1DE6-4452-98E3-148487FFFEDF} - System32\Tasks\G2MUpdateTask-S-1-5-21-1264667008-2504301194-1484543345-4784 => C:\Program Files (x86)\Citrix\GoToMeeting\1468\g2mupdate.exe [2014-07-07] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {4E22214F-07AA-4709-ABCD-CACF40BD10EB} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementMonitorSystem => C:\Program Files\Sony\VAIO Improvement\vim.exe [2011-12-27] (Sony Corporation)
Task: {4E5FA4FB-41B1-414A-A4B4-2CC80166D851} - System32\Tasks\VHDInformationCheck => C:\Program Files (x86)\Sony\VAIO Recovery\plugins\InformationCheck.exe [2012-02-24] (Sony Corporation)
Task: {61CFC2A7-7305-4C42-A959-6DB3FB4380CC} - System32\Tasks\VAIO® Messenger (claya) => C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe [2013-07-03] (Digital Delivery Networks, Inc.)
Task: {66281CED-4A46-4A7B-8C4A-B0ECE9133439} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-10] (Adobe Systems Incorporated)
Task: {674F2254-A5A2-4A19-8B9B-6B22ED0FDFB1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-30] (Google Inc.)
Task: {68E91BB3-9B4C-48F4-BB66-54A30B0E2587} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {6E65FC1F-6C2C-4BE3-9CE0-95ADFFAFB224} - System32\Tasks\Sony Corporation\VAIO Power Management\VPM Session Change => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2012-01-10] (Sony Corporation)
Task: {71E011E2-C835-4C97-B1DF-452F3296AC51} - System32\Tasks\Sony Corporation\VAIO Gate\VAIO Gate => C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe [2011-09-23] (Sony Corporation)
Task: {72B15D0B-F14F-43B6-BB3D-4D6BC591F967} - System32\Tasks\Sony Corporation\VAIO Power Management\VPM Logon Start => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2012-01-10] (Sony Corporation)
Task: {880B1A1B-F862-4097-B9BB-9CAA0064240C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-30] (Google Inc.)
Task: {901C0DE4-D8BA-4C7C-BB34-BC523CD9EEA7} - System32\Tasks\Sony\Keyboard Shortcuts => C:\Program Files (x86)\Sony\Keyboard Shortcuts\KeyboardShortcuts.exe [2012-03-20] ()
Task: {91FECEE5-8946-4D6C-A0F6-8BA2B40DB5B8} - System32\Tasks\Sony Corporation\VAIO Care\CRMReminder => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-01-31] (Sony Corporation)
Task: {A229056F-6FAF-420D-9C40-4451EAFBB977} - System32\Tasks\Sony Corporation\VAIO Care\VCMetrics => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-01-31] (Sony Corporation)
Task: {B778CECB-14D9-4FF7-9B72-282E2CEC1A0C} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {C1C5265A-81D0-487A-8EA9-AB8D0896409A} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementMonitorUser => C:\Program Files\Sony\VAIO Improvement\vim.exe [2011-12-27] (Sony Corporation)
Task: {C216C0F1-C2AA-4979-97B6-36AE61890AF7} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2012-10-23] ()
Task: {CB7F64AD-BEB6-44B2-8511-C0DD8A441DE4} - System32\Tasks\Sony Corporation\VAIO Care\VAU => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-01-31] (Sony Corporation)
Task: {CBA04D62-DB34-48E7-B70C-51A496CB6B47} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-01-31] (Sony Corporation)
Task: {D880E8AF-575C-4FAF-9731-A57CECA1155E} - System32\Tasks\VAIO® Messenger (Administrator) => C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe [2013-07-03] (Digital Delivery Networks, Inc.)
Task: {E4A613BF-9DF1-4505-9538-06BB3AF286E2} - System32\Tasks\VAIO® Messenger (ronwa) => C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe [2013-07-03] (Digital Delivery Networks, Inc.)
Task: {E606D703-648A-4701-B62F-256FBC6B6063} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Month => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-04-06] (Sony Corporation)
Task: {E67CF891-CDC5-48F3-8F7F-D88A0F426733} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {E9625FAE-712E-404B-A2FC-33114DD8D09E} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Daily => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-04-06] (Sony Corporation)
Task: {EA467010-CB00-4BDC-99A9-B3EEA54166D7} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementUploader => C:\Program Files\Sony\VAIO Improvement\viuploader.exe [2011-12-27] (Sony Corporation)
Task: {EC3C5A62-5BEF-4105-BA86-EF04933AD54F} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2012-10-23] ()
Task: {F0DD3956-4D05-40AC-ACB0-2D7A905DEA55} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2012-10-23] ()
Task: {FB35F579-CE19-4CB1-91C8-1222ED692EED} - System32\Tasks\DDNi Startup => C:\Program Files (x86)\DDNi\Oasis\DDNiStartup.exe [2013-07-03] (Digital Delivery Networks, Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1264667008-2504301194-1484543345-4784.job => C:\Program Files (x86)\Citrix\GoToMeeting\1468\g2mupdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-10-20 04:30 - 2012-03-23 03:47 - 00127320 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
2012-10-20 04:26 - 2013-08-29 17:43 - 00097568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-10-23 17:58 - 2012-10-23 17:58 - 00120728 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
2012-10-23 17:58 - 2012-10-23 17:58 - 00694168 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
2012-03-20 15:43 - 2012-03-20 15:43 - 00477816 _____ () C:\Program Files (x86)\Sony\Keyboard Shortcuts\KeyboardShortcuts.exe
2011-11-30 20:49 - 2011-11-30 20:49 - 00321024 _____ () C:\Program Files\Sony\VAIO Care\CRM\ManagedVAIORecoveryMedia.dll
2011-11-30 20:49 - 2011-11-30 20:49 - 00179712 _____ () C:\Program Files\Sony\VAIO Care\CRM\VAIORecovery.dll
2011-11-30 20:49 - 2011-11-30 20:49 - 00054784 _____ () C:\Program Files\Sony\VAIO Care\CRM\Logging.dll
2011-11-30 20:49 - 2011-11-30 20:49 - 00061440 _____ () C:\Program Files\Sony\VAIO Care\CRM\VAIOCommon.dll
2011-11-30 20:49 - 2011-11-30 20:49 - 00192000 _____ () C:\Program Files\Sony\VAIO Care\CRM\OsServices.dll
2011-11-30 20:49 - 2011-11-30 20:49 - 00037376 _____ () C:\Program Files\Sony\VAIO Care\CRM\PluginFactory.dll
2011-11-30 20:49 - 2011-11-30 20:49 - 02229760 _____ () C:\Program Files\Sony\VAIO Care\CRM\RecoveryPartitionManager.dll
2011-11-30 20:49 - 2011-11-30 20:49 - 00035840 _____ () C:\Program Files\Sony\VAIO Care\CRM\XMLTools.dll
2011-11-30 20:49 - 2011-11-30 20:49 - 00055296 _____ () C:\Program Files\Sony\VAIO Care\CRM\VAIOInstallAppsDrivers.dll
2011-11-30 20:49 - 2011-11-30 20:49 - 00137728 _____ () C:\Program Files\Sony\VAIO Care\CRM\InstallDB.dll
2011-11-30 20:49 - 2011-11-30 20:49 - 00134144 _____ () C:\Program Files\Sony\VAIO Care\CRM\InstallationTools.dll
2011-11-30 20:49 - 2011-11-30 20:49 - 00024064 _____ () C:\Program Files\Sony\VAIO Care\CRM\VAIOUtility.dll
2011-11-30 20:49 - 2011-11-30 20:49 - 00276992 _____ () C:\Program Files\Sony\VAIO Care\READ\RecoveryPartitionManagerREAD.dll
2007-04-18 21:30 - 2007-04-18 21:30 - 00393216 _____ () C:\Program Files (x86)\McAfee\Common Framework\cryptocme2.dll
2007-04-18 21:30 - 2007-04-18 21:30 - 00471040 _____ () C:\Program Files (x86)\McAfee\Common Framework\ccme_base.dll
2012-08-14 21:08 - 2012-08-14 21:08 - 00150328 _____ () C:\Program Files (x86)\McAfee\VirusScan Enterprise\WscAv.dll
2012-10-17 15:42 - 2012-10-17 15:42 - 00172032 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll
2012-10-20 05:27 - 2012-04-06 16:37 - 00021128 _____ () C:\Program Files (x86)\Sony\VAIO Control Center\VESBasePS.dll
2012-03-20 15:43 - 2012-03-20 15:43 - 00160376 _____ () C:\Program Files (x86)\Sony\Keyboard Shortcuts\MessageHook.dll
2012-03-20 15:43 - 2012-03-20 15:43 - 00026744 _____ () C:\Program Files (x86)\Sony\Keyboard Shortcuts\Utility.dll
2014-02-18 13:41 - 2014-02-18 13:41 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\00a0b4a9df6e4abf30ae2af3624a77ce\IsdiInterop.ni.dll
2012-10-20 04:18 - 2012-02-01 18:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2012-10-20 04:29 - 2012-03-23 03:47 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\73789800.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\75122473.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\73789800.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\75122473.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

==================== Faulty Device Manager Devices =============

Name: Intel® Centrino® Advanced-N 6235
Description: Intel® Centrino® Advanced-N 6235
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: NETwNs64
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (07/10/2014 09:53:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17207, time stamp: 0x4a5bc6b7
Faulting module name: jscript9.dll, version: 11.0.9600.17207, time stamp: 0x53a217f1
Exception code: 0xc0000005
Fault offset: 0x000f0536
Faulting process id: 0x1ca0
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (07/10/2014 09:19:22 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (07/10/2014 09:19:22 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (07/10/2014 09:13:56 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/10/2014 08:51:07 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17207, time stamp: 0x4a5bc6b7
Faulting module name: jscript9.dll, version: 11.0.9600.17207, time stamp: 0x53a217f1
Exception code: 0xc0000005
Fault offset: 0x000f16b8
Faulting process id: 0x278c
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (07/10/2014 08:34:23 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (07/10/2014 08:34:23 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (07/10/2014 08:29:09 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (07/10/2014 08:29:09 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (07/10/2014 08:27:47 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (07/10/2014 09:15:44 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (07/10/2014 09:14:47 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: SMPCORP)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

Error: (07/10/2014 09:13:47 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1055) (User: NT AUTHORITY)
Description: The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
B) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).

Error: (07/10/2014 09:13:46 AM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain SMPCORP due to the following:
%%1311

This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.

 

ADDITIONAL INFO

If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.

Error: (07/10/2014 08:54:02 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.

Error: (07/10/2014 08:30:18 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (07/10/2014 08:29:16 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: SMPCORP)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

Error: (07/10/2014 08:28:17 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

Error: (07/10/2014 08:27:36 AM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain SMPCORP due to the following:
%%1311

This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.

 

ADDITIONAL INFO

If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.

Error: (07/10/2014 08:27:01 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Windows Modules Installer service did not shut down properly after receiving a preshutdown control.

Microsoft Office Sessions:
=========================
Error: (06/16/2014 08:27:40 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1232026 seconds with 27900 seconds of active time.  This session ended with a crash.

Error: (10/11/2013 08:16:35 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 19 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (07/09/2013 08:01:17 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (04/29/2013 10:02:30 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 854576 seconds with 180 seconds of active time.  This session ended with a crash.

CodeIntegrity Errors:
===================================
  Date: 2014-07-09 14:47:35.214
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-07-09 14:47:35.168
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Percentage of memory in use: 54%
Total physical RAM: 12187.28 MB
Available physical RAM: 5544.61 MB
Total Pagefile: 24372.73 MB
Available Pagefile: 15531.65 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:576.42 GB) (Free:498.62 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 596 GB) (Disk ID: 2732268B)

Partition: GPT Partition Type.

==================== End Of Log ============================



#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:41 AM

Posted 10 July 2014 - 11:39 AM

Alright.


Step 1

Please download this attached Attached File  fixlist.txt   369bytes   13 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.


Step 2

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste this log in your next reply.


#5 BartW

BartW
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:11:41 PM

Posted 10 July 2014 - 11:52 AM

Here are the logs, thanks again.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-07-2014
Ran by RonWa at 2014-07-10 11:43:41 Run:1
Running from C:\Users\ronwa\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
HKU\S-1-5-21-1264667008-2504301194-1484543345-4784\...\Policies\Explorer: [Run] "C:\Users\ronwa\AppData\Roaming\Microsoft\Windows\rasphone.exe"
C:\Users\ronwa\AppData\Roaming\Microsoft\Windows\rasphone.exe
2014-07-08 14:03 - 2014-07-09 10:19 - 00000000 ____D () C:\Users\ronwa\AppData\Roaming\Aronuh
Reboot:

*****************

[2300] C:\Windows\SysWOW64\dllhost.exe => Process closed successfully.
HKU\S-1-5-21-1264667008-2504301194-1484543345-4784\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\Run => value deleted successfully.
"C:\Users\ronwa\AppData\Roaming\Microsoft\Windows\rasphone.exe" => File/Directory not found.
C:\Users\ronwa\AppData\Roaming\Aronuh => Moved successfully.

The system needed a reboot.

==== End of Fixlog ====

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-07-2014
Ran by RonWa (administrator) on LPT02527 on 10-07-2014 11:46:16
Running from C:\Users\ronwa\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Boot Manager\ActiveDelayDeviceService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\ssonsvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESGfxMgr.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToMeeting\1350\g2mstart.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToMeeting\1350\g2mcomm.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToMeeting\1350\g2mlauncher.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\McTray.exe
() C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe

==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [506712 2011-02-03] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-09] (Intel Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [60552 2011-09-20] (Sony Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] => c:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [693608 2012-02-21] (Sony Corporation)
HKLM-x32\...\Run: [McAfeeUpdaterUI] => C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe [333416 2012-08-21] (McAfee, Inc.)
HKLM-x32\...\Run: [ShStatEXE] => C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE [215656 2012-08-14] (McAfee, Inc.)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [304568 2010-10-12] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1264667008-2504301194-1484543345-4784\...\Run: [GoToMeeting] => C:\Program Files (x86)\Citrix\GoToMeeting\1350\g2mstart.exe [40304 2014-06-24] (Citrix Online, a division of Citrix Systems, Inc.)
HKU\S-1-5-21-1264667008-2504301194-1484543345-4784\...\MountPoints2: {947c240d-9ac3-11e2-8305-5453edb0e661} - D:\EMP_UDSe.exe /autorun
HKU\S-1-5-21-1264667008-2504301194-1484543345-4784\...\MountPoints2: {cc1e31ab-567c-11e2-b6a4-5453edb0e661} - F:\MotorolaDeviceManagerSetup.exe -a
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://sony.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20130102141009.dll (McAfee, Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20130102141009.dll (McAfee, Inc.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll No File
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @playstation.com/PsndlCheck,version=1.00 - C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF Plugin-x32: @sony.com/ReaderDesktop - C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation)
FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 - C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\ronwa\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF Extension: IDS_SS_NAME - C:\Program Files (x86)\Common Files\McAfee\SystemCore [2013-01-02]

==================== Services (Whitelisted) =================

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 ActiveDelayDeviceService; C:\Program Files (x86)\Sony\VAIO Boot Manager\ActiveDelayDeviceService.exe [78472 2011-09-20] (Sony Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [127320 2012-03-23] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [162648 2012-03-23] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [132712 2012-08-21] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [201864 2013-01-02] (McAfee, Inc.)
R2 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [210056 2012-08-14] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [170440 2013-01-02] (McAfee, Inc.)
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [120728 2012-10-23] ()
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] ()
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-01-18] (Hewlett-Packard) [File not signed]
R2 PMBDeviceInfoProvider; c:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [473960 2012-02-21] (Sony Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-01-18] (Hewlett-Packard) [File not signed]
S2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [260768 2011-11-30] (Sony Corporation)
S2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [105024 2011-02-23] (ArcSoft, Inc.)
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [960160 2011-12-29] (Sony Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-10] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [160952 2013-01-02] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [274880 2013-01-02] (McAfee, Inc.)
U3 mfeavfk01; No ImagePath
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [665768 2013-01-02] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [101200 2013-01-02] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [303464 2013-01-02] (McAfee, Inc.)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-07-10 09:53 - 2014-07-10 11:46 - 00019758 _____ () C:\Users\ronwa\Desktop\FRST.txt
2014-07-10 09:53 - 2014-07-10 11:46 - 00000000 ____D () C:\FRST
2014-07-10 09:53 - 2014-07-10 09:57 - 00046050 _____ () C:\Users\ronwa\Desktop\Addition.txt
2014-07-10 09:52 - 2014-07-10 09:52 - 02084352 _____ (Farbar) C:\Users\ronwa\Desktop\FRST64.exe
2014-07-10 09:27 - 2014-07-10 09:27 - 00000000 ____D () C:\Users\ronwa\AppData\Local\Adobe
2014-07-10 09:18 - 2014-07-10 09:19 - 00031913 _____ () C:\Users\ronwa\Desktop\dds.txt
2014-07-10 09:18 - 2014-07-10 09:19 - 00019359 _____ () C:\Users\ronwa\Desktop\attach.txt
2014-07-10 09:16 - 2014-07-10 09:16 - 00688992 ____R (Swearware) C:\Users\ronwa\Desktop\dds.com
2014-07-10 08:51 - 2014-07-10 09:53 - 00000000 ____D () C:\Users\ronwa\AppData\Local\CrashDumps
2014-07-10 08:33 - 2014-07-10 08:34 - 00000000 ____D () C:\Users\ronwa\Desktop\RK_Quarantine
2014-07-10 08:07 - 2013-10-01 21:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-07-10 08:07 - 2013-10-01 21:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-07-10 08:07 - 2013-10-01 21:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-07-10 08:07 - 2013-10-01 20:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-07-10 08:07 - 2013-10-01 20:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-07-10 08:07 - 2013-10-01 20:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-07-10 08:07 - 2013-10-01 20:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-07-10 08:07 - 2013-10-01 19:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-07-10 08:07 - 2013-10-01 19:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-07-10 08:07 - 2013-10-01 19:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-07-10 08:07 - 2013-10-01 19:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-07-10 08:07 - 2013-10-01 19:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-07-10 08:07 - 2013-10-01 18:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-07-10 08:07 - 2013-10-01 18:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-07-10 08:07 - 2013-10-01 18:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-07-10 08:07 - 2013-10-01 17:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-07-10 08:07 - 2013-10-01 15:57 - 06578176 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-07-10 08:07 - 2013-10-01 15:55 - 05698048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-07-10 08:07 - 2013-04-10 18:12 - 00169984 _____ (Xerox Corporation) C:\Windows\system32\xrzkrlai.dll
2014-07-10 08:04 - 2014-07-10 08:35 - 00030312 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-07-10 08:04 - 2012-08-23 09:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-07-10 08:04 - 2012-08-23 09:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-07-10 08:04 - 2012-08-23 09:08 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
2014-07-10 08:04 - 2012-08-23 08:24 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-07-10 08:04 - 2012-08-23 06:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2014-07-10 08:04 - 2012-08-23 05:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2014-07-10 08:04 - 2012-08-23 04:51 - 03174912 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-07-10 08:01 - 2014-07-10 08:01 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-10 07:52 - 2013-09-24 21:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-07-10 07:52 - 2013-09-24 20:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-07-10 07:52 - 2012-05-04 06:00 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-07-10 07:52 - 2012-05-04 04:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-07-10 07:44 - 2014-06-29 21:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-10 07:44 - 2014-06-29 21:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-10 07:43 - 2014-06-20 15:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-10 07:43 - 2014-06-20 14:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-10 07:43 - 2014-06-18 20:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-10 07:43 - 2014-06-18 20:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-10 07:43 - 2014-06-18 20:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-10 07:43 - 2014-06-18 19:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-10 07:43 - 2014-06-18 19:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-10 07:43 - 2014-06-18 19:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-10 07:43 - 2014-06-18 19:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-10 07:43 - 2014-06-18 19:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-10 07:43 - 2014-06-18 19:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-10 07:43 - 2014-06-18 19:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-10 07:43 - 2014-06-18 19:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-10 07:43 - 2014-06-18 19:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-10 07:43 - 2014-06-18 19:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-10 07:43 - 2014-06-18 19:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-10 07:43 - 2014-06-18 19:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-10 07:43 - 2014-06-18 19:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-10 07:43 - 2014-06-18 19:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-10 07:43 - 2014-06-18 18:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-10 07:43 - 2014-06-18 18:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-10 07:43 - 2014-06-18 18:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-10 07:43 - 2014-06-18 18:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-10 07:43 - 2014-06-18 18:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-10 07:43 - 2014-06-18 18:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-10 07:43 - 2014-06-18 18:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-10 07:43 - 2014-06-18 18:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-10 07:43 - 2014-06-18 18:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-10 07:43 - 2014-06-18 18:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-10 07:43 - 2014-06-18 18:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-10 07:43 - 2014-06-18 18:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-10 07:43 - 2014-06-18 18:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-10 07:43 - 2014-06-18 18:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-10 07:43 - 2014-06-18 18:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-10 07:43 - 2014-06-18 18:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-10 07:43 - 2014-06-18 18:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-10 07:43 - 2014-06-18 18:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-10 07:43 - 2014-06-18 18:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-10 07:43 - 2014-06-18 18:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-10 07:43 - 2014-06-18 18:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-10 07:43 - 2014-06-18 18:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-10 07:43 - 2014-06-18 18:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-10 07:43 - 2014-06-18 17:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-10 07:43 - 2014-06-18 17:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-10 07:43 - 2014-06-18 17:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-10 07:43 - 2014-06-18 17:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-10 07:43 - 2014-06-18 17:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-10 07:43 - 2014-06-18 17:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-10 07:43 - 2014-06-18 17:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-10 07:43 - 2014-06-18 17:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-10 07:43 - 2014-06-18 17:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-10 07:43 - 2014-06-18 17:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-10 07:43 - 2014-06-18 17:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-10 07:43 - 2014-06-18 17:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-10 07:43 - 2014-06-18 17:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-10 07:43 - 2014-06-18 17:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-10 07:43 - 2014-06-17 21:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-10 07:43 - 2014-06-17 20:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-10 07:43 - 2014-06-17 20:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-10 07:43 - 2014-05-30 03:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-10 07:43 - 2014-05-30 03:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-10 07:43 - 2014-05-30 03:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-10 07:43 - 2014-05-30 03:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-10 07:43 - 2014-05-30 03:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-10 07:43 - 2014-05-30 03:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-10 07:43 - 2014-05-30 03:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-10 07:43 - 2014-05-30 02:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-10 07:43 - 2014-05-30 02:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-10 07:43 - 2014-05-30 02:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-10 07:43 - 2014-05-30 02:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-10 07:43 - 2014-05-30 02:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-10 07:43 - 2014-05-30 02:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-10 07:43 - 2014-05-30 02:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-10 07:42 - 2014-06-06 05:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-10 07:42 - 2014-06-06 04:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-10 07:42 - 2014-06-05 09:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-10 07:42 - 2014-06-05 09:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-10 07:42 - 2014-06-05 09:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-10 07:42 - 2014-05-30 01:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-10 07:32 - 2014-07-10 07:32 - 00000085 _____ () C:\Windows\wininit.ini
2014-07-09 15:31 - 2014-07-09 15:56 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-07-09 15:29 - 2014-07-09 15:56 - 00000000 ____D () C:\Users\ronwa\Desktop\mbar
2014-07-09 15:15 - 2014-07-09 15:15 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-07-09 15:13 - 2014-07-09 15:18 - 00000000 ____D () C:\Users\TEMP
2014-07-09 14:48 - 2014-07-09 14:48 - 00026302 _____ () C:\ComboFix.txt
2014-07-09 11:59 - 2014-07-09 11:59 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-07-09 11:35 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-07-09 11:35 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-07-09 11:35 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-07-09 11:35 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-07-09 11:35 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-07-09 11:35 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2014-07-09 11:35 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2014-07-09 11:35 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2014-07-09 11:34 - 2014-07-09 14:48 - 00000000 ____D () C:\Qoobox
2014-07-09 11:33 - 2014-07-09 14:48 - 00000000 ____D () C:\Windows\erdnt
2014-07-09 11:32 - 2014-07-09 11:32 - 05216105 ____R (Swearware) C:\Users\ronwa\Desktop\ComboFix.exe
2014-07-09 10:32 - 2014-07-09 10:32 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-07-09 10:31 - 2014-07-10 07:33 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-07-09 10:31 - 2014-07-10 07:32 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-07-09 09:55 - 2014-07-10 11:45 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-09 09:53 - 2014-07-09 09:53 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-09 09:53 - 2014-07-09 09:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-09 09:51 - 2014-07-09 15:30 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-09 09:51 - 2014-07-09 09:52 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-09 09:51 - 2014-07-09 09:51 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-09 09:51 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-09 09:51 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-08 15:05 - 2014-07-10 07:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-07-08 15:05 - 2014-07-08 15:05 - 00001808 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2014-07-08 11:39 - 2014-07-08 11:39 - 02758434 _____ () C:\Users\ronwa\Desktop\SPS Docs.zip
2014-07-08 08:40 - 2014-07-08 09:39 - 00000000 ____D () C:\Users\ronwa\Desktop\SPS Docs
2014-06-26 09:36 - 2014-06-26 10:11 - 00026624 _____ () C:\Users\ronwa\Desktop\budget2014.xls
2014-06-24 14:48 - 2014-07-10 11:44 - 00000538 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1264667008-2504301194-1484543345-4784.job
2014-06-24 14:48 - 2014-07-07 12:33 - 00003566 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-1264667008-2504301194-1484543345-4784
2014-06-24 09:04 - 2014-06-24 14:29 - 00151109 _____ () C:\Users\ronwa\Desktop\SPS Assessment Tool 140624.xlsx
2014-06-19 10:37 - 2014-07-09 07:35 - 01117990 _____ () C:\Users\ronwa\Desktop\Standard Production System.pptx
2014-06-19 10:37 - 2014-07-08 10:23 - 00000000 ____D () C:\Users\ronwa\Desktop\SPS
2014-06-17 13:26 - 2014-06-17 13:26 - 00000165 ____H () C:\Users\ronwa\Desktop\~$SPS event check list.xlsx
2014-06-11 13:23 - 2014-04-24 21:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-11 13:23 - 2014-04-24 21:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-11 13:23 - 2014-04-04 21:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-11 13:23 - 2014-04-04 21:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-11 13:23 - 2014-03-26 09:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-11 13:23 - 2014-03-26 09:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-11 13:23 - 2014-03-26 09:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-11 13:23 - 2014-03-26 09:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-11 13:23 - 2014-03-26 09:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-11 13:23 - 2014-03-26 09:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-11 13:23 - 2014-03-26 09:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-11 13:23 - 2014-03-26 09:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll

==================== One Month Modified Files and Folders =======

2014-07-10 11:46 - 2014-07-10 09:53 - 00019758 _____ () C:\Users\ronwa\Desktop\FRST.txt
2014-07-10 11:46 - 2014-07-10 09:53 - 00000000 ____D () C:\FRST
2014-07-10 11:45 - 2014-07-09 09:55 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-10 11:45 - 2013-04-30 09:57 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-10 11:45 - 2013-01-07 12:39 - 00000000 ____D () C:\Temp
2014-07-10 11:44 - 2014-06-24 14:48 - 00000538 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1264667008-2504301194-1484543345-4784.job
2014-07-10 11:44 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-10 11:44 - 2009-07-13 23:51 - 00057298 _____ () C:\Windows\setupact.log
2014-07-10 11:43 - 2012-10-20 04:13 - 01744073 _____ () C:\Windows\WindowsUpdate.log
2014-07-10 11:20 - 2013-04-30 09:57 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-10 10:59 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-07-10 10:49 - 2012-10-20 05:35 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-10 09:57 - 2014-07-10 09:53 - 00046050 _____ () C:\Users\ronwa\Desktop\Addition.txt
2014-07-10 09:53 - 2014-07-10 08:51 - 00000000 ____D () C:\Users\ronwa\AppData\Local\CrashDumps
2014-07-10 09:52 - 2014-07-10 09:52 - 02084352 _____ (Farbar) C:\Users\ronwa\Desktop\FRST64.exe
2014-07-10 09:27 - 2014-07-10 09:27 - 00000000 ____D () C:\Users\ronwa\AppData\Local\Adobe
2014-07-10 09:21 - 2009-07-13 23:45 - 00021216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-10 09:21 - 2009-07-13 23:45 - 00021216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-10 09:19 - 2014-07-10 09:18 - 00031913 _____ () C:\Users\ronwa\Desktop\dds.txt
2014-07-10 09:19 - 2014-07-10 09:18 - 00019359 _____ () C:\Users\ronwa\Desktop\attach.txt
2014-07-10 09:19 - 2009-07-14 00:13 - 00006458 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-10 09:16 - 2014-07-10 09:16 - 00688992 ____R (Swearware) C:\Users\ronwa\Desktop\dds.com
2014-07-10 08:35 - 2014-07-10 08:04 - 00030312 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-07-10 08:34 - 2014-07-10 08:33 - 00000000 ____D () C:\Users\ronwa\Desktop\RK_Quarantine
2014-07-10 08:28 - 2009-07-13 22:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-10 08:10 - 2010-11-20 22:47 - 00286784 _____ () C:\Windows\PFRO.log
2014-07-10 08:10 - 2009-07-13 23:45 - 00337264 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-10 08:08 - 2014-05-12 10:26 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-10 08:08 - 2012-02-24 00:58 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-10 08:08 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-10 08:08 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-10 08:08 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-07-10 08:06 - 2013-07-31 17:37 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-10 08:03 - 2013-01-02 15:08 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-10 08:01 - 2014-07-10 08:01 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-07-10 07:59 - 2012-10-20 04:27 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-10 07:59 - 2012-10-20 04:26 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-07-10 07:49 - 2012-10-20 05:35 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-10 07:49 - 2012-10-20 05:35 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-10 07:49 - 2012-10-20 05:35 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-10 07:33 - 2014-07-09 10:31 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-07-10 07:33 - 2013-04-30 09:58 - 00000000 ____D () C:\Program Files\Google
2014-07-10 07:33 - 2013-04-30 09:57 - 00000000 ____D () C:\Program Files (x86)\Google
2014-07-10 07:32 - 2014-07-10 07:32 - 00000085 _____ () C:\Windows\wininit.ini
2014-07-10 07:32 - 2014-07-09 10:31 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-07-10 07:31 - 2014-07-08 15:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-07-10 07:30 - 2013-04-30 09:57 - 00000000 ____D () C:\Users\ronwa\AppData\Local\Google
2014-07-09 15:56 - 2014-07-09 15:31 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-07-09 15:56 - 2014-07-09 15:29 - 00000000 ____D () C:\Users\ronwa\Desktop\mbar
2014-07-09 15:30 - 2014-07-09 09:51 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-09 15:18 - 2014-07-09 15:13 - 00000000 ____D () C:\Users\TEMP
2014-07-09 15:15 - 2014-07-09 15:15 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-07-09 14:48 - 2014-07-09 14:48 - 00026302 _____ () C:\ComboFix.txt
2014-07-09 14:48 - 2014-07-09 11:34 - 00000000 ____D () C:\Qoobox
2014-07-09 14:48 - 2014-07-09 11:33 - 00000000 ____D () C:\Windows\erdnt
2014-07-09 14:47 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini
2014-07-09 11:59 - 2014-07-09 11:59 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-07-09 11:38 - 2013-06-21 13:49 - 00000000 ____D () C:\Quarantine
2014-07-09 11:32 - 2014-07-09 11:32 - 05216105 ____R (Swearware) C:\Users\ronwa\Desktop\ComboFix.exe
2014-07-09 10:32 - 2014-07-09 10:32 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-07-09 10:19 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Web
2014-07-09 09:53 - 2014-07-09 09:53 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-09 09:53 - 2014-07-09 09:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-09 09:52 - 2014-07-09 09:51 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-09 09:51 - 2014-07-09 09:51 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-09 07:35 - 2014-06-19 10:37 - 01117990 _____ () C:\Users\ronwa\Desktop\Standard Production System.pptx
2014-07-08 15:05 - 2014-07-08 15:05 - 00001808 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
2014-07-08 11:39 - 2014-07-08 11:39 - 02758434 _____ () C:\Users\ronwa\Desktop\SPS Docs.zip
2014-07-08 10:23 - 2014-06-19 10:37 - 00000000 ____D () C:\Users\ronwa\Desktop\SPS
2014-07-08 10:02 - 2013-09-09 14:19 - 00000000 ____D () C:\Users\ronwa\Desktop\Lean
2014-07-08 09:39 - 2014-07-08 08:40 - 00000000 ____D () C:\Users\ronwa\Desktop\SPS Docs
2014-07-07 12:33 - 2014-06-24 14:48 - 00003566 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-1264667008-2504301194-1484543345-4784
2014-06-29 21:09 - 2014-07-10 07:44 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-29 21:04 - 2014-07-10 07:44 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-26 17:40 - 2013-01-02 18:51 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-26 10:11 - 2014-06-26 09:36 - 00026624 _____ () C:\Users\ronwa\Desktop\budget2014.xls
2014-06-25 07:19 - 2013-09-09 14:18 - 00000000 ____D () C:\Users\ronwa\Desktop\Old docs
2014-06-25 07:17 - 2014-04-22 13:23 - 00000000 ____D () C:\Users\ronwa\Desktop\PFI
2014-06-25 07:17 - 2013-09-09 14:23 - 00000000 ____D () C:\Users\ronwa\Desktop\HR
2014-06-24 14:48 - 2013-12-16 09:22 - 00002216 _____ () C:\Users\ronwa\Desktop\GoToWebinar.lnk
2014-06-24 14:48 - 2013-12-16 09:22 - 00001376 _____ () C:\Users\ronwa\Desktop\GoToMeeting.lnk
2014-06-24 14:29 - 2014-06-24 09:04 - 00151109 _____ () C:\Users\ronwa\Desktop\SPS Assessment Tool 140624.xlsx
2014-06-24 12:15 - 2013-04-30 09:57 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-24 12:15 - 2013-04-30 09:57 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-20 15:14 - 2014-07-10 07:43 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-06-20 14:39 - 2014-07-10 07:43 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-06-20 06:48 - 2013-01-02 14:31 - 00000240 _____ () C:\Windows\system32\config\netlogon.ftl
2014-06-18 20:39 - 2014-07-10 07:43 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-18 20:06 - 2014-07-10 07:43 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-18 20:06 - 2014-07-10 07:43 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-18 19:48 - 2014-07-10 07:43 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-18 19:42 - 2014-07-10 07:43 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-18 19:42 - 2014-07-10 07:43 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-18 19:41 - 2014-07-10 07:43 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-06-18 19:41 - 2014-07-10 07:43 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-18 19:32 - 2014-07-10 07:43 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-18 19:31 - 2014-07-10 07:43 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-18 19:26 - 2014-07-10 07:43 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-18 19:24 - 2014-07-10 07:43 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-18 19:24 - 2014-07-10 07:43 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-18 19:23 - 2014-07-10 07:43 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-18 19:16 - 2014-07-10 07:43 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-18 19:14 - 2014-07-10 07:43 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-18 19:09 - 2014-07-10 07:43 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-18 18:59 - 2014-07-10 07:43 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-18 18:56 - 2014-07-10 07:43 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-18 18:53 - 2014-07-10 07:43 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-18 18:51 - 2014-07-10 07:43 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-18 18:50 - 2014-07-10 07:43 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-18 18:48 - 2014-07-10 07:43 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-18 18:39 - 2014-07-10 07:43 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-18 18:38 - 2014-07-10 07:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-18 18:37 - 2014-07-10 07:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-18 18:36 - 2014-07-10 07:43 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-18 18:35 - 2014-07-10 07:43 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-06-18 18:33 - 2014-07-10 07:43 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-18 18:32 - 2014-07-10 07:43 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-18 18:28 - 2014-07-10 07:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-18 18:28 - 2014-07-10 07:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-18 18:27 - 2014-07-10 07:43 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-18 18:27 - 2014-07-10 07:43 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-18 18:25 - 2014-07-10 07:43 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-18 18:23 - 2014-07-10 07:43 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-18 18:22 - 2014-07-10 07:43 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-18 18:12 - 2014-07-10 07:43 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-18 18:06 - 2014-07-10 07:43 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-18 18:01 - 2014-07-10 07:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-18 17:59 - 2014-07-10 07:43 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-18 17:58 - 2014-07-10 07:43 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-18 17:58 - 2014-07-10 07:43 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-18 17:52 - 2014-07-10 07:43 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-18 17:51 - 2014-07-10 07:43 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-18 17:49 - 2014-07-10 07:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-18 17:46 - 2014-07-10 07:43 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-18 17:45 - 2014-07-10 07:43 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-18 17:35 - 2014-07-10 07:43 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-18 17:34 - 2014-07-10 07:43 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-18 17:15 - 2014-07-10 07:43 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-18 17:13 - 2014-07-10 07:43 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-18 17:09 - 2014-07-10 07:43 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-18 17:07 - 2014-07-10 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-17 21:18 - 2014-07-10 07:43 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-06-17 20:51 - 2014-07-10 07:43 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-06-17 20:10 - 2014-07-10 07:43 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-06-17 13:26 - 2014-06-17 13:26 - 00000165 ____H () C:\Users\ronwa\Desktop\~$SPS event check list.xlsx

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-07-09 02:02

==================== End Of Log ============================



#6 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:41 AM

Posted 10 July 2014 - 12:26 PM

Is the problem still present now?

#7 BartW

BartW
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:11:41 PM

Posted 10 July 2014 - 12:29 PM

Yes, no change.  Still getting the malicious website blocked from malwarebytes and have about 20 instances of dllhost.exe *32.



#8 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:41 AM

Posted 10 July 2014 - 12:41 PM

Please download TDSSKiller and save it to your Desktop.
  • Start tdsskiller.exe with administrator privileges.
  • Accept the EULA and the KSN Statement.
  • Click on Change parameters.
  • Make sure that all available options (except "Loaded modules") are checked and click OK.
  • Click on Start scan.
  • If any threats are found don't delete them but choose the Skip option for all of them.
  • Click on Report to open the log file. (It is also saved at C:\TDSSKiller.<version_date_time>_log.txt).
    Copy and paste its contents in your next reply.


#9 BartW

BartW
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:11:41 PM

Posted 10 July 2014 - 12:49 PM

Here is the log the tool said "no threats found", but the behavior persists.  As soon as I enable my network card, CPU goes to 100% and the task manager gets loaded with dllhost.exe 

 

 

 

12:44:35.0665 0x13d4 TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58

12:44:35.0665 0x13d4 UEFI system

12:44:42.0099 0x13d4 ============================================================

12:44:42.0099 0x13d4 Current date / time: 2014/07/10 12:44:42.0099

12:44:42.0100 0x13d4 SystemInfo:

12:44:42.0100 0x13d4

12:44:42.0100 0x13d4 OS Version: 6.1.7601 ServicePack: 1.0

12:44:42.0100 0x13d4 Product type: Workstation

12:44:42.0100 0x13d4 ComputerName: LPT02527

12:44:42.0101 0x13d4 UserName: RonWa

12:44:42.0102 0x13d4 Windows directory: C:\Windows

12:44:42.0102 0x13d4 System windows directory: C:\Windows

12:44:42.0102 0x13d4 Running under WOW64

12:44:42.0102 0x13d4 Processor architecture: Intel x64

12:44:42.0102 0x13d4 Number of processors: 4

12:44:42.0102 0x13d4 Page size: 0x1000

12:44:42.0102 0x13d4 Boot type: Normal boot

12:44:42.0102 0x13d4 ============================================================

12:44:43.0220 0x13d4 KLMD registered as C:\Windows\system32\drivers\81456548.sys

12:44:45.0405 0x13d4 System UUID: {61206486-D0F3-2394-8217-7A18D2722CB1}

12:44:46.0763 0x13d4 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 ( 596.17 Gb ), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

12:44:46.0772 0x13d4 ============================================================

12:44:46.0772 0x13d4 \Device\Harddisk0\DR0:

12:44:46.0773 0x13d4 GPT partitions:

12:44:46.0773 0x13d4 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {F4019732-066E-4E12-8273-346C5641494F}, UniqueGUID: {8A31259F-5539-4D00-A2C7-E58EFD5A2FD7}, Name: EFI system partition, StartLBA 0x800, BlocksNum 0x82000

12:44:46.0773 0x13d4 \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {E73BE427-7AD4-4B16-BFD2-43295E12076A}, Name: Basic data partition, StartLBA 0x82800, BlocksNum 0x263B000

12:44:46.0773 0x13d4 \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {3FA4BB7D-7A5B-49A2-8B12-0CF602C02E7E}, Name: EFI system partition, StartLBA 0x26BD800, BlocksNum 0x82000

12:44:46.0773 0x13d4 \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {5EA8C044-3781-42E6-978B-9FCF39711285}, Name: Microsoft reserved partition, StartLBA 0x273F800, BlocksNum 0x40000

12:44:46.0773 0x13d4 \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {5D3FE1AE-0212-440C-A232-7FE11FC7BB68}, Name: Basic data partition, StartLBA 0x277F800, BlocksNum 0x480D8A8F

12:44:46.0773 0x13d4 MBR partitions:

12:44:46.0773 0x13d4 ============================================================

12:44:46.0815 0x13d4 C: <-> \Device\Harddisk0\DR0\Partition5

12:44:46.0816 0x13d4 ============================================================

12:44:46.0816 0x13d4 Initialize success

12:44:46.0816 0x13d4 ============================================================

12:45:28.0062 0x3abc ============================================================

12:45:28.0063 0x3abc Scan started

12:45:28.0063 0x3abc Mode: Manual; SigCheck; TDLFS;

12:45:28.0063 0x3abc ============================================================

12:45:28.0063 0x3abc KSN ping started

12:45:31.0333 0x3abc KSN ping finished: true

12:45:35.0581 0x3abc ================ Scan system memory ========================

12:45:35.0581 0x3abc System memory - ok

12:45:35.0587 0x3abc ================ Scan services =============================

12:45:35.0833 0x3abc [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys

12:45:36.0367 0x3abc 1394ohci - ok

12:45:36.0471 0x3abc [ ADC420616C501B45D26C0FD3EF1E54E4, 29FC41D40A35AC5476E2A673CE5B12684E0CFA12A1AEBEEBE5883FBA5CA68B67 ] ACDaemon C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

12:45:36.0642 0x3abc ACDaemon - ok

12:45:36.0702 0x3abc [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys

12:45:36.0728 0x3abc ACPI - ok

12:45:36.0768 0x3abc [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

12:45:36.0807 0x3abc AcpiPmi - ok

12:45:36.0862 0x3abc [ 69971851E8530ACE7DE6C6C87C06D8AB, ABCD695E453185722D01C03B89C9D3A8047B7BBABC49F6E749D6EFA9FBD767C6 ] ActiveDelayDeviceService C:\Program Files (x86)\Sony\VAIO Boot Manager\ActiveDelayDeviceService.exe

12:45:36.0878 0x3abc ActiveDelayDeviceService - ok

12:45:36.0981 0x3abc [ A6B6AB9502B63F43A9A56AE6AFB22078, DD1F0BA3D8F3333F52A71EAE3719A001F6EF844D647FFABF0E4C56C6C764ACA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

12:45:37.0001 0x3abc AdobeFlashPlayerUpdateSvc - ok

12:45:37.0050 0x3abc [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys

12:45:37.0076 0x3abc adp94xx - ok

12:45:37.0132 0x3abc [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\drivers\adpahci.sys

12:45:37.0163 0x3abc adpahci - ok

12:45:37.0175 0x3abc [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\drivers\adpu320.sys

12:45:37.0193 0x3abc adpu320 - ok

12:45:37.0233 0x3abc [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

12:45:37.0318 0x3abc AeLookupSvc - ok

12:45:37.0381 0x3abc [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD C:\Windows\system32\drivers\afd.sys

12:45:37.0437 0x3abc AFD - ok

12:45:37.0460 0x3abc [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys

12:45:37.0476 0x3abc agp440 - ok

12:45:37.0509 0x3abc [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe

12:45:37.0552 0x3abc ALG - ok

12:45:37.0600 0x3abc [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys

12:45:37.0613 0x3abc aliide - ok

12:45:37.0650 0x3abc [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys

12:45:37.0664 0x3abc amdide - ok

12:45:37.0686 0x3abc [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys

12:45:37.0732 0x3abc AmdK8 - ok

12:45:37.0742 0x3abc [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys

12:45:37.0765 0x3abc AmdPPM - ok

12:45:37.0796 0x3abc [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys

12:45:37.0814 0x3abc amdsata - ok

12:45:37.0851 0x3abc [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys

12:45:37.0869 0x3abc amdsbs - ok

12:45:37.0890 0x3abc [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys

12:45:37.0905 0x3abc amdxata - ok

12:45:37.0954 0x3abc [ 1C591C1A0CB8ABE215FF66F9A1D8E955, E0BE5D58A721A73DF5F643F9626B21720B2D2CD074B4646144AA788E0C48FAFC ] AMPPAL C:\Windows\system32\DRIVERS\AMPPAL.sys

12:45:38.0022 0x3abc AMPPAL - ok

12:45:38.0033 0x3abc [ 1C591C1A0CB8ABE215FF66F9A1D8E955, E0BE5D58A721A73DF5F643F9626B21720B2D2CD074B4646144AA788E0C48FAFC ] AMPPALP C:\Windows\system32\DRIVERS\amppal.sys

12:45:38.0117 0x3abc AMPPALP - ok

12:45:38.0218 0x3abc [ E1841818278F2A9D66F834451D608AEA, 1773C8C97B8945232847364E27B47A0FA1837EF6D928005972B76B5A7CF6C59E ] AMPPALR3 C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe

12:45:38.0296 0x3abc AMPPALR3 - ok

12:45:38.0344 0x3abc [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID C:\Windows\system32\drivers\appid.sys

12:45:38.0418 0x3abc AppID - ok

12:45:38.0452 0x3abc [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\Windows\System32\appidsvc.dll

12:45:38.0497 0x3abc AppIDSvc - ok

12:45:38.0538 0x3abc [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll

12:45:38.0599 0x3abc Appinfo - ok

12:45:38.0658 0x3abc [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt C:\Windows\System32\appmgmts.dll

12:45:38.0712 0x3abc AppMgmt - ok

12:45:38.0764 0x3abc [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\drivers\arc.sys

12:45:38.0781 0x3abc arc - ok

12:45:38.0813 0x3abc [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\drivers\arcsas.sys

12:45:38.0829 0x3abc arcsas - ok

12:45:38.0892 0x3abc [ C130BC4A51B1382B2BE8E44579EC4C0A, CC1FD33ED7CAD87A504D8678F8482CAECACD18C727BB97FFB86F39255563EEF2 ] ArcSoftKsUFilter C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys

12:45:38.0929 0x3abc ArcSoftKsUFilter - ok

12:45:39.0061 0x3abc [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

12:45:39.0078 0x3abc aspnet_state - ok

12:45:39.0113 0x3abc [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

12:45:39.0182 0x3abc AsyncMac - ok

12:45:39.0208 0x3abc [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys

12:45:39.0225 0x3abc atapi - ok

12:45:39.0299 0x3abc [ E857EEE6B92AAA473EBB3465ADD8F7E7, 1C7E4737E649A025B3C4974A4F7D1353EAB85561FC8ED54E5C22A777E1A189B3 ] athr C:\Windows\system32\DRIVERS\athrx.sys

12:45:39.0433 0x3abc athr - ok

12:45:39.0495 0x3abc [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

12:45:39.0694 0x3abc AudioEndpointBuilder - ok

12:45:39.0719 0x3abc [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv C:\Windows\System32\Audiosrv.dll

12:45:39.0819 0x3abc AudioSrv - ok

12:45:39.0848 0x3abc [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll

12:45:39.0905 0x3abc AxInstSV - ok

12:45:39.0946 0x3abc [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys

12:45:40.0016 0x3abc b06bdrv - ok

12:45:40.0042 0x3abc [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

12:45:40.0121 0x3abc b57nd60a - ok

12:45:40.0197 0x3abc [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll

12:45:40.0225 0x3abc BDESVC - ok

12:45:40.0283 0x3abc [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys

12:45:40.0324 0x3abc Beep - ok

12:45:40.0392 0x3abc [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll

12:45:40.0461 0x3abc BFE - ok

12:45:40.0533 0x3abc [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\system32\qmgr.dll

12:45:40.0614 0x3abc BITS - ok

12:45:40.0673 0x3abc [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

12:45:40.0702 0x3abc blbdrive - ok

12:45:40.0868 0x3abc [ 05981C3E51D827ED6B8101A54B05E392, FD010159BEC7B88C3A784844A4796D5DAEBA21788A377D12457F59A961E8D77E ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe

12:45:40.0937 0x3abc Bluetooth Device Monitor - ok

12:45:41.0041 0x3abc [ BBFAF63BF768047FE2441B4139E803E3, 20079C578507D34C9A30FFE23A8B22D8A9E7079A994295C833A885EC193E577A ] Bluetooth Media Service C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe

12:45:41.0086 0x3abc Bluetooth Media Service - ok

12:45:41.0181 0x3abc [ 41D8F56E6BBE0111244D87BE2FA90374, 8B73471825B929FEC0367E3B6B6FE346E22ADFB356BE61A01C3EC7CC6F5986D7 ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe

12:45:41.0257 0x3abc Bluetooth OBEX Service - ok

12:45:41.0327 0x3abc [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

12:45:41.0350 0x3abc Bonjour Service - ok

12:45:41.0383 0x3abc [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

12:45:41.0571 0x3abc bowser - ok

12:45:41.0614 0x3abc [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys

12:45:41.0704 0x3abc BrFiltLo - ok

12:45:41.0741 0x3abc [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys

12:45:41.0762 0x3abc BrFiltUp - ok

12:45:41.0794 0x3abc [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys

12:45:41.0863 0x3abc BridgeMP - ok

12:45:41.0905 0x3abc [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll

12:45:41.0954 0x3abc Browser - ok

12:45:42.0015 0x3abc [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys

12:45:42.0072 0x3abc Brserid - ok

12:45:42.0125 0x3abc [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

12:45:42.0190 0x3abc BrSerWdm - ok

12:45:42.0253 0x3abc [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

12:45:42.0311 0x3abc BrUsbMdm - ok

12:45:42.0329 0x3abc [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

12:45:42.0373 0x3abc BrUsbSer - ok

12:45:42.0426 0x3abc [ FF7C57973EEAD140062238C5A0B7D455, 71055CAA7A7072F88E9218F2DCBD3122FAB3DFEE042F8D4D0D90AAC922C736E2 ] BTCFilterService C:\Windows\system32\DRIVERS\motfilt.sys

12:45:42.0461 0x3abc BTCFilterService - ok

12:45:42.0519 0x3abc [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys

12:45:42.0608 0x3abc BthEnum - ok

12:45:42.0664 0x3abc [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys

12:45:42.0787 0x3abc BTHMODEM - ok

12:45:42.0862 0x3abc [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys

12:45:42.0927 0x3abc BthPan - ok

12:45:42.0990 0x3abc [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys

12:45:43.0054 0x3abc BTHPORT - ok

12:45:43.0086 0x3abc [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll

12:45:43.0140 0x3abc bthserv - ok

12:45:43.0176 0x3abc [ 618AFD0072F4A672977484BFF6FE4FE2, 0F234937C781718F6C7A7791D9BC4036F83F69D0E8BF21D1AFC0F799FE54742D ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe

12:45:43.0191 0x3abc BTHSSecurityMgr - ok

12:45:43.0202 0x3abc [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys

12:45:43.0242 0x3abc BTHUSB - ok

12:45:43.0285 0x3abc [ 988CC6CC49303665D3B2435C51505C3F, 5217A7A1BAD77EBF4E5D68D191FCFD7CE4FB96ABB91638383A077BE9CE794EE3 ] btmaux C:\Windows\system32\DRIVERS\btmaux.sys

12:45:43.0303 0x3abc btmaux - ok

12:45:43.0360 0x3abc [ 2B4B508AFAC2A563931AF1FE875A5B16, F6A5261BD3FB8AE7BF26F32B681A15E56317EF8A9D8AB84B9B6BCA66F5484698 ] btmhsf C:\Windows\system32\DRIVERS\btmhsf.sys

12:45:43.0475 0x3abc btmhsf - ok

12:45:43.0479 0x3abc catchme - ok

12:45:43.0512 0x3abc [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

12:45:43.0567 0x3abc cdfs - ok

12:45:43.0616 0x3abc [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

12:45:43.0642 0x3abc cdrom - ok

12:45:43.0684 0x3abc [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll

12:45:43.0796 0x3abc CertPropSvc - ok

12:45:43.0869 0x3abc [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\drivers\circlass.sys

12:45:43.0946 0x3abc circlass - ok

12:45:43.0971 0x3abc [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys

12:45:44.0006 0x3abc CLFS - ok

12:45:44.0099 0x3abc [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

12:45:44.0117 0x3abc clr_optimization_v2.0.50727_32 - ok

12:45:44.0184 0x3abc [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

12:45:44.0199 0x3abc clr_optimization_v2.0.50727_64 - ok

12:45:44.0280 0x3abc [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

12:45:44.0304 0x3abc clr_optimization_v4.0.30319_32 - ok

12:45:44.0348 0x3abc [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

12:45:44.0368 0x3abc clr_optimization_v4.0.30319_64 - ok

12:45:44.0410 0x3abc [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

12:45:44.0445 0x3abc CmBatt - ok

12:45:44.0482 0x3abc [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys

12:45:44.0498 0x3abc cmdide - ok

12:45:44.0572 0x3abc [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG C:\Windows\system32\Drivers\cng.sys

12:45:44.0604 0x3abc CNG - ok

12:45:44.0657 0x3abc [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys

12:45:44.0678 0x3abc Compbatt - ok

12:45:44.0699 0x3abc [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys

12:45:44.0737 0x3abc CompositeBus - ok

12:45:44.0781 0x3abc COMSysApp - ok

12:45:44.0888 0x3abc [ FB08CDC7BB9584F82AE826C1068A9C14, F7E3F97B96E4447746C1FA60A2CEF8DB7EC7B74D9282A0B4B15DB49DF82D4B76 ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe

12:45:44.0913 0x3abc cphs - ok

12:45:44.0941 0x3abc [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys

12:45:44.0969 0x3abc crcdisk - ok

12:45:45.0052 0x3abc [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc C:\Windows\system32\cryptsvc.dll

12:45:45.0105 0x3abc CryptSvc - ok

12:45:45.0149 0x3abc [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC C:\Windows\system32\drivers\csc.sys

12:45:45.0205 0x3abc CSC - ok

12:45:45.0259 0x3abc [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService C:\Windows\System32\cscsvc.dll

12:45:45.0426 0x3abc CscService - ok

12:45:45.0498 0x3abc [ BA8E5B2291C01EF71CA80E25F0C79D55, 913C85EC00752AEEE2E29C6664085865DA45A091789C0F8CB015208D69F1915A ] ctxusbm C:\Windows\system32\DRIVERS\ctxusbm.sys

12:45:45.0577 0x3abc ctxusbm - ok

12:45:45.0628 0x3abc [ D06E443457FADC6B1AFAF3AA4B6936F6, 109B4D05E156604AFB3D63B380CC063B900AEB12F57A1D235B9F9399EE0909C7 ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys

12:45:45.0643 0x3abc dc3d - ok

12:45:45.0695 0x3abc [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll

12:45:45.0784 0x3abc DcomLaunch - ok

12:45:45.0821 0x3abc [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll

12:45:45.0906 0x3abc defragsvc - ok

12:45:45.0937 0x3abc [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys

12:45:46.0151 0x3abc DfsC - ok

12:45:46.0190 0x3abc [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll

12:45:46.0279 0x3abc Dhcp - ok

12:45:46.0313 0x3abc [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys

12:45:46.0383 0x3abc discache - ok

12:45:46.0426 0x3abc [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\drivers\disk.sys

12:45:46.0442 0x3abc Disk - ok

12:45:46.0455 0x3abc [ 5DB085A8A6600BE6401F2B24EECB5415, 5FC5C7C1B4DB7BF6EFD0992E91DB41FD047E90D1ABA0B8F868CB72557F88FB13 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys

12:45:46.0755 0x3abc dmvsc - ok

12:45:46.0813 0x3abc [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll

12:45:47.0091 0x3abc Dnscache - ok

12:45:47.0116 0x3abc [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll

12:45:47.0182 0x3abc dot3svc - ok

12:45:47.0200 0x3abc [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll

12:45:47.0284 0x3abc DPS - ok

12:45:47.0357 0x3abc [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

12:45:47.0390 0x3abc drmkaud - ok

12:45:47.0449 0x3abc [ 88612F1CE3BF42256913BF6E61C70D52, 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

12:45:47.0495 0x3abc DXGKrnl - ok

12:45:47.0546 0x3abc [ 50AD8FC1DC800FF36087994C8F7FDFF2, E3DA8DCE76599E0E1F0D80AA1483D6BECFE0F7242147D986A6AF3A4362FC2C80 ] e1yexpress C:\Windows\system32\DRIVERS\e1y60x64.sys

12:45:47.0579 0x3abc e1yexpress - ok

12:45:47.0639 0x3abc [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll

12:45:47.0693 0x3abc EapHost - ok

12:45:47.0814 0x3abc [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\drivers\evbda.sys

12:45:48.0021 0x3abc ebdrv - ok

12:45:48.0060 0x3abc [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS C:\Windows\System32\lsass.exe

12:45:48.0320 0x3abc EFS - ok

12:45:48.0397 0x3abc [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

12:45:48.0602 0x3abc ehRecvr - ok

12:45:48.0640 0x3abc [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe

12:45:48.0670 0x3abc ehSched - ok

12:45:48.0772 0x3abc [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\drivers\elxstor.sys

12:45:48.0801 0x3abc elxstor - ok

12:45:48.0960 0x3abc [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys

12:45:48.0983 0x3abc ErrDev - ok

12:45:49.0171 0x3abc [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll

12:45:49.0412 0x3abc EventSystem - ok

12:45:49.0546 0x3abc [ 64D25284A4E9D11CA0722AF3F30FD970, C7C40CA8AC444F7B0F88086396C17316348480EBA09109222897B5A42AD655DF ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe

12:45:49.0574 0x3abc EvtEng - ok

12:45:49.0609 0x3abc [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys

12:45:49.0668 0x3abc exfat - ok

12:45:49.0747 0x3abc [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys

12:45:49.0900 0x3abc fastfat - ok

12:45:50.0093 0x3abc [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe

12:45:50.0185 0x3abc Fax - ok

12:45:50.0226 0x3abc [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\drivers\fdc.sys

12:45:50.0253 0x3abc fdc - ok

12:45:50.0276 0x3abc [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll

12:45:50.0331 0x3abc fdPHost - ok

12:45:50.0366 0x3abc [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll

12:45:50.0419 0x3abc FDResPub - ok

12:45:50.0440 0x3abc [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

12:45:50.0456 0x3abc FileInfo - ok

12:45:50.0492 0x3abc [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

12:45:50.0626 0x3abc Filetrace - ok

12:45:50.0653 0x3abc [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys

12:45:50.0745 0x3abc flpydisk - ok

12:45:50.0776 0x3abc [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

12:45:50.0797 0x3abc FltMgr - ok

12:45:50.0899 0x3abc [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\Windows\system32\FntCache.dll

12:45:50.0966 0x3abc FontCache - ok

12:45:51.0027 0x3abc [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

12:45:51.0044 0x3abc FontCache3.0.0.0 - ok

12:45:51.0053 0x3abc [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

12:45:51.0068 0x3abc FsDepends - ok

12:45:51.0101 0x3abc [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

12:45:51.0119 0x3abc Fs_Rec - ok

12:45:51.0171 0x3abc [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

12:45:51.0194 0x3abc fvevol - ok

12:45:51.0229 0x3abc [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys

12:45:51.0244 0x3abc gagp30kx - ok

12:45:51.0306 0x3abc [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll

12:45:51.0411 0x3abc gpsvc - ok

12:45:51.0526 0x3abc [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

12:45:51.0568 0x3abc gupdate - ok

12:45:51.0614 0x3abc [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

12:45:51.0629 0x3abc gupdatem - ok

12:45:51.0646 0x3abc [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

12:45:51.0668 0x3abc hcw85cir - ok

12:45:51.0726 0x3abc [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

12:45:51.0785 0x3abc HdAudAddService - ok

12:45:51.0846 0x3abc [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys

12:45:51.0874 0x3abc HDAudBus - ok

12:45:51.0892 0x3abc [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys

12:45:51.0924 0x3abc HidBatt - ok

12:45:51.0978 0x3abc [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\drivers\hidbth.sys

12:45:52.0028 0x3abc HidBth - ok

12:45:52.0057 0x3abc [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\drivers\hidir.sys

12:45:52.0161 0x3abc HidIr - ok

12:45:52.0181 0x3abc [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\System32\hidserv.dll

12:45:52.0344 0x3abc hidserv - ok

12:45:52.0428 0x3abc [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

12:45:52.0568 0x3abc HidUsb - ok

12:45:52.0607 0x3abc [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll

12:45:52.0661 0x3abc hkmsvc - ok

12:45:52.0681 0x3abc [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll

12:45:52.0710 0x3abc HomeGroupListener - ok

12:45:52.0744 0x3abc [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

12:45:52.0779 0x3abc HomeGroupProvider - ok

12:45:52.0861 0x3abc [ DBD2BB97A574FC565B1EB5C0A03F917A, 3946F8F95C3A7371E168BC82F068E7F830A07FD545A16F47336902E174E0370A ] HPFXBULK C:\Windows\system32\drivers\hpfx64bulk.sys

12:45:52.0887 0x3abc HPFXBULK - ok

12:45:53.0086 0x3abc [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

12:45:53.0123 0x3abc HpSAMD - ok

12:45:53.0210 0x3abc [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys

12:45:53.0309 0x3abc HTTP - ok

12:45:53.0327 0x3abc [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

12:45:53.0343 0x3abc hwpolicy - ok

12:45:53.0384 0x3abc [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys

12:45:53.0540 0x3abc i8042prt - ok

12:45:53.0616 0x3abc [ D1753C06EE17E29352B065EACF3F10D0, 4DD4C991FAA3CCF99DF8DC9F8F5DEEDEECD55977F0C3AA8C404DEFD21E32A62B ] iaStor C:\Windows\system32\drivers\iaStor.sys

12:45:53.0691 0x3abc iaStor - ok

12:45:53.0747 0x3abc [ 545462D0DBE24AF379BA869B7C185CCD, 056F9D0D5FD4FEF37665A35A4029722FF60D02A69854E952DC361CC0E5CD26F9 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

12:45:53.0807 0x3abc IAStorDataMgrSvc - ok

12:45:53.0855 0x3abc [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

12:45:53.0880 0x3abc iaStorV - ok

12:45:53.0932 0x3abc [ 9E3D44CE737388F6BBBB6DD4A1C1847C, 98FD10D07E5801870282D6D0226051193B7D12EF3C8B84DB8365B446E02499DB ] ibtfltcoex C:\Windows\system32\DRIVERS\iBtFltCoex.sys

12:45:53.0965 0x3abc ibtfltcoex - ok

12:45:54.0123 0x3abc [ 3CC7B3BB1A9EA201A040883EDFAA67A0, F543A779BA8CBFD5E0B939844B9CB47A2C05A400C693635F520438C18FFDFAF1 ] IconMan_R C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

12:45:54.0238 0x3abc IconMan_R - ok

12:45:54.0300 0x3abc [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

12:45:54.0334 0x3abc idsvc - ok

12:45:54.0373 0x3abc IEEtwCollectorService - ok

12:45:55.0137 0x3abc [ 3FB253E8059A1AAC3A8B83A31D094CC5, 4D4988BF7D81FB6D75CDB65E1E42AC72DA76D3F84712AA1A27428A6490E342D0 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys

12:45:56.0218 0x3abc igfx - ok

12:45:56.0291 0x3abc [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\drivers\iirsp.sys

12:45:56.0305 0x3abc iirsp - ok

12:45:56.0363 0x3abc [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll

12:45:56.0430 0x3abc IKEEXT - ok

12:45:56.0469 0x3abc [ A387D6DE360C3B2284B23000B212910A, 1DEAFDB1C9A467E437714E753292313F58526B6D719C2B21BD23C6F2F0389251 ] intaud_WaveExtensible C:\Windows\system32\drivers\intelaud.sys

12:45:56.0528 0x3abc intaud_WaveExtensible - ok

12:45:56.0714 0x3abc [ E83BB47C3446F0497019DE7FD6C6A86F, DAD20D57743EB03951FD4078FD105BCD684A9652CFFDF8D03509D814820917CD ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys

12:45:57.0074 0x3abc IntcAzAudAddService - ok

12:45:57.0150 0x3abc [ 6C9FFFECA9FED31347D211C5D1FFBD2D, 36CF8B847FAED0D978B3169ED550CC958025902CAC1D7D304E2684B2483E72B8 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys

12:45:57.0188 0x3abc IntcDAud - ok

12:45:57.0263 0x3abc [ 832CE330DD987227B7DEA8C03F22AEFA, 3DE64D9519D9D865D4C1AA7483D846F0154392B6685BDC451DEC7DA5EA0E2B2E ] Intel® Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe

12:45:57.0291 0x3abc Intel® Capability Licensing Service Interface - ok

12:45:57.0395 0x3abc [ 5A8C154DE7DDEE8ADA3375CC76C4351F, 09B7036AFE795CD048D832B262F1B0BF59BED4B3263C46BBCCB7DF371C3D3A33 ] Intel® ME Service C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

12:45:57.0410 0x3abc Intel® ME Service - ok

12:45:57.0447 0x3abc [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys

12:45:57.0460 0x3abc intelide - ok

12:45:57.0507 0x3abc [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

12:45:57.0567 0x3abc intelppm - ok

12:45:57.0616 0x3abc [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll

12:45:57.0669 0x3abc IPBusEnum - ok

12:45:57.0696 0x3abc [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

12:45:57.0814 0x3abc IpFilterDriver - ok

12:45:57.0865 0x3abc [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

12:45:57.0909 0x3abc iphlpsvc - ok

12:45:57.0930 0x3abc [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

12:45:57.0948 0x3abc IPMIDRV - ok

12:45:57.0986 0x3abc [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys

12:45:58.0035 0x3abc IPNAT - ok

12:45:58.0071 0x3abc [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys

12:45:58.0159 0x3abc IRENUM - ok

12:45:58.0172 0x3abc [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys

12:45:58.0186 0x3abc isapnp - ok

12:45:58.0226 0x3abc [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

12:45:58.0245 0x3abc iScsiPrt - ok

12:45:58.0339 0x3abc [ 846354992EBB373F452EB9182D501B08, 453459133DCA875E93CAAE9852E652F3794F8C31CE53526C47A181FDBABE6849 ] iusb3hcs C:\Windows\system32\DRIVERS\iusb3hcs.sys

12:45:58.0359 0x3abc iusb3hcs - ok

12:45:58.0428 0x3abc [ 1D88A23853387D34D52CC8F9DDBFC56C, D00083B61E93E7E1D247EAB332787912FCF7605AF7043F071238C50E4A15016B ] iusb3hub C:\Windows\system32\DRIVERS\iusb3hub.sys

12:45:58.0485 0x3abc iusb3hub - ok

12:45:58.0572 0x3abc [ FC5EFD7C797DF19DFB999F0605A7924E, C56CE3840F3B11D81BED38E5F59ABCA190DFB7127F06263193870312A83379AF ] iusb3xhc C:\Windows\system32\DRIVERS\iusb3xhc.sys

12:45:58.0626 0x3abc iusb3xhc - ok

12:45:58.0664 0x3abc [ 716F66336F10885D935B08174DC54242, 1992708956A2A45A8870CFCB532F3ABF24B1143B75EF32AB1F59D5D86E65F493 ] iwdbus C:\Windows\system32\DRIVERS\iwdbus.sys

12:45:58.0711 0x3abc iwdbus - ok

12:45:58.0749 0x3abc [ 13E838EA8652F8451F29301D3B56B17B, 2FE65DDBB0ACFD34227001616D0B66B8748132DB7C0FA9342D3AB404B92732CC ] jhi_service C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

12:45:58.0764 0x3abc jhi_service - ok

12:45:58.0798 0x3abc [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

12:45:58.0812 0x3abc kbdclass - ok

12:45:58.0881 0x3abc [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

12:45:59.0072 0x3abc kbdhid - ok

12:45:59.0086 0x3abc [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso C:\Windows\system32\lsass.exe

12:45:59.0180 0x3abc KeyIso - ok

12:45:59.0210 0x3abc [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

12:45:59.0226 0x3abc KSecDD - ok

12:45:59.0252 0x3abc [ 1C2D8E18AA8FD50CD04C15CC27F7F5AB, 4BA3B0F9F01BD47D66091D3AD86B69A523981D61DFB4D677F2CD39405B2DA989 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

12:45:59.0269 0x3abc KSecPkg - ok

12:45:59.0295 0x3abc [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

12:45:59.0397 0x3abc ksthunk - ok

12:45:59.0446 0x3abc [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll

12:45:59.0580 0x3abc KtmRm - ok

12:45:59.0624 0x3abc [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\System32\srvsvc.dll

12:45:59.0734 0x3abc LanmanServer - ok

12:46:00.0110 0x3abc [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

12:46:00.0353 0x3abc LanmanWorkstation - ok

12:46:00.0865 0x3abc [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

12:46:00.0933 0x3abc lltdio - ok

12:46:01.0068 0x3abc [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll

12:46:01.0152 0x3abc lltdsvc - ok

12:46:01.0194 0x3abc [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll

12:46:01.0303 0x3abc lmhosts - ok

12:46:01.0346 0x3abc [ BD9457699AC9C1A0FE43398043617279, 7955D2F5B9CB4FAD53F8D2CCC163FD575714175623F03DA1C3C2495CE3C0F342 ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

12:46:01.0366 0x3abc LMS - ok

12:46:01.0412 0x3abc [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys

12:46:01.0428 0x3abc LSI_FC - ok

12:46:01.0440 0x3abc [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys

12:46:01.0456 0x3abc LSI_SAS - ok

12:46:01.0473 0x3abc [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys

12:46:01.0490 0x3abc LSI_SAS2 - ok

12:46:01.0503 0x3abc [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys

12:46:01.0524 0x3abc LSI_SCSI - ok

12:46:01.0579 0x3abc [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys

12:46:01.0657 0x3abc luafv - ok

12:46:01.0742 0x3abc [ F92B0E478C0FAA6D6661E6E977247E60, 8B26B57C2C60C98CD6273ACA126B2CD0356ADB13A59FEC12882357A6B973123C ] MBAMProtector C:\Windows\system32\drivers\mbam.sys

12:46:01.0758 0x3abc MBAMProtector - ok

12:46:01.0953 0x3abc [ D84AEA3F3329D622DFC1297DDDF6163B, 316FE56CC30ED1473A917253F46B79EAA12F4ABD5B4B1ADB03929DFEE940F577 ] MBAMScheduler C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

12:46:02.0011 0x3abc MBAMScheduler - ok

12:46:02.0068 0x3abc [ 4F45ED469906494F9BF754E476390DBD, D8FF6AFD73D8C191F5732DF9737E6F83B2B52B06A3A6CD4CC6EAC9464CBB2772 ] MBAMService C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

12:46:02.0103 0x3abc MBAMService - ok

12:46:02.0209 0x3abc [ 8A50D5304E6AE48664CF5838EC32F647, C76943FABEE1B5E1B641AA610668CCD4227E2C4B191DD30B79D3AB31A9E8B5BE ] MBAMSwissArmy C:\Windows\system32\drivers\MBAMSwissArmy.sys

12:46:02.0229 0x3abc MBAMSwissArmy - ok

12:46:02.0282 0x3abc [ 15E8ABC06843672955CE26A009533BAD, E7221B7DE9DB45447C68E79C6BFD064713C5974F7E79925BD7DEEF71F73F3E83 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys

12:46:02.0298 0x3abc MBAMWebAccessControl - ok

12:46:02.0372 0x3abc [ 4515CBC0DEBA3088605E5E7EE09D6B84, 2794137954FDD0E8B43E708B0FDCB39D317542CA2FACF772034705B78D407848 ] McAfeeFramework C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe

12:46:02.0401 0x3abc McAfeeFramework - ok

12:46:02.0445 0x3abc [ 01408F1985BD65D0EFDCBFA02D4EDEF7, DD4F437465B6412DDE370BB2D59BEFC10EECB4DC41ECEF23F0FE749ADCF21D45 ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe

12:46:02.0466 0x3abc McShield - ok

12:46:02.0546 0x3abc [ 2CB697CCB48C77B17BE022A32F9B87F3, FD3ABFF9FD808F6FAC87A39FBC6095E217E768A487EEC4CDBD4CAE0E2EBE20F4 ] McTaskManager C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe

12:46:02.0566 0x3abc McTaskManager - ok

12:46:02.0598 0x3abc [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

12:46:02.0671 0x3abc Mcx2Svc - ok

12:46:02.0718 0x3abc [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\drivers\megasas.sys

12:46:02.0732 0x3abc megasas - ok

12:46:02.0743 0x3abc [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys

12:46:02.0763 0x3abc MegaSR - ok

12:46:02.0882 0x3abc [ 772A1DEEDFDBC244183B5C805D1B7D85, 7D821B8DF1F174E5414FFDEAB5207DB687740E9842F7203600AEBA086945AFC9 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys

12:46:02.0902 0x3abc MEIx64 - ok

12:46:02.0977 0x3abc [ 581AFAFA23A61CE6C4D96EFB2A28DE8C, DAAB3F2E4249B8F6A0119A31F893ECD86FA23EFC3038022FBECDEAD5C071AA70 ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys

12:46:03.0011 0x3abc mfeapfk - ok

12:46:03.0084 0x3abc [ DCC7ACD0A249B0952A7C73BA85CF5DC4, 88624F86EC3D55F110055F77CEE1790090D0A1C75234578CD898C48A0ACB9554 ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys

12:46:03.0107 0x3abc mfeavfk - ok

12:46:03.0145 0x3abc mfeavfk01 - ok

12:46:03.0222 0x3abc [ 3EF12141921EDEC8D83C644759AD7F00, DBFCBAEDDBAD9DC12B9202CE12F7A4798EFB6F2ED3F00395604D8E0FAB5075B1 ] mfehidk C:\Windows\system32\drivers\mfehidk.sys

12:46:03.0330 0x3abc mfehidk - ok

12:46:03.0350 0x3abc [ 92FD2EB7C52B4A8504BCE111F5810B55, C1FCC26A42C46EE38406C5BAF2B0E33263AD5171E6285B40B4AE3C3CB4C787B7 ] mferkdet C:\Windows\system32\drivers\mferkdet.sys

12:46:03.0432 0x3abc mferkdet - ok

12:46:03.0450 0x3abc [ C05AEF314C65C435BD25FF99AC5DA8CC, 46FBD7DAEF87F7690BDDCF3B5152B5D42F138DA67EAEE9089C6629E28B0D9512 ] mfevtp C:\Windows\system32\mfevtps.exe

12:46:03.0543 0x3abc mfevtp - ok

12:46:03.0582 0x3abc [ 173751FF26D45B462D0D27E1561912C2, D9C0545C350803A7DCC53DA9363742E6C8E61910BEE7912F12B967F9B094A723 ] mfewfpk C:\Windows\system32\drivers\mfewfpk.sys

12:46:03.0628 0x3abc mfewfpk - ok

12:46:03.0654 0x3abc [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll

12:46:03.0725 0x3abc MMCSS - ok

12:46:03.0747 0x3abc [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys

12:46:03.0797 0x3abc Modem - ok

12:46:03.0822 0x3abc [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys

12:46:03.0858 0x3abc monitor - ok

12:46:03.0892 0x3abc [ 43E754047C6DEE50666554D3C66D6279, DE37EFFEA44CBD1EA245B21056AB40453F8570FE223412C9A5C0509E4AC7E455 ] motccgp C:\Windows\system32\DRIVERS\motccgp.sys

12:46:03.0924 0x3abc motccgp - ok

12:46:03.0958 0x3abc [ 577399C75CF85AC68E7830EB150F45EF, 0E8D496CDAC260C8B2AB7B37654BA2395EC924903EE07161D13F1B6B1F8C8966 ] motccgpfl C:\Windows\system32\DRIVERS\motccgpfl.sys

12:46:04.0043 0x3abc motccgpfl - ok

12:46:04.0096 0x3abc [ AC9D6E3629E4388A9EA9B4172493AAEE, 1AD5CBC2D34ADA8DEFB92D57F8306C46339EA0C131FAF626AB70FC12AA85721E ] Motorola Device Manager C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe

12:46:04.0111 0x3abc Motorola Device Manager - ok

12:46:04.0126 0x3abc [ 19BC2161C3FCCED802F1BCD9B78C3466, 2EA39F23C49191A4651CD785A742554801A4AC59AACE1993B3A30EA137B4A321 ] MotoSwitchService C:\Windows\system32\DRIVERS\motswch.sys

12:46:04.0157 0x3abc MotoSwitchService - ok

12:46:04.0177 0x3abc [ C4F1495598C7E1FEF53BCFD84A5BD53E, E6B1290083B448E01518F060CB47805B39F68466DFA1860C7DD2CA5E780CAF3D ] Motousbnet C:\Windows\system32\DRIVERS\Motousbnet.sys

12:46:04.0257 0x3abc Motousbnet - ok

12:46:04.0273 0x3abc [ D075B1D964A314D240F5498773EE89DF, 3EEF4D06556CE9CA4A268F335D87FCA25C078DAE341F4C23B6F56DB9D746FD80 ] motusbdevice C:\Windows\system32\DRIVERS\motusbdevice.sys

12:46:04.0320 0x3abc motusbdevice - ok

12:46:04.0360 0x3abc [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

12:46:04.0376 0x3abc mouclass - ok

12:46:04.0406 0x3abc [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

12:46:04.0427 0x3abc mouhid - ok

12:46:04.0445 0x3abc [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

12:46:04.0479 0x3abc mountmgr - ok

12:46:04.0513 0x3abc [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys

12:46:04.0531 0x3abc mpio - ok

12:46:04.0569 0x3abc [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

12:46:04.0622 0x3abc mpsdrv - ok

12:46:04.0674 0x3abc [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll

12:46:04.0785 0x3abc MpsSvc - ok

12:46:04.0859 0x3abc [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

12:46:04.0915 0x3abc MRxDAV - ok

12:46:04.0942 0x3abc [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

12:46:05.0032 0x3abc mrxsmb - ok

12:46:05.0096 0x3abc [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

12:46:05.0212 0x3abc mrxsmb10 - ok

12:46:05.0237 0x3abc [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

12:46:05.0304 0x3abc mrxsmb20 - ok

12:46:05.0335 0x3abc [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys

12:46:05.0350 0x3abc msahci - ok

12:46:05.0378 0x3abc [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys

12:46:05.0395 0x3abc msdsm - ok

12:46:05.0407 0x3abc [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe

12:46:05.0492 0x3abc MSDTC - ok

12:46:05.0526 0x3abc [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys

12:46:05.0699 0x3abc Msfs - ok

12:46:05.0714 0x3abc [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

12:46:05.0763 0x3abc mshidkmdf - ok

12:46:05.0859 0x3abc [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

12:46:05.0873 0x3abc msisadrv - ok

12:46:05.0907 0x3abc [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

12:46:05.0984 0x3abc MSiSCSI - ok

12:46:05.0988 0x3abc msiserver - ok

12:46:06.0012 0x3abc [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

12:46:06.0062 0x3abc MSKSSRV - ok

12:46:06.0082 0x3abc [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

12:46:06.0150 0x3abc MSPCLOCK - ok

12:46:06.0165 0x3abc [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

12:46:06.0226 0x3abc MSPQM - ok

12:46:06.0249 0x3abc [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

12:46:06.0279 0x3abc MsRPC - ok

12:46:06.0318 0x3abc [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys

12:46:06.0334 0x3abc mssmbios - ok

12:46:06.0350 0x3abc [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

12:46:06.0401 0x3abc MSTEE - ok

12:46:06.0409 0x3abc [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys

12:46:06.0450 0x3abc MTConfig - ok

12:46:06.0503 0x3abc [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys

12:46:06.0519 0x3abc Mup - ok

12:46:06.0582 0x3abc [ E3B58E3011B207C5289D11173B30E298, 68BDF7DE4FD5E38D33DBAD2A2E05E32BABA8BBD85DBC4364AF7CD62C54C6B539 ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe

12:46:06.0601 0x3abc MyWiFiDHCPDNS - ok

12:46:06.0636 0x3abc [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll

12:46:06.0695 0x3abc napagent - ok

12:46:06.0744 0x3abc [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

12:46:06.0787 0x3abc NativeWifiP - ok

12:46:06.0843 0x3abc [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys

12:46:06.0883 0x3abc NDIS - ok

12:46:06.0901 0x3abc [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

12:46:06.0979 0x3abc NdisCap - ok

12:46:07.0008 0x3abc [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

12:46:07.0058 0x3abc NdisTapi - ok

12:46:07.0082 0x3abc [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

12:46:07.0133 0x3abc Ndisuio - ok

12:46:07.0164 0x3abc [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

12:46:07.0261 0x3abc NdisWan - ok

12:46:07.0292 0x3abc [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

12:46:07.0367 0x3abc NDProxy - ok

12:46:07.0401 0x3abc [ D4F51E88C71BF8F06EA1BE320B0BB75B, ABDA528F8159290BFDFBAAFC3BDA4484649FF612FD1D9E74284CA7DBA00A4B0D ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll

12:46:07.0419 0x3abc Net Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )

12:46:10.0454 0x3abc Detect skipped due to KSN trusted

12:46:10.0454 0x3abc Net Driver HPZ12 - ok

12:46:10.0535 0x3abc [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

12:46:10.0584 0x3abc NetBIOS - ok

12:46:10.0619 0x3abc [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

12:46:10.0678 0x3abc NetBT - ok

12:46:10.0720 0x3abc [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon C:\Windows\system32\lsass.exe

12:46:10.0765 0x3abc Netlogon - ok

12:46:10.0809 0x3abc [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll

12:46:10.0882 0x3abc Netman - ok

12:46:11.0024 0x3abc [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

12:46:11.0042 0x3abc NetMsmqActivator - ok

12:46:11.0056 0x3abc [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

12:46:11.0073 0x3abc NetPipeActivator - ok

12:46:11.0130 0x3abc [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll

12:46:11.0220 0x3abc netprofm - ok

12:46:11.0227 0x3abc [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

12:46:11.0244 0x3abc NetTcpActivator - ok

12:46:11.0269 0x3abc [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

12:46:11.0286 0x3abc NetTcpPortSharing - ok

12:46:11.0992 0x3abc [ 47DC062656EA661FE9175DBACAD00E9D, 508CD435420C0EA2E5943BFE1B4687ECBFB9602209A539B213C5197A16BFF816 ] NETwNs64 C:\Windows\system32\DRIVERS\NETwNs64.sys

12:46:12.0989 0x3abc NETwNs64 - ok

12:46:13.0131 0x3abc [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys

12:46:13.0170 0x3abc nfrd960 - ok

12:46:13.0212 0x3abc [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc C:\Windows\System32\nlasvc.dll

12:46:13.0262 0x3abc NlaSvc - ok

12:46:13.0299 0x3abc [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys

12:46:13.0358 0x3abc Npfs - ok

12:46:13.0413 0x3abc [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll

12:46:13.0492 0x3abc nsi - ok

12:46:13.0504 0x3abc [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

12:46:13.0627 0x3abc nsiproxy - ok

12:46:13.0924 0x3abc [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

12:46:14.0038 0x3abc Ntfs - ok

12:46:14.0070 0x3abc [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys

12:46:14.0182 0x3abc Null - ok

12:46:14.0944 0x3abc [ 9B93CC9C70EDE60A9C486E7719DB9E8D, 8E31BE72797D3308D8AF136E9F4C6199BCF4592F88E9FEB361752FF768225EC9 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys

12:46:15.0968 0x3abc nvlddmkm - ok

12:46:16.0034 0x3abc [ F76296368BB813E0C6996501A3271C7C, FA1C127F881C09C5066CB83A686AFD7A40D731922185EA4001A52ABA230FD812 ] nvpciflt C:\Windows\system32\DRIVERS\nvpciflt.sys

12:46:16.0146 0x3abc nvpciflt - ok

12:46:16.0186 0x3abc [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys

12:46:16.0205 0x3abc nvraid - ok

12:46:16.0281 0x3abc [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys

12:46:16.0305 0x3abc nvstor - ok

12:46:16.0374 0x3abc [ FB50E60564ED30DDC855F0CE435C8467, C9A56D74F58739B8A069336FF5456FC5F3CE89371B8CFE8144B8D06A9C79C6AB ] nvsvc C:\Windows\system32\nvvsvc.exe

12:46:16.0424 0x3abc nvsvc - ok

12:46:16.0571 0x3abc [ B02DCABF20D1B0722292FF16B2819FF1, 886F7CA29371741164B5201BF24532289A0536816779A51BADE7A6D81B9B9AC3 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

12:46:16.0763 0x3abc nvUpdatusService - ok

12:46:16.0845 0x3abc [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

12:46:16.0862 0x3abc nv_agp - ok

12:46:17.0082 0x3abc [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

12:46:17.0121 0x3abc odserv - ok

12:46:17.0138 0x3abc [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

12:46:17.0168 0x3abc ohci1394 - ok

12:46:17.0257 0x3abc [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

12:46:17.0282 0x3abc ose - ok

12:46:17.0370 0x3abc [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

12:46:17.0417 0x3abc p2pimsvc - ok

12:46:17.0463 0x3abc [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll

12:46:17.0540 0x3abc p2psvc - ok

12:46:17.0574 0x3abc [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\drivers\parport.sys

12:46:17.0615 0x3abc Parport - ok

12:46:17.0646 0x3abc [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys

12:46:17.0675 0x3abc partmgr - ok

12:46:17.0723 0x3abc [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc C:\Windows\System32\pcasvc.dll

12:46:17.0791 0x3abc PcaSvc - ok

12:46:17.0832 0x3abc [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys

12:46:17.0858 0x3abc pci - ok

12:46:17.0891 0x3abc [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys

12:46:17.0906 0x3abc pciide - ok

12:46:17.0926 0x3abc [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys

12:46:17.0958 0x3abc pcmcia - ok

12:46:17.0984 0x3abc [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys

12:46:18.0000 0x3abc pcw - ok

12:46:18.0034 0x3abc [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH C:\Windows\system32\drivers\peauth.sys

12:46:18.0134 0x3abc PEAUTH - ok

12:46:18.0206 0x3abc [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll

12:46:18.0363 0x3abc PeerDistSvc - ok

12:46:18.0464 0x3abc [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe

12:46:18.0500 0x3abc PerfHost - ok

12:46:18.0595 0x3abc [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll

12:46:18.0832 0x3abc pla - ok

12:46:18.0935 0x3abc [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

12:46:18.0994 0x3abc PlugPlay - ok

12:46:19.0088 0x3abc [ 9C4D0DE187CBC24F658C52EFC93B1C73, 06BFE4BD5E78D19DAAE4088885E4356B05206EE24A132C1EE735E2DC48286EFA ] PMBDeviceInfoProvider c:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe

12:46:19.0129 0x3abc PMBDeviceInfoProvider - ok

12:46:19.0207 0x3abc [ 9A80707D8B6C1806531BFD7399B3CC76, C9996A265B0C461843DECE336314AEDD38D3F0644A8AA4D3F20D3496AD17956B ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll

12:46:19.0220 0x3abc Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic ( 1 )

12:46:26.0917 0x3abc Detect skipped due to KSN trusted

12:46:26.0917 0x3abc Pml Driver HPZ12 - ok

12:46:26.0966 0x3abc [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

12:46:27.0046 0x3abc PNRPAutoReg - ok

12:46:27.0103 0x3abc [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

12:46:27.0150 0x3abc PNRPsvc - ok

12:46:27.0216 0x3abc [ E4799B87675C59AA1F620DE5C6F113BB, 094EE16D4CEC68DB316002994482344A6BFCFDE399131F7FA11BB46C2DCBF218 ] Point64 C:\Windows\system32\DRIVERS\point64.sys

12:46:27.0231 0x3abc Point64 - ok

12:46:27.0261 0x3abc [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

12:46:27.0419 0x3abc PolicyAgent - ok

12:46:27.0493 0x3abc [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll

12:46:27.0635 0x3abc Power - ok

12:46:27.0690 0x3abc [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

12:46:27.0766 0x3abc PptpMiniport - ok

12:46:27.0791 0x3abc [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\drivers\processr.sys

12:46:27.0808 0x3abc Processor - ok

12:46:27.0841 0x3abc [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc C:\Windows\system32\profsvc.dll

12:46:27.0957 0x3abc ProfSvc - ok

12:46:27.0980 0x3abc [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe

12:46:27.0996 0x3abc ProtectedStorage - ok

12:46:28.0016 0x3abc [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys

12:46:28.0094 0x3abc Psched - ok

12:46:28.0163 0x3abc [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\drivers\ql2300.sys

12:46:28.0311 0x3abc ql2300 - ok

12:46:28.0326 0x3abc [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\drivers\ql40xx.sys

12:46:28.0342 0x3abc ql40xx - ok

12:46:28.0397 0x3abc [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll

12:46:28.0498 0x3abc QWAVE - ok

12:46:28.0528 0x3abc [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

12:46:28.0556 0x3abc QWAVEdrv - ok

12:46:28.0566 0x3abc [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

12:46:28.0613 0x3abc RasAcd - ok

12:46:28.0639 0x3abc [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

12:46:28.0694 0x3abc RasAgileVpn - ok

12:46:28.0716 0x3abc [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll

12:46:28.0788 0x3abc RasAuto - ok

12:46:28.0838 0x3abc [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

12:46:28.0906 0x3abc Rasl2tp - ok

12:46:28.0964 0x3abc [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll

12:46:29.0049 0x3abc RasMan - ok

12:46:29.0066 0x3abc [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

12:46:29.0140 0x3abc RasPppoe - ok

12:46:29.0165 0x3abc [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

12:46:29.0217 0x3abc RasSstp - ok

12:46:29.0240 0x3abc [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

12:46:29.0307 0x3abc rdbss - ok

12:46:29.0331 0x3abc [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys

12:46:29.0367 0x3abc rdpbus - ok

12:46:29.0376 0x3abc [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

12:46:29.0428 0x3abc RDPCDD - ok

12:46:29.0524 0x3abc [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR C:\Windows\system32\drivers\rdpdr.sys

12:46:29.0708 0x3abc RDPDR - ok

12:46:29.0755 0x3abc [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

12:46:29.0968 0x3abc RDPENCDD - ok

12:46:30.0012 0x3abc [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

12:46:30.0112 0x3abc RDPREFMP - ok

12:46:30.0174 0x3abc [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys

12:46:30.0236 0x3abc RdpVideoMiniport - ok

12:46:30.0274 0x3abc [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

12:46:30.0327 0x3abc RDPWD - ok

12:46:30.0371 0x3abc [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

12:46:30.0390 0x3abc rdyboost - ok

12:46:30.0594 0x3abc [ F3AF2B43F35DBB3A0EB9FEEEC7D62217, 5BFB97BFE94F52CE02DFB2B7E8A9AD34AE489B77BA689F63D733EFB65548D734 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

12:46:30.0885 0x3abc RegSrvc - ok

12:46:30.0972 0x3abc [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll

12:46:31.0265 0x3abc RemoteAccess - ok

12:46:32.0224 0x3abc [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll

12:46:32.0338 0x3abc RemoteRegistry - ok

12:46:32.0418 0x3abc [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys

12:46:32.0450 0x3abc RFCOMM - ok

12:46:32.0487 0x3abc [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

12:46:32.0565 0x3abc RpcEptMapper - ok

12:46:32.0608 0x3abc [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe

12:46:32.0670 0x3abc RpcLocator - ok

12:46:32.0708 0x3abc [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll

12:46:32.0817 0x3abc RpcSs - ok

12:46:32.0864 0x3abc [ EBBFA2B4E317AF86E93FEC4C04D7A9B3, 29480CCA0ACAB2D53D664042A0D7713247EDEBBBD4734783348669EFDE579CA9 ] RSPCIESTOR C:\Windows\system32\DRIVERS\RtsPStor.sys

12:46:32.0893 0x3abc RSPCIESTOR - ok

12:46:32.0934 0x3abc [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

12:46:33.0002 0x3abc rspndr - ok

12:46:33.0042 0x3abc [ 39A719875F572241C585A629EE62EB14, EE42DB11710374A2A97ED5B58A9DA0AECC8AB0DF4DEEAC5970F33046255CE2F9 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys

12:46:33.0098 0x3abc RTL8167 - ok

12:46:33.0120 0x3abc [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap C:\Windows\system32\drivers\vms3cap.sys

12:46:33.0141 0x3abc s3cap - ok

12:46:33.0172 0x3abc [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs C:\Windows\system32\lsass.exe

12:46:33.0285 0x3abc SamSs - ok

12:46:33.0334 0x3abc [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

12:46:33.0357 0x3abc sbp2port - ok

12:46:33.0390 0x3abc [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll

12:46:33.0471 0x3abc SCardSvr - ok

12:46:33.0502 0x3abc [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

12:46:33.0619 0x3abc scfilter - ok

12:46:33.0673 0x3abc [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll

12:46:33.0780 0x3abc Schedule - ok

12:46:33.0813 0x3abc [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll

12:46:33.0870 0x3abc SCPolicySvc - ok

12:46:33.0938 0x3abc [ 111E0EBC0AD79CB0FA014B907B231CF0, B7D43D156C2524938503CF8E99C4D1F7A5C55E16C0368F57F4CD23C6D833B38F ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys

12:46:33.0972 0x3abc sdbus - ok

12:46:34.0011 0x3abc [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll

12:46:34.0059 0x3abc SDRSVC - ok

12:46:34.0100 0x3abc [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys

12:46:34.0173 0x3abc secdrv - ok

12:46:34.0264 0x3abc [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll

12:46:34.0372 0x3abc seclogon - ok

12:46:34.0416 0x3abc [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\system32\sens.dll

12:46:34.0535 0x3abc SENS - ok

12:46:34.0608 0x3abc [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll

12:46:34.0627 0x3abc SensrSvc - ok

12:46:34.0663 0x3abc [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\drivers\serenum.sys

12:46:34.0692 0x3abc Serenum - ok

12:46:34.0724 0x3abc [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\drivers\serial.sys

12:46:34.0743 0x3abc Serial - ok

12:46:34.0768 0x3abc [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\drivers\sermouse.sys

12:46:34.0788 0x3abc sermouse - ok

12:46:34.0986 0x3abc [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll

12:46:35.0157 0x3abc SessionEnv - ok

12:46:35.0198 0x3abc [ 85D0F874734C105D02280B39BF0AD23F, 8067852BC131363629B686D4DD6296748889482E2FC50C7A50F29906AF99C4C2 ] SFEP C:\Windows\system32\DRIVERS\SFEP.sys

12:46:35.0214 0x3abc SFEP - ok

12:46:35.0230 0x3abc [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

12:46:35.0267 0x3abc sffdisk - ok

12:46:35.0317 0x3abc [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

12:46:35.0338 0x3abc sffp_mmc - ok

12:46:35.0385 0x3abc [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

12:46:35.0409 0x3abc sffp_sd - ok

12:46:35.0484 0x3abc [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys

12:46:35.0534 0x3abc sfloppy - ok

12:46:35.0601 0x3abc [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll

12:46:35.0701 0x3abc SharedAccess - ok

12:46:35.0730 0x3abc [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll

12:46:35.0848 0x3abc ShellHWDetection - ok

12:46:35.0916 0x3abc [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys

12:46:35.0935 0x3abc SiSRaid2 - ok

12:46:35.0955 0x3abc [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys

12:46:35.0974 0x3abc SiSRaid4 - ok

12:46:36.0022 0x3abc [ 50D9949020E02B847CD48F1243FCB895, 5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe

12:46:36.0047 0x3abc SkypeUpdate - ok

12:46:36.0055 0x3abc [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys

12:46:36.0160 0x3abc Smb - ok

12:46:36.0215 0x3abc [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe

12:46:36.0235 0x3abc SNMPTRAP - ok

12:46:36.0290 0x3abc [ 4AEA7A1C3CA06D95D6966C34D13C0D8B, 94C90DCBD9CCFE465746F554808A4752FB1E452790477D118ED76D7F35CE3576 ] SOHCImp C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe

12:46:36.0305 0x3abc SOHCImp - ok

12:46:36.0380 0x3abc [ 16FD95781117E13107D477AE36219E6F, CD201C01C1FA6BB1B67411C45AA155B112584C9E4A1D68EE091B6723644D37D2 ] SOHDs C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe

12:46:36.0403 0x3abc SOHDs - ok

12:46:36.0481 0x3abc [ C03E480E63A80D73FABE28D24D3B6B47, F8C68DC63A5492587F9343158348ADD99A99AF34DC7ED29E5562EE90C0AB8F25 ] SpfService C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe

12:46:36.0503 0x3abc SpfService - ok

12:46:36.0531 0x3abc [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys

12:46:36.0548 0x3abc spldr - ok

12:46:36.0607 0x3abc [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe

12:46:36.0653 0x3abc Spooler - ok

12:46:36.0845 0x3abc [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe

12:46:37.0308 0x3abc sppsvc - ok

12:46:37.0346 0x3abc [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll

12:46:37.0464 0x3abc sppuinotify - ok

12:46:37.0498 0x3abc [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys

12:46:37.0584 0x3abc srv - ok

12:46:37.0616 0x3abc [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

12:46:37.0664 0x3abc srv2 - ok

12:46:37.0686 0x3abc [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

12:46:37.0724 0x3abc srvnet - ok

12:46:37.0753 0x3abc [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

12:46:37.0862 0x3abc SSDPSRV - ok

12:46:37.0940 0x3abc [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll

12:46:38.0003 0x3abc SstpSvc - ok

12:46:38.0027 0x3abc [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\drivers\stexstor.sys

12:46:38.0041 0x3abc stexstor - ok

12:46:38.0090 0x3abc [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll

12:46:38.0304 0x3abc stisvc - ok

12:46:38.0338 0x3abc [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt C:\Windows\system32\drivers\vmstorfl.sys

12:46:38.0352 0x3abc storflt - ok

12:46:38.0372 0x3abc [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc C:\Windows\system32\storsvc.dll

12:46:38.0482 0x3abc StorSvc - ok

12:46:38.0553 0x3abc [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc C:\Windows\system32\drivers\storvsc.sys

12:46:38.0572 0x3abc storvsc - ok

12:46:38.0628 0x3abc [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\DRIVERS\swenum.sys

12:46:38.0643 0x3abc swenum - ok

12:46:38.0789 0x3abc [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll

12:46:38.0923 0x3abc swprv - ok

12:46:39.0035 0x3abc [ 5112713CD4BC77AFA21647351702F909, 5A5CD7607F7EFA52E0E668511BBB4DF8126CCC70510CBADD8A39E69CE003E7E2 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys

12:46:39.0108 0x3abc SynTP - ok

12:46:39.0281 0x3abc [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll

12:46:39.0396 0x3abc SysMain - ok

12:46:39.0426 0x3abc [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll

12:46:39.0482 0x3abc TabletInputService - ok

12:46:39.0508 0x3abc [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll

12:46:39.0669 0x3abc TapiSrv - ok

12:46:39.0709 0x3abc [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll

12:46:39.0777 0x3abc TBS - ok

12:46:39.0881 0x3abc [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\Windows\system32\drivers\tcpip.sys

12:46:39.0984 0x3abc Tcpip - ok

12:46:40.0159 0x3abc [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

12:46:40.0461 0x3abc TCPIP6 - ok

12:46:40.0514 0x3abc [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

12:46:40.0558 0x3abc tcpipreg - ok

12:46:40.0606 0x3abc [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

12:46:40.0644 0x3abc TDPIPE - ok

12:46:40.0687 0x3abc [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

12:46:40.0707 0x3abc TDTCP - ok

12:46:40.0725 0x3abc [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

12:46:40.0798 0x3abc tdx - ok

12:46:40.0828 0x3abc [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\DRIVERS\termdd.sys

12:46:40.0890 0x3abc TermDD - ok

12:46:40.0981 0x3abc [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService C:\Windows\System32\termsrv.dll

12:46:41.0088 0x3abc TermService - ok

12:46:41.0119 0x3abc [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll

12:46:41.0173 0x3abc Themes - ok

12:46:41.0198 0x3abc [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll

12:46:41.0267 0x3abc THREADORDER - ok

12:46:41.0318 0x3abc [ DBCC20C02E8A3E43B03C304A4E40A84F, BF5F3ACCB0342304A6870E94D2576644B08DBF307C853C7DBA4B82B0C7309DA4 ] TPM C:\Windows\system32\drivers\tpm.sys

12:46:41.0353 0x3abc TPM - ok

12:46:41.0400 0x3abc [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll

12:46:41.0495 0x3abc TrkWks - ok

12:46:41.0553 0x3abc [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

12:46:41.0655 0x3abc TrustedInstaller - ok

12:46:41.0685 0x3abc [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

12:46:41.0722 0x3abc tssecsrv - ok

12:46:41.0801 0x3abc [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys

12:46:41.0841 0x3abc TsUsbFlt - ok

12:46:41.0876 0x3abc [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys

12:46:41.0946 0x3abc TsUsbGD - ok

12:46:42.0019 0x3abc [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

12:46:42.0119 0x3abc tunnel - ok

12:46:42.0169 0x3abc [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\drivers\uagp35.sys

12:46:42.0186 0x3abc uagp35 - ok

12:46:42.0377 0x3abc [ 1FE69F3C1CA1CF4B7EC7E2E9090FFFDC, 30BD61BA46955BD6A48EC78538FAAB46026DD048347F8280352335EB0ECE16AD ] uCamMonitor C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe

12:46:42.0409 0x3abc uCamMonitor - ok

12:46:42.0435 0x3abc [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

12:46:42.0545 0x3abc udfs - ok

12:46:42.0601 0x3abc [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe

12:46:42.0661 0x3abc UI0Detect - ok

12:46:42.0676 0x3abc [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

12:46:42.0691 0x3abc uliagpkx - ok

12:46:42.0715 0x3abc [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\DRIVERS\umbus.sys

12:46:42.0746 0x3abc umbus - ok

12:46:42.0761 0x3abc [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\drivers\umpass.sys

12:46:42.0805 0x3abc UmPass - ok

12:46:42.0856 0x3abc [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService C:\Windows\System32\umrdp.dll

12:46:42.0918 0x3abc UmRdpService - ok

12:46:43.0495 0x3abc [ F76057596EF65049869098677AB72C30, 4EE9353243CB64D0A3AFE060924D93225FB2EB085212F3AEC7A862FFF449C82A ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

12:46:43.0534 0x3abc UNS - ok

12:46:43.0599 0x3abc [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll

12:46:43.0690 0x3abc upnphost - ok

12:46:43.0744 0x3abc [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

12:46:43.0770 0x3abc usbccgp - ok

12:46:43.0802 0x3abc [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys

12:46:43.0862 0x3abc usbcir - ok

12:46:43.0902 0x3abc [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\drivers\usbehci.sys

12:46:44.0007 0x3abc usbehci - ok

12:46:44.0072 0x3abc [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

12:46:44.0200 0x3abc usbhub - ok

12:46:44.0252 0x3abc [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\Windows\system32\drivers\usbohci.sys

12:46:44.0339 0x3abc usbohci - ok

12:46:44.0381 0x3abc [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

12:46:44.0403 0x3abc usbprint - ok

12:46:44.0436 0x3abc [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys

12:46:44.0461 0x3abc usbscan - ok

12:46:44.0516 0x3abc [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

12:46:44.0536 0x3abc USBSTOR - ok

12:46:44.0586 0x3abc [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys

12:46:44.0619 0x3abc usbuhci - ok

12:46:44.0699 0x3abc [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys

12:46:44.0733 0x3abc usbvideo - ok

12:46:44.0773 0x3abc [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll

12:46:44.0883 0x3abc UxSms - ok

12:46:44.0966 0x3abc [ 203FD19D70549A2939E1AE3A36608151, 2B965E52571B6F409132E5D7608B794D56538314BD4E68E58F9CBA39450A94B2 ] VAIO Event Service C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe

12:46:44.0979 0x3abc VAIO Event Service - ok

12:46:45.0118 0x3abc [ 59308CD511A5F3EE33595FFD46F76B31, 757A8245AB2424DC245E5516BA6DB7DF30AF83E217CDA8EADAC0CA1DB24F457A ] VAIO Power Management C:\Program Files\Sony\VAIO Power Management\SPMService.exe

12:46:45.0180 0x3abc VAIO Power Management - ok

12:46:45.0275 0x3abc [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc C:\Windows\system32\lsass.exe

12:46:45.0379 0x3abc VaultSvc - ok

12:46:45.0498 0x3abc [ ADD5A5BA64D0710E1C764A8D4DAD510E, 77A56EDAB6FEBB684E2F6B91DB4E5363D40930CCC3F44DA681BEBB9201851B1C ] VCFw C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe

12:46:45.0778 0x3abc VCFw - ok

12:46:45.0847 0x3abc [ EEE5AD6FB40B35F7867C3A49B98BB4EF, BEB7A8261C627E4FC8A57386700D25F78257B8CCA720174FEBC7DC53E871B6FF ] VcmIAlzMgr C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe

12:46:45.0922 0x3abc VcmIAlzMgr - ok

12:46:45.0987 0x3abc [ FD5BD55C1854208BC9C51DBCFC3C1941, 450A5DA99C55D3F34353B7FC0710AC7BCDB23EB43A096EB5C0ED796552E6EA73 ] VcmINSMgr C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe

12:46:46.0017 0x3abc VcmINSMgr - ok

12:46:46.0061 0x3abc [ 9BC1F203C5604C24F345BCFCD6956BAE, 44D277B041FD6902AE61CCA0C96E5555EAC35E356EC91E22485781D66C68009D ] VcmXmlIfHelper C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe

12:46:46.0079 0x3abc VcmXmlIfHelper - ok

12:46:46.0118 0x3abc [ D076011ECD0D1310E879F32EBF3B4886, F2ED6F82941548CB1A5A54109936847D16C874DEAEF7A234D3170DEE0D1AAE05 ] VCService C:\Program Files\Sony\VAIO Care\VCService.exe

12:46:46.0135 0x3abc VCService - ok

12:46:46.0217 0x3abc [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

12:46:46.0231 0x3abc vdrvroot - ok

12:46:46.0293 0x3abc [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe

12:46:46.0440 0x3abc vds - ok

12:46:46.0486 0x3abc [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

12:46:46.0592 0x3abc vga - ok

12:46:46.0639 0x3abc [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys

12:46:46.0749 0x3abc VgaSave - ok

12:46:46.0774 0x3abc [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

12:46:46.0794 0x3abc vhdmp - ok

12:46:46.0874 0x3abc [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys

12:46:46.0921 0x3abc viaide - ok

12:46:46.0966 0x3abc [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus C:\Windows\system32\drivers\vmbus.sys

12:46:46.0992 0x3abc vmbus - ok

12:46:47.0002 0x3abc [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys

12:46:47.0032 0x3abc VMBusHID - ok

12:46:47.0053 0x3abc [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys

12:46:47.0071 0x3abc volmgr - ok

12:46:47.0105 0x3abc [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

12:46:47.0129 0x3abc volmgrx - ok

12:46:47.0236 0x3abc [ DF8126BD41180351A093A3AD2FC8903B, AEFF4AA89CDDAAAD43CDE17C6B6EB2A397A0AC1651CBD51B889161EC2BC6527A ] volsnap C:\Windows\system32\drivers\volsnap.sys

12:46:47.0265 0x3abc volsnap - ok

12:46:47.0364 0x3abc [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\drivers\vsmraid.sys

12:46:47.0388 0x3abc vsmraid - ok

12:46:47.0517 0x3abc [ 596E65BDEE804CC6658A39756CC61849, 34936A8FBB886212C23485C38FE095C4122922C3D139DEDEEF4DFF182E3E43C5 ] VSNService C:\Program Files\Sony\VAIO Smart Network\VSNService.exe

12:46:47.0571 0x3abc VSNService - ok

12:46:47.0655 0x3abc [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe

12:46:47.0931 0x3abc VSS - ok

12:46:48.0026 0x3abc [ FB4A1695D2D74F9C92CA5E84795CDBE1, A0AF176F3495B81B0EF2F2290BC1575CA907C44F27FDB653F780635AECA1659A ] VUAgent C:\Program Files\Sony\VAIO Update Common\VUAgent.exe

12:46:48.0076 0x3abc VUAgent - ok

12:46:48.0093 0x3abc [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys

12:46:48.0128 0x3abc vwifibus - ok

12:46:48.0168 0x3abc [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys

12:46:48.0291 0x3abc vwififlt - ok

12:46:48.0353 0x3abc [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys

12:46:48.0384 0x3abc vwifimp - ok

12:46:48.0431 0x3abc [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll

12:46:48.0501 0x3abc W32Time - ok

12:46:48.0527 0x3abc [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\drivers\wacompen.sys

12:46:48.0545 0x3abc WacomPen - ok

12:46:48.0639 0x3abc [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

12:46:48.0693 0x3abc WANARP - ok

12:46:48.0717 0x3abc [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

12:46:48.0787 0x3abc Wanarpv6 - ok

12:46:49.0079 0x3abc [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

12:46:49.0201 0x3abc WatAdminSvc - ok

12:46:49.0582 0x3abc [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe

12:46:49.0760 0x3abc wbengine - ok

12:46:49.0784 0x3abc [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

12:46:49.0830 0x3abc WbioSrvc - ok

12:46:49.0874 0x3abc [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll

12:46:51.0417 0x3abc wcncsvc - ok

12:46:51.0445 0x3abc [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

12:46:51.0472 0x3abc WcsPlugInService - ok

12:46:51.0513 0x3abc [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\drivers\wd.sys

12:46:51.0528 0x3abc Wd - ok

12:46:51.0662 0x3abc [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

12:46:51.0903 0x3abc Wdf01000 - ok

12:46:51.0949 0x3abc [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost C:\Windows\system32\wdi.dll

12:46:52.0002 0x3abc WdiServiceHost - ok

12:46:52.0011 0x3abc [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost C:\Windows\system32\wdi.dll

12:46:52.0045 0x3abc WdiSystemHost - ok

12:46:52.0124 0x3abc [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\Windows\System32\webclnt.dll

12:46:52.0231 0x3abc WebClient - ok

12:46:52.0249 0x3abc [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll

12:46:52.0336 0x3abc Wecsvc - ok

12:46:52.0377 0x3abc [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll

12:46:52.0482 0x3abc wercplsupport - ok

12:46:52.0513 0x3abc [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll

12:46:52.0594 0x3abc WerSvc - ok

12:46:52.0644 0x3abc [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

12:46:52.0753 0x3abc WfpLwf - ok

12:46:52.0837 0x3abc [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys

12:46:52.0858 0x3abc WIMMount - ok

12:46:52.0888 0x3abc WinDefend - ok

12:46:52.0958 0x3abc WinHttpAutoProxySvc - ok

12:46:53.0020 0x3abc [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

12:46:53.0111 0x3abc Winmgmt - ok

12:46:53.0208 0x3abc [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM C:\Windows\system32\WsmSvc.dll

12:46:53.0572 0x3abc WinRM - ok

12:46:53.0627 0x3abc [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys

12:46:53.0647 0x3abc WinUsb - ok

12:46:53.0706 0x3abc [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll

12:46:53.0863 0x3abc Wlansvc - ok

12:46:53.0911 0x3abc [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

12:46:53.0924 0x3abc wlcrasvc - ok

12:46:54.0074 0x3abc [ 2BACD71123F42CEA603F4E205E1AE337, 1FEF20554110371D738F462ECFFA999158EFEED02062414C58C1B61C422BF0B9 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

12:46:54.0285 0x3abc wlidsvc - ok

12:46:54.0363 0x3abc [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys

12:46:54.0386 0x3abc WmiAcpi - ok

12:46:54.0418 0x3abc [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

12:46:54.0462 0x3abc wmiApSrv - ok

12:46:54.0480 0x3abc WMPNetworkSvc - ok

12:46:54.0509 0x3abc [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll

12:46:54.0542 0x3abc WPCSvc - ok

12:46:54.0566 0x3abc [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

12:46:54.0674 0x3abc WPDBusEnum - ok

12:46:54.0703 0x3abc [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

12:46:54.0765 0x3abc ws2ifsl - ok

12:46:54.0789 0x3abc [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\system32\wscsvc.dll

12:46:54.0854 0x3abc wscsvc - ok

12:46:54.0864 0x3abc WSearch - ok

12:46:55.0331 0x3abc [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv C:\Windows\system32\wuaueng.dll

12:46:55.0540 0x3abc wuauserv - ok

12:46:55.0652 0x3abc [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

12:46:55.0673 0x3abc WudfPf - ok

12:46:55.0720 0x3abc [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

12:46:55.0746 0x3abc WUDFRd - ok

12:46:55.0782 0x3abc [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

12:46:55.0805 0x3abc wudfsvc - ok

12:46:55.0901 0x3abc [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll

12:46:55.0968 0x3abc WwanSvc - ok

12:46:56.0143 0x3abc [ 74713CB32792F9C7632DAA7DA22CA974, 1B1D907F8F18AE22E36F371EE6417D068C01FB4F9413571444AF3845A27F3C4D ] ZeroConfigService C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

12:46:56.0181 0x3abc ZeroConfigService - ok

12:46:56.0252 0x3abc ================ Scan global ===============================

12:46:56.0275 0x3abc [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll

12:46:56.0309 0x3abc [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll

12:46:56.0333 0x3abc [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll

12:46:56.0363 0x3abc [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll

12:46:56.0417 0x3abc [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe

12:46:56.0426 0x3abc [ Global ] - ok

12:46:56.0426 0x3abc ================ Scan MBR ==================================

12:46:56.0449 0x3abc [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0

12:46:56.0676 0x3abc \Device\Harddisk0\DR0 - ok

12:46:56.0693 0x3abc ================ Scan VBR ==================================

12:46:56.0730 0x3abc [ E43A16F2D7920D45F6998E17E8E25A6A ] \Device\Harddisk0\DR0\Partition1

12:46:56.0786 0x3abc \Device\Harddisk0\DR0\Partition1 - ok

12:46:56.0814 0x3abc [ 3906B7A4DFE2F4B4E54D0939AC65E5A5 ] \Device\Harddisk0\DR0\Partition2

12:46:56.0850 0x3abc \Device\Harddisk0\DR0\Partition2 - ok

12:46:56.0882 0x3abc [ D407B27EF3ED053BB3395F7C5F79046E ] \Device\Harddisk0\DR0\Partition3

12:46:56.0952 0x3abc \Device\Harddisk0\DR0\Partition3 - ok

12:46:56.0983 0x3abc [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition4

12:46:56.0983 0x3abc \Device\Harddisk0\DR0\Partition4 - ok

12:46:57.0012 0x3abc [ 5FAD8C52F88C75B57DB0847112EF242D ] \Device\Harddisk0\DR0\Partition5

12:46:57.0029 0x3abc \Device\Harddisk0\DR0\Partition5 - ok

12:46:57.0030 0x3abc ================ Scan generic autorun ======================

12:46:57.0116 0x3abc [ B1DDCBE7D17DE94045FE9E40EB3D0170, 76EAF208139160C10937FEB4CB47A9890BF66414A3958289DDDCE62EA6E701FC ] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

12:46:57.0203 0x3abc RtHDVBg_Dolby - ok

12:46:57.0243 0x3abc [ B1DDCBE7D17DE94045FE9E40EB3D0170, 76EAF208139160C10937FEB4CB47A9890BF66414A3958289DDDCE62EA6E701FC ] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

12:46:57.0327 0x3abc RtHDVBg - ok

12:46:57.0334 0x3abc BTMTrayAgent - ok

12:46:57.0394 0x3abc [ 5E7CDCB6438D5A83EAD39A3AAC542581, 3313FE3BFB9D92CA2B8E25DB2054CD7F07409BC4117DC68993055A102F67DC45 ] C:\Windows\system32\igfxtray.exe

12:46:57.0470 0x3abc IgfxTray - ok

12:46:57.0512 0x3abc [ F90A9CA2335386E0DE028AC82A73C751, 9500A2E4628EF4C9D983727AFBB2F805E2555B65E3E19BA1E4FCFF1B92C652BC ] C:\Windows\system32\hkcmd.exe

12:46:57.0577 0x3abc HotKeysCmds - ok

12:46:57.0608 0x3abc [ C7E9B3E1B219AE8C07A0C5ED1477A6A6, F669BB7683F74DF956B46A0A0AC94A8DAA0CAEF60EE0C1501C957109C53B92C3 ] C:\Windows\system32\igfxpers.exe

12:46:57.0655 0x3abc Persistence - ok

12:46:57.0668 0x3abc SynTPEnh - ok

12:46:57.0708 0x3abc [ 5514B64F7F2D25E09E2FDAF5D62B688C, 43263715ADC49250762A01E41DB2832C6A8B63CE4F66CDD8FC0B51DCA031DF27 ] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe

12:46:57.0764 0x3abc IAStorIcon - ok

12:46:57.0829 0x3abc [ 8D2B47285BCDE1943A16166702E3FA95, 621156A7861CA83BCD146D1CCCAC13F72951F2A64866C185796D7954E2EBAEA0 ] C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe

12:46:57.0865 0x3abc Dolby Home Theater v4 - ok

12:46:57.0946 0x3abc [ 4D1DA8CE5E364D22B4FF00F163194514, 165DE474309206A0F51266F19EDB4AF3D7BAD19FDA61B636AEE7A04278DBBC2C ] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

12:46:58.0003 0x3abc USB3MON - ok

12:46:58.0120 0x3abc [ 9472FA7FAB93A8B327F97A16DB1CC0EF, 5BAA4E25E1B238F535CCD7ABFF25217159EB8AFE483339538064F4B54954DA86 ] C:\Program Files (x86)\Citrix\GoToMeeting\1350\g2mstart.exe

12:46:58.0133 0x3abc GoToMeeting - ok

12:46:58.0171 0x3abc [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe

12:46:58.0213 0x3abc mctadmin - ok

12:46:58.0219 0x3abc Waiting for KSN requests completion. In queue: 197

12:46:59.0220 0x3abc Waiting for KSN requests completion. In queue: 197

12:47:00.0223 0x3abc Waiting for KSN requests completion. In queue: 197

12:47:01.0223 0x3abc Waiting for KSN requests completion. In queue: 197

12:47:02.0234 0x3abc Waiting for KSN requests completion. In queue: 197

12:47:03.0238 0x3abc Waiting for KSN requests completion. In queue: 197

12:47:04.0238 0x3abc Waiting for KSN requests completion. In queue: 197

12:47:05.0242 0x3abc Waiting for KSN requests completion. In queue: 197

12:47:06.0242 0x3abc Waiting for KSN requests completion. In queue: 197

12:47:07.0470 0x3abc AV detected via SS2: McAfee VirusScan Enterprise, "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /!REMEDIATE ( ), 0x41000 ( enabled : updated )

12:47:07.0736 0x3abc Win FW state via NFP2: enabled

12:47:11.0003 0x3abc ============================================================

12:47:11.0003 0x3abc Scan finished

12:47:11.0003 0x3abc ============================================================

12:47:11.0070 0x3958 Detected object count: 0

12:47:11.0070 0x3958 Actual detected object count: 0



#10 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:41 AM

Posted 10 July 2014 - 01:32 PM

Something is off for sure but neither I nor the tools have seen it yet.
Let's go find it:


Please download this attached Attached File  fixlist.txt   43bytes   4 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.


#11 BartW

BartW
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:11:41 PM

Posted 10 July 2014 - 01:37 PM

Done.  Here is the log:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-07-2014
Ran by RonWa at 2014-07-10 13:35:38 Run:2
Running from C:\Users\ronwa\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Folder: C:\Users\ronwa\AppData\Local\temp

*****************

========================= Folder: C:\Users\ronwa\AppData\Local\temp ========================

2014-07-10 12:43 - 2014-07-10 12:43 - 0016384 ____T () C:\Users\ronwa\AppData\Local\temp\~DF33ED1FF434571F46.TMP
2014-07-10 11:48 - 2014-07-10 11:48 - 0016384 ____T () C:\Users\ronwa\AppData\Local\temp\~DF54A9410C2C5A7DFB.TMP
2014-07-10 13:34 - 2014-07-10 13:34 - 0016384 ____T () C:\Users\ronwa\AppData\Local\temp\~DFDF5463E42F18EFD8.TMP
2014-07-10 11:48 - 2014-07-10 12:50 - 0040960 ____T () C:\Users\ronwa\AppData\Local\temp\~DFE7021EAEC7C66155.TMP
2014-07-10 09:31 - 2014-07-10 09:31 - 0000134 _____ () C:\Users\ronwa\AppData\Local\temp\1070775.od
2014-07-09 15:20 - 2014-07-09 15:20 - 0000134 _____ () C:\Users\ronwa\AppData\Local\temp\263080.od
2014-07-10 07:38 - 2014-07-10 07:38 - 0000134 _____ () C:\Users\ronwa\AppData\Local\temp\305309.od
2014-07-10 09:18 - 2014-07-10 09:18 - 0019359 _____ () C:\Users\ronwa\AppData\Local\temp\Attach.txt
2014-07-09 15:22 - 2014-07-09 15:22 - 0000000 _____ () C:\Users\ronwa\AppData\Local\temp\C2X5FEB.tmp
2014-07-09 15:20 - 2014-07-09 15:20 - 0000000 _____ () C:\Users\ronwa\AppData\Local\temp\CVR3A8.tmp.cvr
2014-07-10 09:31 - 2014-07-10 09:31 - 0000000 _____ () C:\Users\ronwa\AppData\Local\temp\CVR56B7.tmp.cvr
2014-07-10 07:38 - 2014-07-10 07:38 - 0000000 _____ () C:\Users\ronwa\AppData\Local\temp\CVRA89D.tmp.cvr
2014-07-10 09:02 - 2014-07-10 09:02 - 0022396 _____ () C:\Users\ronwa\AppData\Local\temp\dat512B.tmp
2014-07-10 09:02 - 2014-07-10 09:02 - 0022292 _____ () C:\Users\ronwa\AppData\Local\temp\dat513C.tmp
2014-07-10 09:02 - 2014-07-10 09:02 - 0022000 _____ () C:\Users\ronwa\AppData\Local\temp\dat513D.tmp
2014-07-10 09:02 - 2014-07-10 09:02 - 0019896 _____ () C:\Users\ronwa\AppData\Local\temp\dat514E.tmp
2014-07-10 09:02 - 2014-07-10 09:02 - 0020852 _____ () C:\Users\ronwa\AppData\Local\temp\dat514F.tmp
2014-07-10 09:02 - 2014-07-10 09:02 - 0020640 _____ () C:\Users\ronwa\AppData\Local\temp\dat515F.tmp
2014-07-10 09:02 - 2014-07-10 09:02 - 0020456 _____ () C:\Users\ronwa\AppData\Local\temp\dat5160.tmp
2014-07-10 09:02 - 2014-07-10 09:02 - 0017688 _____ () C:\Users\ronwa\AppData\Local\temp\dat5171.tmp
2014-07-10 09:02 - 2014-07-10 09:02 - 0020224 _____ () C:\Users\ronwa\AppData\Local\temp\dat5172.tmp
2014-07-10 09:02 - 2014-07-10 09:02 - 0019512 _____ () C:\Users\ronwa\AppData\Local\temp\dat5182.tmp
2014-07-10 08:50 - 2014-07-10 08:50 - 0007940 _____ () C:\Users\ronwa\AppData\Local\temp\dat8628.tmp
2014-07-10 08:03 - 2014-07-10 08:03 - 0018272 _____ () C:\Users\ronwa\AppData\Local\temp\dat8DE6.tmp
2014-07-10 08:03 - 2014-07-10 08:03 - 0017768 _____ () C:\Users\ronwa\AppData\Local\temp\dat8DF7.tmp
2014-07-10 08:03 - 2014-07-10 08:03 - 0017964 _____ () C:\Users\ronwa\AppData\Local\temp\dat8DF8.tmp
2014-07-10 08:03 - 2014-07-10 08:03 - 0020756 _____ () C:\Users\ronwa\AppData\Local\temp\dat8E18.tmp
2014-07-10 08:03 - 2014-07-10 08:03 - 0020544 _____ () C:\Users\ronwa\AppData\Local\temp\dat8E29.tmp
2014-07-10 08:03 - 2014-07-10 08:03 - 0020360 _____ () C:\Users\ronwa\AppData\Local\temp\dat8E39.tmp
2014-07-10 08:03 - 2014-07-10 08:03 - 0017588 _____ () C:\Users\ronwa\AppData\Local\temp\dat8E3A.tmp
2014-07-10 08:03 - 2014-07-10 08:03 - 0017928 _____ () C:\Users\ronwa\AppData\Local\temp\dat8E6A.tmp
2014-07-10 08:03 - 2014-07-10 08:03 - 0017984 _____ () C:\Users\ronwa\AppData\Local\temp\dat8E7B.tmp
2014-07-10 08:03 - 2014-07-10 08:03 - 0018508 _____ () C:\Users\ronwa\AppData\Local\temp\dat8E7C.tmp
2014-07-10 08:03 - 2014-07-10 08:03 - 0015508 _____ () C:\Users\ronwa\AppData\Local\temp\dat8E8C.tmp
2014-07-10 08:03 - 2014-07-10 08:03 - 0018160 _____ () C:\Users\ronwa\AppData\Local\temp\dat8E8D.tmp
2014-07-09 15:34 - 2014-07-09 15:34 - 0023164 _____ () C:\Users\ronwa\AppData\Local\temp\datAE8B.tmp
2014-07-09 15:34 - 2014-07-09 15:34 - 0023256 _____ () C:\Users\ronwa\AppData\Local\temp\datAE9C.tmp
2014-07-09 15:34 - 2014-07-09 15:34 - 0024044 _____ () C:\Users\ronwa\AppData\Local\temp\datAE9D.tmp
2014-07-09 15:34 - 2014-07-09 15:34 - 0023384 _____ () C:\Users\ronwa\AppData\Local\temp\datAEAE.tmp
2014-07-09 15:34 - 2014-07-09 15:34 - 0023172 _____ () C:\Users\ronwa\AppData\Local\temp\datAEBE.tmp
2014-07-09 15:34 - 2014-07-09 15:34 - 0023936 _____ () C:\Users\ronwa\AppData\Local\temp\datAEBF.tmp
2014-07-10 08:58 - 2014-07-10 08:58 - 0013116 _____ () C:\Users\ronwa\AppData\Local\temp\datC28E.tmp
2014-07-10 09:18 - 2014-07-10 09:18 - 0031913 _____ () C:\Users\ronwa\AppData\Local\temp\DDS.txt
2014-07-10 08:04 - 2014-07-10 08:04 - 0000000 _____ () C:\Users\ronwa\AppData\Local\temp\DMI475C.tmp
2014-07-10 07:59 - 2014-07-10 07:59 - 0000000 _____ () C:\Users\ronwa\AppData\Local\temp\DMIF72A.tmp
2014-07-09 15:20 - 2014-07-10 09:31 - 0000028 _____ () C:\Users\ronwa\AppData\Local\temp\ExchangePerflog_8484fa3122aa1967cfcccd43.dat
2014-07-10 13:35 - 2014-07-10 13:35 - 2297435 _____ () C:\Users\ronwa\AppData\Local\temp\fla9B75.tmp
2014-07-10 13:35 - 2014-07-10 13:35 - 1152526 _____ () C:\Users\ronwa\AppData\Local\temp\flaF2A9.tmp
2014-07-09 14:54 - 2014-07-09 14:54 - 0000000 _____ () C:\Users\ronwa\AppData\Local\temp\FXSAPIDebugLogFile.txt
2014-07-10 07:30 - 2014-07-10 07:30 - 0003136 _____ () C:\Users\ronwa\AppData\Local\temp\GoogleToolbarInstaller1.log
2014-07-10 12:48 - 2014-07-10 12:48 - 0000000 _____ () C:\Users\ronwa\AppData\Local\temp\h2rCC45.tmp
2014-07-10 12:48 - 2014-07-10 12:48 - 0124404 _____ () C:\Users\ronwa\AppData\Local\temp\r2hCC35.tmp
2014-07-09 14:56 - 2014-07-10 09:16 - 0005914 _____ () C:\Users\ronwa\AppData\Local\temp\StructuredQuery.log
2014-07-10 11:47 - 2014-07-10 11:55 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\1024
2014-07-10 11:49 - 2014-07-10 11:49 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\1024\container.dat
2014-07-10 13:05 - 2014-07-10 13:05 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\1058
2014-07-10 12:39 - 2014-07-10 12:39 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\105c
2014-07-10 11:46 - 2014-07-10 11:58 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\1070
2014-07-10 11:47 - 2014-07-10 11:47 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\1070\container.dat
2014-07-10 09:04 - 2014-07-10 09:04 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\1074
2014-07-10 12:00 - 2014-07-10 12:00 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\1088
2014-07-10 12:37 - 2014-07-10 12:37 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\10dc
2014-07-10 13:14 - 2014-07-10 13:14 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\1118
2014-07-10 13:16 - 2014-07-10 13:16 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\1130
2014-07-10 12:22 - 2014-07-10 12:22 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\1148
2014-07-10 12:50 - 2014-07-10 12:50 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\1194
2014-07-10 10:49 - 2014-07-10 10:49 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\11a4
2014-07-10 09:29 - 2014-07-10 09:29 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\12c8
2014-07-09 15:08 - 2014-07-09 15:10 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\12d4
2014-07-09 15:09 - 2014-07-09 15:09 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\12d4\container.dat
2014-07-10 12:31 - 2014-07-10 12:31 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\12e4
2014-07-10 12:06 - 2014-07-10 12:06 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\1300
2014-07-09 15:37 - 2014-07-09 15:38 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\131c
2014-07-09 15:38 - 2014-07-09 15:38 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\131c\container.dat
2014-07-10 13:25 - 2014-07-10 13:25 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\136c
2014-07-10 11:48 - 2014-07-10 11:49 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\138c
2014-07-10 11:49 - 2014-07-10 11:49 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\138c\container.dat
2014-07-09 15:56 - 2014-07-09 15:56 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\139c
2014-07-09 15:20 - 2014-07-09 15:33 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\13c0
2014-07-09 15:21 - 2014-07-09 15:21 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\13c0\container.dat
2014-07-10 12:50 - 2014-07-10 12:50 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\13cc
2014-07-09 15:47 - 2014-07-09 15:53 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\13d4
2014-07-09 15:48 - 2014-07-09 15:48 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\13d4\container.dat
2014-07-10 11:47 - 2014-07-10 11:49 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\13f4
2014-07-10 11:49 - 2014-07-10 11:49 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\13f4\container.dat
2014-07-10 13:07 - 2014-07-10 13:07 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\140c
2014-07-09 15:41 - 2014-07-09 15:42 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\1430
2014-07-09 15:42 - 2014-07-09 15:42 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\1430\container.dat
2014-07-10 08:32 - 2014-07-10 08:42 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\1480
2014-07-10 08:33 - 2014-07-10 08:33 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\1480\container.dat
2014-07-10 09:45 - 2014-07-10 09:45 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\14a8
2014-07-10 11:59 - 2014-07-10 11:59 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\14fc
2014-07-10 12:55 - 2014-07-10 12:55 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\1510
2014-07-10 13:01 - 2014-07-10 13:01 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\1524
2014-07-10 11:08 - 2014-07-10 11:08 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\1538
2014-07-10 08:56 - 2014-07-10 09:04 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\1554
2014-07-10 08:56 - 2014-07-10 08:56 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\1554\container.dat
2014-07-10 09:19 - 2014-07-10 09:20 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\15b4
2014-07-10 09:20 - 2014-07-10 09:20 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\15b4\container.dat
2014-07-10 08:42 - 2014-07-10 08:53 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\15d0
2014-07-10 08:43 - 2014-07-10 08:43 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\15d0\container.dat
2014-07-10 12:40 - 2014-07-10 12:50 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\15d8
2014-07-10 12:43 - 2014-07-10 12:43 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\15d8\container.dat
2014-07-09 15:29 - 2014-07-09 15:30 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\15fc
2014-07-09 15:30 - 2014-07-09 15:30 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\15fc\container.dat
2014-07-10 09:27 - 2014-07-10 09:28 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\1640
2014-07-10 09:28 - 2014-07-10 09:28 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\1640\container.dat
2014-07-10 11:48 - 2014-07-10 11:54 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\164c
2014-07-10 11:49 - 2014-07-10 11:49 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\164c\container.dat
2014-07-09 14:56 - 2014-07-09 15:07 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\167c
2014-07-09 14:57 - 2014-07-09 14:57 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\167c\container.dat
2014-07-09 15:07 - 2014-07-09 15:07 - 0000722 _____ () C:\Users\ronwa\AppData\Local\temp\167c\SPIM5CYS.txt
2014-07-10 11:20 - 2014-07-10 11:20 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\168c
2014-07-10 13:29 - 2014-07-10 13:29 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\1694
2014-07-09 15:41 - 2014-07-09 15:53 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\16a0
2014-07-09 15:42 - 2014-07-09 15:42 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\16a0\container.dat
2014-07-10 09:17 - 2014-07-10 09:18 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\16e4
2014-07-10 09:18 - 2014-07-10 09:18 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\16e4\container.dat
2014-07-10 08:31 - 2014-07-10 08:43 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\16f8
2014-07-10 08:33 - 2014-07-10 08:33 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\16f8\container.dat
2014-07-10 11:02 - 2014-07-10 11:02 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\16fc
2014-07-10 10:37 - 2014-07-10 10:37 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\1710
2014-07-10 11:09 - 2014-07-10 11:09 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\175c
2014-07-09 15:19 - 2014-07-09 15:23 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\1764
2014-07-09 15:23 - 2014-07-09 15:23 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\1764\container.dat
2014-07-09 15:14 - 2014-07-09 15:14 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\1784
2014-07-10 08:31 - 2014-07-10 08:41 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\17f0
2014-07-10 08:32 - 2014-07-10 08:32 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\17f0\container.dat
2014-07-09 15:20 - 2014-07-09 15:21 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\17f8
2014-07-09 15:21 - 2014-07-09 15:21 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\17f8\container.dat
2014-07-10 09:17 - 2014-07-10 09:19 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\1804
2014-07-10 09:19 - 2014-07-10 09:19 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\1804\container.dat
2014-07-10 12:48 - 2014-07-10 12:49 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\1808
2014-07-10 12:49 - 2014-07-10 12:49 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\1808\container.dat
2014-07-09 15:28 - 2014-07-09 15:29 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\181c
2014-07-09 15:29 - 2014-07-09 15:29 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\181c\container.dat
2014-07-10 10:21 - 2014-07-10 10:21 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\1820
2014-07-10 12:19 - 2014-07-10 12:19 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\1830
2014-07-10 09:27 - 2014-07-10 09:28 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\184c
2014-07-10 09:28 - 2014-07-10 09:28 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\184c\container.dat
2014-07-10 09:18 - 2014-07-10 09:19 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\1870
2014-07-10 09:19 - 2014-07-10 09:19 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\1870\container.dat
2014-07-09 15:30 - 2014-07-09 15:40 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\1874
2014-07-09 15:32 - 2014-07-09 15:32 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\1874\container.dat
2014-07-10 09:18 - 2014-07-10 09:19 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\1884
2014-07-10 09:19 - 2014-07-10 09:19 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\1884\container.dat
2014-07-10 09:44 - 2014-07-10 09:44 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\1894
2014-07-09 15:28 - 2014-07-09 15:38 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\18a0
2014-07-09 15:29 - 2014-07-09 15:29 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\18a0\container.dat
2014-07-10 12:30 - 2014-07-10 12:30 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\18a8
2014-07-10 10:00 - 2014-07-10 10:00 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\18ac
2014-07-10 08:48 - 2014-07-10 08:58 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\18bc
2014-07-10 08:48 - 2014-07-10 08:48 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\18bc\container.dat
2014-07-10 09:17 - 2014-07-10 09:18 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\18c0
2014-07-10 09:18 - 2014-07-10 09:18 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\18c0\container.dat
2014-07-10 09:25 - 2014-07-10 09:26 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\18d0
2014-07-10 09:26 - 2014-07-10 09:26 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\18d0\container.dat
2014-07-10 12:46 - 2014-07-10 12:55 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\18d8
2014-07-10 12:47 - 2014-07-10 12:47 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\18d8\container.dat
2014-07-10 11:46 - 2014-07-10 11:48 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\18e8
2014-07-10 11:48 - 2014-07-10 11:48 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\18e8\container.dat
2014-07-10 13:29 - 2014-07-10 13:29 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\18f8
2014-07-10 12:57 - 2014-07-10 12:57 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\1918
2014-07-10 08:38 - 2014-07-10 08:51 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\1920
2014-07-10 08:39 - 2014-07-10 08:39 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\1920\container.dat
2014-07-10 13:12 - 2014-07-10 13:12 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\1928
2014-07-10 11:55 - 2014-07-10 11:55 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\1938
2014-07-10 09:17 - 2014-07-10 09:27 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\1940
2014-07-10 09:18 - 2014-07-10 09:18 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\1940\container.dat
2014-07-10 08:30 - 2014-07-10 08:43 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\194c
2014-07-10 08:31 - 2014-07-10 08:31 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\194c\container.dat
2014-07-10 12:05 - 2014-07-10 12:05 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\1950
2014-07-10 12:57 - 2014-07-10 12:57 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\1960
2014-07-10 12:54 - 2014-07-10 12:54 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\1974
2014-07-10 13:15 - 2014-07-10 13:15 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\197c
2014-07-10 12:00 - 2014-07-10 12:00 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\19ac
2014-07-10 12:08 - 2014-07-10 12:08 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\19b4
2014-07-09 15:14 - 2014-07-09 15:14 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\19b8
2014-07-10 11:47 - 2014-07-10 11:48 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\19cc
2014-07-10 11:48 - 2014-07-10 11:48 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\19cc\container.dat
2014-07-10 10:44 - 2014-07-10 10:44 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\19d0
2014-07-09 15:35 - 2014-07-09 15:46 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\1a08
2014-07-09 15:36 - 2014-07-09 15:36 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\1a08\container.dat
2014-07-10 08:30 - 2014-07-10 08:31 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\1a18
2014-07-10 08:31 - 2014-07-10 08:31 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\1a18\container.dat
2014-07-10 08:31 - 2014-07-10 08:43 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\1a20
2014-07-10 08:33 - 2014-07-10 08:33 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\1a20\container.dat
2014-07-10 08:44 - 2014-07-10 08:56 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\1a24
2014-07-10 08:45 - 2014-07-10 08:45 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\1a24\container.dat
2014-07-10 11:05 - 2014-07-10 11:05 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\1a28
2014-07-10 13:03 - 2014-07-10 13:03 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\1a2c
2014-07-10 08:30 - 2014-07-10 08:31 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\1a30
2014-07-10 08:31 - 2014-07-10 08:31 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\1a30\container.dat
2014-07-09 15:35 - 2014-07-09 15:36 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\1a34
2014-07-09 15:36 - 2014-07-09 15:36 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\1a34\container.dat
2014-07-10 11:47 - 2014-07-10 11:57 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\1a58
2014-07-10 11:48 - 2014-07-10 11:48 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\1a58\container.dat
2014-07-10 11:10 - 2014-07-10 11:10 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\1a60
2014-07-10 09:05 - 2014-07-10 09:05 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\1a7c
2014-07-10 13:23 - 2014-07-10 13:23 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\1a84
2014-07-10 10:51 - 2014-07-10 10:51 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\1a88
2014-07-10 08:30 - 2014-07-10 08:42 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\1a94
2014-07-10 08:32 - 2014-07-10 08:32 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\1a94\container.dat
2014-07-10 09:19 - 2014-07-10 09:29 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\1ab4
2014-07-10 09:20 - 2014-07-10 09:20 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\1ab4\container.dat
2014-07-09 14:57 - 2014-07-09 15:09 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\1abc
2014-07-09 14:58 - 2014-07-09 14:58 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\1abc\container.dat
2014-07-10 09:40 - 2014-07-10 09:40 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\1ad4
2014-07-09 14:55 - 2014-07-09 14:57 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\1ad8
2014-07-09 14:57 - 2014-07-09 14:57 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\1ad8\container.dat
2014-07-10 11:46 - 2014-07-10 11:54 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\1ae8
2014-07-10 11:48 - 2014-07-10 11:48 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\1ae8\container.dat
2014-07-10 12:17 - 2014-07-10 12:17 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\1b08
2014-07-10 12:14 - 2014-07-10 12:14 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\1b0c
2014-07-09 14:57 - 2014-07-09 14:59 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\1b38
2014-07-09 14:58 - 2014-07-09 14:58 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\1b38\container.dat
2014-07-09 14:56 - 2014-07-09 14:58 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\1b44
2014-07-09 14:58 - 2014-07-09 14:58 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\1b44\container.dat
2014-07-10 09:18 - 2014-07-10 09:19 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\1b60
2014-07-10 09:19 - 2014-07-10 09:19 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\1b60\container.dat
2014-07-10 10:23 - 2014-07-10 10:23 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\1b6c
2014-07-10 12:48 - 2014-07-10 12:49 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\1b74
2014-07-10 12:49 - 2014-07-10 12:49 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\1b74\container.dat
2014-07-10 11:54 - 2014-07-10 11:55 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\1b84
2014-07-10 11:55 - 2014-07-10 11:55 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\1b84\container.dat
2014-07-10 09:46 - 2014-07-10 09:46 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\1b88
2014-07-10 10:54 - 2014-07-10 10:54 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\1b98
2014-07-10 08:32 - 2014-07-10 08:33 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\1ba4
2014-07-10 08:33 - 2014-07-10 08:33 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\1ba4\container.dat
2014-07-10 11:47 - 2014-07-10 11:48 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\1ba8
2014-07-10 11:48 - 2014-07-10 11:48 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\1ba8\container.dat
2014-07-10 11:46 - 2014-07-10 11:57 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\1bd0
2014-07-10 11:48 - 2014-07-10 11:48 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\1bd0\container.dat
2014-07-10 11:47 - 2014-07-10 11:48 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\1bd4
2014-07-10 11:48 - 2014-07-10 11:48 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\1bd4\container.dat
2014-07-10 13:16 - 2014-07-10 13:16 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\1be4
2014-07-10 12:23 - 2014-07-10 12:23 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\1bec
2014-07-10 13:02 - 2014-07-10 13:02 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\1bf8
2014-07-10 13:24 - 2014-07-10 13:24 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\1c20
2014-07-10 12:16 - 2014-07-10 12:16 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\1c4c
2014-07-10 09:18 - 2014-07-10 09:19 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\1c5c
2014-07-10 09:19 - 2014-07-10 09:19 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\1c5c\container.dat
2014-07-09 15:51 - 2014-07-09 15:53 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\1c60
2014-07-09 15:53 - 2014-07-09 15:53 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\1c60\container.dat
2014-07-10 13:08 - 2014-07-10 13:08 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\1c6c
2014-07-10 08:31 - 2014-07-10 08:32 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\1c70
2014-07-10 08:32 - 2014-07-10 08:32 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\1c70\container.dat
2014-07-10 12:56 - 2014-07-10 12:56 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\1c80
2014-07-10 09:18 - 2014-07-10 09:20 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\1c90
2014-07-10 09:20 - 2014-07-10 09:20 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\1c90\container.dat
2014-07-09 15:19 - 2014-07-09 15:20 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\1c98
2014-07-09 15:20 - 2014-07-09 15:20 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\1c98\container.dat
2014-07-10 10:37 - 2014-07-10 10:37 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\1c9c
2014-07-10 10:15 - 2014-07-10 10:15 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\1ca0
2014-07-09 15:14 - 2014-07-09 15:14 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\1ca4
2014-07-10 08:30 - 2014-07-10 08:32 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\1cb0
2014-07-10 08:32 - 2014-07-10 08:32 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\1cb0\container.dat
2014-07-09 15:19 - 2014-07-09 15:20 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\1cb4
2014-07-09 15:20 - 2014-07-09 15:20 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\1cb4\container.dat
2014-07-10 13:16 - 2014-07-10 13:16 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\1cdc
2014-07-09 14:56 - 2014-07-09 14:57 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\1ce4
2014-07-09 14:57 - 2014-07-09 14:57 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\1ce4\container.dat
2014-07-09 15:48 - 2014-07-09 15:49 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\1ce8
2014-07-09 15:49 - 2014-07-09 15:49 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\1ce8\container.dat
2014-07-10 10:23 - 2014-07-10 10:23 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\1cf0
2014-07-10 12:49 - 2014-07-10 12:50 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\1d08
2014-07-10 12:50 - 2014-07-10 12:50 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\1d08\container.dat
2014-07-09 14:58 - 2014-07-09 15:09 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\1d0c
2014-07-09 14:59 - 2014-07-09 14:59 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\1d0c\container.dat
2014-07-09 15:15 - 2014-07-09 15:15 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\1d1c
2014-07-10 10:45 - 2014-07-10 10:45 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\1d20
2014-07-09 15:13 - 2014-07-09 15:15 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\1d28
2014-07-09 15:15 - 2014-07-09 15:15 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\1d28\container.dat
2014-07-09 15:20 - 2014-07-09 15:21 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\1d30
2014-07-09 15:21 - 2014-07-09 15:21 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\1d30\container.dat
2014-07-09 14:56 - 2014-07-09 14:57 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\1d34
2014-07-09 14:57 - 2014-07-09 14:57 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\1d34\container.dat
2014-07-09 15:05 - 2014-07-09 15:09 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\1d38
2014-07-09 15:06 - 2014-07-09 15:06 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\1d38\container.dat
2014-07-09 15:19 - 2014-07-09 15:31 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\1d44
2014-07-09 15:21 - 2014-07-09 15:21 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\1d44\container.dat
2014-07-09 14:56 - 2014-07-09 14:57 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\1d60
2014-07-09 14:57 - 2014-07-09 14:57 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\1d60\container.dat
2014-07-10 08:31 - 2014-07-10 08:32 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\1d64
2014-07-10 08:32 - 2014-07-10 08:32 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\1d64\container.dat
2014-07-10 12:31 - 2014-07-10 12:31 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\1d74
2014-07-10 13:13 - 2014-07-10 13:13 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\1d84
2014-07-10 08:31 - 2014-07-10 08:32 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\1d88
2014-07-10 08:32 - 2014-07-10 08:32 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\1d88\container.dat
2014-07-10 08:32 - 2014-07-10 08:44 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\1d90
2014-07-10 08:33 - 2014-07-10 08:33 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\1d90\container.dat
2014-07-10 09:06 - 2014-07-10 09:06 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\1da8
2014-07-09 15:19 - 2014-07-09 15:21 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\1dac
2014-07-09 15:21 - 2014-07-09 15:21 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\1dac\container.dat
2014-07-10 13:04 - 2014-07-10 13:04 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\1db0
2014-07-10 08:41 - 2014-07-10 08:52 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\1dc4
2014-07-10 08:41 - 2014-07-10 08:41 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\1dc4\container.dat
2014-07-10 09:00 - 2014-07-10 09:04 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\1de0
2014-07-10 09:00 - 2014-07-10 09:00 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\1de0\container.dat
2014-07-10 12:21 - 2014-07-10 12:21 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\1de8
2014-07-09 15:14 - 2014-07-09 15:14 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\1df0
2014-07-10 12:05 - 2014-07-10 12:05 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\1df4
2014-07-10 12:22 - 2014-07-10 12:22 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\1e00
2014-07-10 08:31 - 2014-07-10 08:41 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\1e28
2014-07-10 08:32 - 2014-07-10 08:32 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\1e28\container.dat
2014-07-09 14:56 - 2014-07-09 15:08 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\1e48
2014-07-09 14:57 - 2014-07-09 14:57 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\1e48\container.dat
2014-07-09 14:56 - 2014-07-09 14:58 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\1e54
2014-07-09 14:58 - 2014-07-09 14:58 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\1e54\container.dat
2014-07-10 12:09 - 2014-07-10 12:09 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\1e64
2014-07-09 15:14 - 2014-07-09 15:14 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\1e68
2014-07-09 15:19 - 2014-07-09 15:20 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\1e6c
2014-07-09 15:20 - 2014-07-09 15:20 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\1e6c\container.dat
2014-07-10 08:31 - 2014-07-10 08:32 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\1e74
2014-07-10 08:32 - 2014-07-10 08:32 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\1e74\container.dat
2014-07-09 14:56 - 2014-07-09 15:09 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\1e84
2014-07-09 14:57 - 2014-07-09 14:57 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\1e84\container.dat
2014-07-10 11:48 - 2014-07-10 11:49 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\1ea0
2014-07-10 11:49 - 2014-07-10 11:49 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\1ea0\container.dat
2014-07-10 12:30 - 2014-07-10 12:30 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\1ea8
2014-07-09 15:14 - 2014-07-09 15:14 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\1ec8
2014-07-09 15:14 - 2014-07-09 15:15 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\1ee4
2014-07-09 15:15 - 2014-07-09 15:15 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\1ee4\container.dat
2014-07-09 15:19 - 2014-07-09 15:30 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\1ef4
2014-07-09 15:20 - 2014-07-09 15:20 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\1ef4\container.dat
2014-07-09 15:46 - 2014-07-09 15:53 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\1f00
2014-07-09 15:49 - 2014-07-09 15:49 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\1f00\container.dat
2014-07-10 13:01 - 2014-07-10 13:01 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\1f10
2014-07-10 12:14 - 2014-07-10 12:14 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\1f30
2014-07-10 12:13 - 2014-07-10 12:13 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\1f34
2014-07-09 15:19 - 2014-07-09 15:22 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\1f38
2014-07-09 15:20 - 2014-07-09 15:20 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\1f38\container.dat
2014-07-10 13:22 - 2014-07-10 13:22 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\1f48
2014-07-10 13:25 - 2014-07-10 13:25 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\1f50
2014-07-09 14:56 - 2014-07-09 14:57 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\1f54
2014-07-09 14:57 - 2014-07-09 14:57 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\1f54\container.dat
2014-07-09 15:14 - 2014-07-09 15:15 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\1f60
2014-07-09 15:15 - 2014-07-09 15:15 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\1f60\container.dat
2014-07-10 08:50 - 2014-07-10 09:02 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\1f74
2014-07-10 08:50 - 2014-07-10 08:50 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\1f74\container.dat
2014-07-10 13:15 - 2014-07-10 13:15 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\1f88
2014-07-10 11:48 - 2014-07-10 11:55 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\1f8c
2014-07-10 11:49 - 2014-07-10 11:49 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\1f8c\container.dat
2014-07-10 12:26 - 2014-07-10 12:31 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\1f94
2014-07-10 12:29 - 2014-07-10 12:29 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\1f94\container.dat
2014-07-10 13:20 - 2014-07-10 13:20 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\1f9c
2014-07-10 08:31 - 2014-07-10 08:32 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\1fb4
2014-07-10 08:32 - 2014-07-10 08:32 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\1fb4\container.dat
2014-07-09 15:20 - 2014-07-09 15:21 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\1fc0
2014-07-09 15:21 - 2014-07-09 15:21 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\1fc0\container.dat
2014-07-10 11:16 - 2014-07-10 11:16 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\1fc4
2014-07-10 12:39 - 2014-07-10 12:39 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\1fcc
2014-07-10 12:42 - 2014-07-10 12:45 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\1fe0
2014-07-10 12:43 - 2014-07-10 12:43 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\1fe0\container.dat
2014-07-10 13:22 - 2014-07-10 13:22 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\1ff0
2014-07-10 12:13 - 2014-07-10 12:13 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\1ff8
2014-07-10 11:27 - 2014-07-10 11:27 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\200
2014-07-10 13:18 - 2014-07-10 13:18 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\2030
2014-07-10 12:12 - 2014-07-10 12:12 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\204c
2014-07-10 11:06 - 2014-07-10 11:06 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\2050
2014-07-10 13:33 - 2014-07-10 13:33 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\2054
2014-07-10 08:32 - 2014-07-10 08:34 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\2064
2014-07-10 08:34 - 2014-07-10 08:34 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\2064\container.dat
2014-07-10 10:40 - 2014-07-10 10:40 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\2068
2014-07-10 13:12 - 2014-07-10 13:12 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\206c
2014-07-10 09:19 - 2014-07-10 09:20 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\2080
2014-07-10 09:20 - 2014-07-10 09:20 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\2080\container.dat
2014-07-10 08:54 - 2014-07-10 09:02 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\20b0
2014-07-10 08:54 - 2014-07-10 08:54 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\20b0\container.dat
2014-07-10 12:03 - 2014-07-10 12:03 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\20bc
2014-07-09 15:47 - 2014-07-09 15:54 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\20dc
2014-07-09 15:48 - 2014-07-09 15:48 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\20dc\container.dat
2014-07-09 15:08 - 2014-07-09 15:09 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\20e8
2014-07-09 15:09 - 2014-07-09 15:09 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\20e8\container.dat
2014-07-10 12:09 - 2014-07-10 12:09 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\20fc
2014-07-10 08:40 - 2014-07-10 08:51 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\2104
2014-07-10 08:40 - 2014-07-10 08:40 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\2104\container.dat
2014-07-10 12:00 - 2014-07-10 12:00 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\2114
2014-07-10 11:21 - 2014-07-10 11:21 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\211c
2014-07-09 14:57 - 2014-07-09 14:58 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\2128
2014-07-09 14:58 - 2014-07-09 14:58 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\2128\container.dat
2014-07-09 15:21 - 2014-07-09 15:22 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\2134
2014-07-09 15:22 - 2014-07-09 15:22 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\2134\container.dat
2014-07-10 10:43 - 2014-07-10 10:43 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\213c
2014-07-10 11:48 - 2014-07-10 11:49 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\2144
2014-07-10 11:49 - 2014-07-10 11:49 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\2144\container.dat
2014-07-10 13:17 - 2014-07-10 13:17 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\2148
2014-07-10 09:19 - 2014-07-10 09:21 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\214c
2014-07-10 09:21 - 2014-07-10 09:21 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\214c\container.dat
2014-07-10 09:36 - 2014-07-10 09:36 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\2158
2014-07-09 15:42 - 2014-07-09 15:53 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\2168
2014-07-09 15:43 - 2014-07-09 15:43 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\2168\container.dat
2014-07-10 11:48 - 2014-07-10 11:49 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\2188
2014-07-10 11:49 - 2014-07-10 11:49 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\2188\container.dat
2014-07-10 09:02 - 2014-07-10 09:02 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\2190
2014-07-10 09:02 - 2014-07-10 09:02 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\2190\container.dat
2014-07-10 08:48 - 2014-07-10 08:57 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\219c
2014-07-10 08:48 - 2014-07-10 08:48 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\219c\container.dat
2014-07-10 09:26 - 2014-07-10 09:30 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\21a8
2014-07-10 09:27 - 2014-07-10 09:27 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\21a8\container.dat
2014-07-09 15:56 - 2014-07-09 15:56 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\21ac
2014-07-10 13:28 - 2014-07-10 13:28 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\21e0
2014-07-09 14:57 - 2014-07-09 15:08 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\2204
2014-07-09 14:59 - 2014-07-09 14:59 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\2204\container.dat
2014-07-10 09:19 - 2014-07-10 09:29 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\2214
2014-07-10 09:20 - 2014-07-10 09:20 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\2214\container.dat
2014-07-10 08:40 - 2014-07-10 08:45 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\2218
2014-07-10 08:40 - 2014-07-10 08:40 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\2218\container.dat
2014-07-10 11:48 - 2014-07-10 12:01 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\2220
2014-07-10 11:49 - 2014-07-10 11:49 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\2220\container.dat
2014-07-10 13:17 - 2014-07-10 13:17 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\2224
2014-07-09 15:48 - 2014-07-09 15:49 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\2230
2014-07-09 15:49 - 2014-07-09 15:49 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\2230\container.dat
2014-07-10 09:19 - 2014-07-10 09:31 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\2240
2014-07-10 09:20 - 2014-07-10 09:20 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\2240\container.dat
2014-07-10 12:04 - 2014-07-10 12:04 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\224c
2014-07-10 08:32 - 2014-07-10 08:33 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\2254
2014-07-10 08:33 - 2014-07-10 08:33 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\2254\container.dat
2014-07-10 09:56 - 2014-07-10 10:07 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\225c
2014-07-10 09:57 - 2014-07-10 09:57 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\225c\container.dat
2014-07-10 12:09 - 2014-07-10 12:09 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\2260
2014-07-10 13:02 - 2014-07-10 13:02 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\226c
2014-07-10 08:32 - 2014-07-10 08:46 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\2270
2014-07-10 08:33 - 2014-07-10 08:33 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\2270\container.dat
2014-07-10 12:46 - 2014-07-10 12:47 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\22a8
2014-07-10 12:47 - 2014-07-10 12:47 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\22a8\container.dat
2014-07-10 12:13 - 2014-07-10 12:13 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\22d0
2014-07-10 11:49 - 2014-07-10 11:59 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\22d4
2014-07-10 11:50 - 2014-07-10 11:50 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\22d4\container.dat
2014-07-09 15:20 - 2014-07-09 15:22 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\22d8
2014-07-09 15:22 - 2014-07-09 15:22 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\22d8\container.dat
2014-07-10 10:36 - 2014-07-10 10:36 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\22dc
2014-07-10 12:39 - 2014-07-10 12:39 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\22ec
2014-07-10 12:27 - 2014-07-10 12:30 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\22f8
2014-07-10 12:30 - 2014-07-10 12:30 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\22f8\container.dat
2014-07-10 08:32 - 2014-07-10 08:43 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\22fc
2014-07-10 08:33 - 2014-07-10 08:33 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\22fc\container.dat
2014-07-09 15:55 - 2014-07-09 15:55 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\2300
2014-07-10 08:44 - 2014-07-10 08:55 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\2310
2014-07-10 08:44 - 2014-07-10 08:44 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\2310\container.dat
2014-07-09 14:57 - 2014-07-09 14:58 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\2330
2014-07-09 14:58 - 2014-07-09 14:58 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\2330\container.dat
2014-07-09 15:49 - 2014-07-09 15:55 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\2334
2014-07-09 15:50 - 2014-07-09 15:50 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\2334\container.dat
2014-07-10 09:19 - 2014-07-10 09:30 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\2340
2014-07-10 09:20 - 2014-07-10 09:20 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\2340\container.dat
2014-07-10 09:19 - 2014-07-10 09:21 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\2348
2014-07-10 09:21 - 2014-07-10 09:21 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\2348\container.dat
2014-07-10 13:33 - 2014-07-10 13:35 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\234c
2014-07-10 13:35 - 2014-07-10 13:35 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\234c\container.dat
2014-07-10 13:06 - 2014-07-10 13:06 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\2350
2014-07-10 08:49 - 2014-07-10 08:59 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\236c
2014-07-10 08:50 - 2014-07-10 08:50 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\236c\container.dat
2014-07-09 15:55 - 2014-07-09 15:55 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\23c4
2014-07-10 10:03 - 2014-07-10 10:03 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\23d4
2014-07-10 11:55 - 2014-07-10 11:55 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\23f8
2014-07-09 15:29 - 2014-07-09 15:30 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\2410
2014-07-09 15:30 - 2014-07-09 15:30 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\2410\container.dat
2014-07-10 13:33 - 2014-07-10 13:33 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\241c
2014-07-10 10:11 - 2014-07-10 10:11 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\2434
2014-07-09 14:57 - 2014-07-09 14:58 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\2440
2014-07-09 14:58 - 2014-07-09 14:58 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\2440\container.dat
2014-07-10 12:18 - 2014-07-10 12:18 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\244c
2014-07-10 08:32 - 2014-07-10 08:34 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\2454
2014-07-10 08:34 - 2014-07-10 08:34 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\2454\container.dat
2014-07-10 08:51 - 2014-07-10 09:02 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\2458
2014-07-10 08:52 - 2014-07-10 08:52 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\2458\container.dat
2014-07-10 12:54 - 2014-07-10 12:54 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\245c
2014-07-10 12:54 - 2014-07-10 12:54 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\246c
2014-07-10 12:48 - 2014-07-10 12:50 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\2474
2014-07-10 12:49 - 2014-07-10 12:49 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\2474\container.dat
2014-07-10 11:29 - 2014-07-10 11:29 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\2478
2014-07-09 14:55 - 2014-07-09 15:08 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\248
2014-07-09 14:57 - 2014-07-09 14:57 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\248\container.dat
2014-07-10 13:22 - 2014-07-10 13:22 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\2488
2014-07-09 15:42 - 2014-07-09 15:45 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\249c
2014-07-09 15:43 - 2014-07-09 15:43 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\249c\container.dat
2014-07-10 11:48 - 2014-07-10 11:49 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\24a0
2014-07-10 11:49 - 2014-07-10 11:49 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\24a0\container.dat
2014-07-10 13:31 - 2014-07-10 13:31 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\24a4
2014-07-10 13:23 - 2014-07-10 13:23 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\24c0
2014-07-10 12:31 - 2014-07-10 12:31 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\24d0
2014-07-10 13:10 - 2014-07-10 13:10 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\24f0
2014-07-10 11:13 - 2014-07-10 11:13 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\2500
2014-07-10 13:31 - 2014-07-10 13:31 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\250c
2014-07-10 12:56 - 2014-07-10 12:56 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\251c
2014-07-10 09:31 - 2014-07-10 09:31 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\2540
2014-07-09 14:58 - 2014-07-09 15:09 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\2548
2014-07-09 14:59 - 2014-07-09 14:59 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\2548\container.dat
2014-07-10 11:48 - 2014-07-10 11:55 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\254c
2014-07-10 11:50 - 2014-07-10 11:50 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\254c\container.dat
2014-07-10 12:07 - 2014-07-10 12:07 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\255c
2014-07-10 11:38 - 2014-07-10 11:38 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\2560
2014-07-10 08:44 - 2014-07-10 08:53 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\2574
2014-07-10 08:44 - 2014-07-10 08:44 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\2574\container.dat
2014-07-10 12:45 - 2014-07-10 12:46 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\2590
2014-07-10 12:46 - 2014-07-10 12:46 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\2590\container.dat
2014-07-09 15:21 - 2014-07-09 15:34 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\2598
2014-07-09 15:22 - 2014-07-09 15:22 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\2598\container.dat
2014-07-09 15:21 - 2014-07-09 15:34 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\259c
2014-07-09 15:22 - 2014-07-09 15:22 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\259c\container.dat
2014-07-09 15:21 - 2014-07-09 15:31 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\25a4
2014-07-09 15:22 - 2014-07-09 15:22 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\25a4\container.dat
2014-07-10 13:08 - 2014-07-10 13:08 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\25a8
2014-07-10 10:12 - 2014-07-10 10:12 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\25ac
2014-07-10 12:31 - 2014-07-10 12:31 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\25b0
2014-07-09 15:06 - 2014-07-09 15:08 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\25d8
2014-07-09 15:08 - 2014-07-09 15:08 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\25d8\container.dat
2014-07-10 11:59 - 2014-07-10 11:59 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\25f4
2014-07-09 15:04 - 2014-07-09 15:09 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\2614
2014-07-09 15:05 - 2014-07-09 15:05 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\2614\container.dat
2014-07-09 15:36 - 2014-07-09 15:49 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\2630
2014-07-09 15:49 - 2014-07-09 15:49 - 0005114 _____ () C:\Users\ronwa\AppData\Local\temp\2630\9C9PIGI3.txt
2014-07-09 15:37 - 2014-07-09 15:37 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\2630\container.dat
2014-07-10 12:05 - 2014-07-10 12:05 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\263c
2014-07-10 12:59 - 2014-07-10 12:59 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\2660
2014-07-10 13:09 - 2014-07-10 13:09 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\2664
2014-07-10 09:20 - 2014-07-10 09:21 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\2680
2014-07-10 09:21 - 2014-07-10 09:21 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\2680\container.dat
2014-07-10 13:20 - 2014-07-10 13:20 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\2698
2014-07-10 12:51 - 2014-07-10 12:51 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\26c0
2014-07-09 15:21 - 2014-07-09 15:22 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\26c4
2014-07-09 15:22 - 2014-07-09 15:22 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\26c4\container.dat
2014-07-10 13:27 - 2014-07-10 13:27 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\26c8
2014-07-09 14:57 - 2014-07-09 14:59 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\26e0
2014-07-09 14:59 - 2014-07-09 14:59 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\26e0\container.dat
2014-07-10 13:15 - 2014-07-10 13:15 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\26e4
2014-07-10 11:48 - 2014-07-10 11:50 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\2700
2014-07-10 11:50 - 2014-07-10 11:50 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\2700\container.dat
2014-07-10 09:24 - 2014-07-10 09:28 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\2720
2014-07-10 09:26 - 2014-07-10 09:26 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\2720\container.dat
2014-07-10 12:48 - 2014-07-10 12:49 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\2748
2014-07-10 12:49 - 2014-07-10 12:49 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\2748\container.dat
2014-07-10 13:11 - 2014-07-10 13:11 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\2754
2014-07-10 12:52 - 2014-07-10 12:52 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\2778
2014-07-10 11:48 - 2014-07-10 11:50 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\277c
2014-07-10 11:50 - 2014-07-10 11:50 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\277c\container.dat
2014-07-10 12:47 - 2014-07-10 12:51 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\2784
2014-07-10 12:49 - 2014-07-10 12:49 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\2784\container.dat
2014-07-10 08:49 - 2014-07-10 08:51 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\278c
2014-07-10 08:49 - 2014-07-10 08:49 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\278c\container.dat
2014-07-10 12:21 - 2014-07-10 12:21 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\2794
2014-07-10 09:27 - 2014-07-10 09:27 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\27c0
2014-07-10 12:40 - 2014-07-10 12:52 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\27c4
2014-07-10 12:43 - 2014-07-10 12:43 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\27c4\container.dat
2014-07-09 15:09 - 2014-07-09 15:09 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\27dc
2014-07-10 08:56 - 2014-07-10 09:03 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\27e0
2014-07-10 08:56 - 2014-07-10 08:56 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\27e0\container.dat
2014-07-10 09:24 - 2014-07-10 09:35 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\27ec
2014-07-10 09:25 - 2014-07-10 09:25 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\27ec\container.dat
2014-07-10 12:27 - 2014-07-10 12:29 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\286c
2014-07-10 12:29 - 2014-07-10 12:29 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\286c\container.dat
2014-07-10 13:06 - 2014-07-10 13:06 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\287c
2014-07-10 11:29 - 2014-07-10 11:29 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\2898
2014-07-10 08:32 - 2014-07-10 08:34 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\28a0
2014-07-10 08:34 - 2014-07-10 08:34 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\28a0\container.dat
2014-07-09 14:58 - 2014-07-09 14:59 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\28b0
2014-07-09 14:59 - 2014-07-09 14:59 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\28b0\container.dat
2014-07-10 12:01 - 2014-07-10 12:01 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\28b4
2014-07-10 08:32 - 2014-07-10 08:34 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\28e0
2014-07-10 08:34 - 2014-07-10 08:34 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\28e0\container.dat
2014-07-10 12:38 - 2014-07-10 12:38 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\28e4
2014-07-10 09:09 - 2014-07-10 09:09 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\290
2014-07-10 11:49 - 2014-07-10 11:50 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\2904
2014-07-10 11:50 - 2014-07-10 11:50 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\2904\container.dat
2014-07-10 11:39 - 2014-07-10 11:42 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\2950
2014-07-10 11:42 - 2014-07-10 11:42 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\2950\container.dat
2014-07-10 11:49 - 2014-07-10 11:58 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\2970
2014-07-10 11:50 - 2014-07-10 11:50 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\2970\container.dat
2014-07-10 11:55 - 2014-07-10 11:55 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\2974
2014-07-10 08:56 - 2014-07-10 09:07 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\2978
2014-07-10 08:56 - 2014-07-10 08:56 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\2978\container.dat
2014-07-10 13:12 - 2014-07-10 13:12 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\29ac
2014-07-10 13:06 - 2014-07-10 13:06 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\29b8
2014-07-09 15:39 - 2014-07-09 15:50 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\29c8
2014-07-09 15:41 - 2014-07-09 15:41 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\29c8\container.dat
2014-07-10 13:20 - 2014-07-10 13:20 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\29d0
2014-07-10 13:15 - 2014-07-10 13:15 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\29d4
2014-07-10 09:32 - 2014-07-10 09:32 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\29dc
2014-07-10 13:21 - 2014-07-10 13:21 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\29e4
2014-07-10 12:40 - 2014-07-10 12:50 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\29f0
2014-07-10 12:43 - 2014-07-10 12:43 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\29f0\container.dat
2014-07-10 12:19 - 2014-07-10 12:19 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\2a08
2014-07-10 13:30 - 2014-07-10 13:30 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\2a14
2014-07-10 12:40 - 2014-07-10 12:53 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\2a20
2014-07-10 12:44 - 2014-07-10 12:44 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\2a20\container.dat
2014-07-09 15:09 - 2014-07-09 15:09 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\2a24
2014-07-10 12:05 - 2014-07-10 12:05 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\2a3c
2014-07-10 10:41 - 2014-07-10 10:41 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\2a68
2014-07-10 09:08 - 2014-07-10 09:08 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\2a74
2014-07-10 08:44 - 2014-07-10 08:56 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\2a80
2014-07-10 08:44 - 2014-07-10 08:44 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\2a80\container.dat
2014-07-10 12:04 - 2014-07-10 12:04 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\2a98
2014-07-09 15:05 - 2014-07-09 15:06 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\2abc
2014-07-09 15:06 - 2014-07-09 15:06 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\2abc\container.dat
2014-07-10 10:22 - 2014-07-10 10:22 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\2acc
2014-07-10 08:33 - 2014-07-10 08:44 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\2ae8
2014-07-10 08:34 - 2014-07-10 08:34 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\2ae8\container.dat
2014-07-10 09:12 - 2014-07-10 09:12 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\2aec
2014-07-10 08:51 - 2014-07-10 09:00 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\2b0c
2014-07-10 08:51 - 2014-07-10 08:51 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\2b0c\container.dat
2014-07-10 12:33 - 2014-07-10 12:33 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\2b18
2014-07-10 09:09 - 2014-07-10 09:09 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\2b24
2014-07-10 12:36 - 2014-07-10 12:36 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\2b34
2014-07-09 15:21 - 2014-07-09 15:31 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\2b64
2014-07-09 15:22 - 2014-07-09 15:22 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\2b64\container.dat
2014-07-10 09:45 - 2014-07-10 09:45 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\2b74
2014-07-10 10:54 - 2014-07-10 10:54 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\2b78
2014-07-09 15:49 - 2014-07-09 15:50 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\2b8
2014-07-09 15:50 - 2014-07-09 15:50 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\2b8\container.dat
2014-07-10 12:03 - 2014-07-10 12:03 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\2ba4
2014-07-09 14:58 - 2014-07-09 14:59 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\2bb8
2014-07-09 14:59 - 2014-07-09 14:59 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\2bb8\container.dat
2014-07-10 12:27 - 2014-07-10 12:28 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\2bc8
2014-07-10 12:28 - 2014-07-10 12:28 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\2bc8\container.dat
2014-07-10 08:40 - 2014-07-10 08:49 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\2bcc
2014-07-10 08:40 - 2014-07-10 08:40 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\2bcc\container.dat
2014-07-10 11:55 - 2014-07-10 11:55 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\2bd4
2014-07-10 09:27 - 2014-07-10 09:30 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\2bec
2014-07-10 09:28 - 2014-07-10 09:28 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\2bec\container.dat
2014-07-10 12:15 - 2014-07-10 12:15 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\2bf4
2014-07-10 10:58 - 2014-07-10 10:58 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\2bfc
2014-07-10 10:26 - 2014-07-10 10:26 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\2c14
2014-07-10 09:10 - 2014-07-10 09:10 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\2c18
2014-07-10 13:14 - 2014-07-10 13:14 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\2c1c
2014-07-10 08:46 - 2014-07-10 08:56 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\2c20
2014-07-10 08:46 - 2014-07-10 08:46 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\2c20\container.dat
2014-07-10 08:48 - 2014-07-10 08:58 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\2c30
2014-07-10 08:49 - 2014-07-10 08:49 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\2c30\container.dat
2014-07-10 09:30 - 2014-07-10 09:30 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\2c3c
2014-07-10 11:33 - 2014-07-10 11:33 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\2c4c
2014-07-10 12:40 - 2014-07-10 12:52 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\2c74
2014-07-10 12:44 - 2014-07-10 12:44 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\2c74\container.dat
2014-07-10 12:56 - 2014-07-10 12:56 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\2c8c
2014-07-10 10:24 - 2014-07-10 10:24 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\2c94
2014-07-10 12:13 - 2014-07-10 12:13 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\2ca0
2014-07-10 11:20 - 2014-07-10 11:20 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\2cac
2014-07-10 08:54 - 2014-07-10 09:03 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\2cb0
2014-07-10 08:55 - 2014-07-10 08:55 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\2cb0\container.dat
2014-07-10 12:22 - 2014-07-10 12:22 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\2cb8
2014-07-10 12:32 - 2014-07-10 12:32 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\2cdc
2014-07-10 13:13 - 2014-07-10 13:13 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\2ce4
2014-07-10 13:11 - 2014-07-10 13:11 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\2cf8
2014-07-10 10:38 - 2014-07-10 10:38 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\2cfc
2014-07-10 12:55 - 2014-07-10 12:55 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\2d00
2014-07-10 13:05 - 2014-07-10 13:05 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\2d0c
2014-07-10 13:23 - 2014-07-10 13:23 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\2d10
2014-07-10 12:18 - 2014-07-10 12:18 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\2d24
2014-07-10 09:11 - 2014-07-10 09:11 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\2d34
2014-07-10 12:14 - 2014-07-10 12:14 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\2d48
2014-07-10 12:40 - 2014-07-10 12:43 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\2d68
2014-07-10 12:43 - 2014-07-10 12:43 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\2d68\container.dat
2014-07-10 10:13 - 2014-07-10 10:13 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\2d70
2014-07-10 13:34 - 2014-07-10 13:34 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\2d7c
2014-07-10 11:59 - 2014-07-10 11:59 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\2d90
2014-07-09 15:27 - 2014-07-09 15:40 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\2d98
2014-07-09 15:28 - 2014-07-09 15:28 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\2d98\container.dat
2014-07-09 15:27 - 2014-07-09 15:28 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\2dd8
2014-07-09 15:28 - 2014-07-09 15:28 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\2dd8\container.dat
2014-07-10 11:57 - 2014-07-10 11:57 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\2df8
2014-07-10 08:58 - 2014-07-10 08:59 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\2dfc
2014-07-10 08:59 - 2014-07-10 08:59 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\2dfc\container.dat
2014-07-10 11:58 - 2014-07-10 11:58 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\2e08
2014-07-10 12:18 - 2014-07-10 12:18 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\2e20
2014-07-10 10:10 - 2014-07-10 10:10 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\2e48
2014-07-10 10:49 - 2014-07-10 10:49 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\2e60
2014-07-09 15:25 - 2014-07-09 15:37 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\2e64
2014-07-09 15:27 - 2014-07-09 15:27 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\2e64\container.dat
2014-07-09 15:55 - 2014-07-09 15:55 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\2eb4
2014-07-10 12:24 - 2014-07-10 12:24 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\2ec4
2014-07-10 11:03 - 2014-07-10 11:03 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\2f0c
2014-07-10 08:43 - 2014-07-10 08:56 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\2f1c
2014-07-10 08:44 - 2014-07-10 08:44 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\2f1c\container.dat
2014-07-10 13:29 - 2014-07-10 13:29 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\2f4c
2014-07-10 09:03 - 2014-07-10 09:03 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\2f58
2014-07-10 10:29 - 2014-07-10 10:29 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\2f60
2014-07-10 12:59 - 2014-07-10 12:59 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\2f68
2014-07-10 11:56 - 2014-07-10 11:56 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\2f78
2014-07-10 12:10 - 2014-07-10 12:10 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\2f88
2014-07-10 12:30 - 2014-07-10 12:30 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\2f94
2014-07-10 12:04 - 2014-07-10 12:04 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\2fa4
2014-07-10 09:40 - 2014-07-10 09:40 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\2fa8
2014-07-10 13:34 - 2014-07-10 13:34 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\2fc0
2014-07-10 12:08 - 2014-07-10 12:08 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\2fc4
2014-07-10 09:26 - 2014-07-10 09:30 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\2fdc
2014-07-10 09:27 - 2014-07-10 09:27 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\2fdc\container.dat
2014-07-10 10:27 - 2014-07-10 10:27 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\2fe0
2014-07-10 08:57 - 2014-07-10 09:08 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\2fe4
2014-07-10 08:57 - 2014-07-10 08:57 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\2fe4\container.dat
2014-07-09 15:45 - 2014-07-09 15:48 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\3010
2014-07-09 15:48 - 2014-07-09 15:48 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\3010\container.dat
2014-07-10 13:34 - 2014-07-10 13:34 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\3014
2014-07-10 13:24 - 2014-07-10 13:24 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\3028
2014-07-10 11:04 - 2014-07-10 11:04 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\3038
2014-07-10 11:22 - 2014-07-10 11:22 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\3048
2014-07-10 12:16 - 2014-07-10 12:16 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\307c
2014-07-10 12:40 - 2014-07-10 12:55 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\3084
2014-07-10 12:44 - 2014-07-10 12:44 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\3084\container.dat
2014-07-10 12:27 - 2014-07-10 12:50 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\308c
2014-07-10 12:30 - 2014-07-10 12:30 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\308c\container.dat
2014-07-10 12:58 - 2014-07-10 12:58 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\3098
2014-07-10 13:34 - 2014-07-10 13:35 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\30b4
2014-07-10 13:35 - 2014-07-10 13:35 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\30b4\container.dat
2014-07-09 15:06 - 2014-07-09 15:07 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\30c4
2014-07-09 15:07 - 2014-07-09 15:07 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\30c4\container.dat
2014-07-10 09:27 - 2014-07-10 09:28 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\30d4
2014-07-10 09:28 - 2014-07-10 09:28 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\30d4\container.dat
2014-07-10 13:05 - 2014-07-10 13:05 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\30e0
2014-07-09 15:32 - 2014-07-09 15:33 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\3104
2014-07-09 15:33 - 2014-07-09 15:33 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\3104\container.dat
2014-07-10 10:50 - 2014-07-10 10:50 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\3118
2014-07-10 13:30 - 2014-07-10 13:30 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\311c
2014-07-10 12:46 - 2014-07-10 12:58 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\3120
2014-07-10 12:47 - 2014-07-10 12:47 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\3120\container.dat
2014-07-10 12:25 - 2014-07-10 12:28 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\3140
2014-07-10 12:28 - 2014-07-10 12:28 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\3140\container.dat
2014-07-09 15:47 - 2014-07-09 15:48 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\3154
2014-07-09 15:48 - 2014-07-09 15:48 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\3154\container.dat
2014-07-09 15:33 - 2014-07-09 15:45 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\3180
2014-07-09 15:35 - 2014-07-09 15:35 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\3180\container.dat
2014-07-09 15:49 - 2014-07-09 15:50 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\3194
2014-07-09 15:50 - 2014-07-09 15:50 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\3194\container.dat
2014-07-10 08:49 - 2014-07-10 09:01 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\3198
2014-07-10 08:49 - 2014-07-10 08:49 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\3198\container.dat
2014-07-09 15:05 - 2014-07-09 15:06 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\31c4
2014-07-09 15:06 - 2014-07-09 15:06 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\31c4\container.dat
2014-07-10 08:39 - 2014-07-10 08:48 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\31d8
2014-07-10 08:39 - 2014-07-10 08:39 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\31d8\container.dat
2014-07-10 11:56 - 2014-07-10 11:56 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\31dc
2014-07-09 15:50 - 2014-07-09 15:53 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\31f0
2014-07-09 15:51 - 2014-07-09 15:51 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\31f0\container.dat
2014-07-10 12:38 - 2014-07-10 12:38 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\31f8
2014-07-09 15:54 - 2014-07-09 15:54 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\320c
2014-07-10 12:58 - 2014-07-10 12:58 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\3218
2014-07-10 13:32 - 2014-07-10 13:32 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\3268
2014-07-09 15:35 - 2014-07-09 15:47 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\3270
2014-07-09 15:36 - 2014-07-09 15:36 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\3270\container.dat
2014-07-10 13:18 - 2014-07-10 13:18 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\327c
2014-07-10 09:07 - 2014-07-10 09:07 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\3280
2014-07-10 11:06 - 2014-07-10 11:06 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\329c
2014-07-10 11:34 - 2014-07-10 11:34 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\32a4
2014-07-09 15:27 - 2014-07-09 15:29 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\32a8
2014-07-09 15:29 - 2014-07-09 15:29 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\32a8\container.dat
2014-07-10 12:09 - 2014-07-10 12:09 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\32bc
2014-07-09 15:34 - 2014-07-09 15:44 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\32d8
2014-07-09 15:35 - 2014-07-09 15:35 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\32d8\container.dat
2014-07-09 15:06 - 2014-07-09 15:08 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\32dc
2014-07-09 15:08 - 2014-07-09 15:08 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\32dc\container.dat
2014-07-10 13:21 - 2014-07-10 13:21 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\32e0
2014-07-10 13:32 - 2014-07-10 13:32 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\3300
2014-07-10 10:57 - 2014-07-10 10:57 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\3308
2014-07-09 15:07 - 2014-07-09 15:10 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\3318
2014-07-09 15:08 - 2014-07-09 15:08 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\3318\container.dat
2014-07-10 12:56 - 2014-07-10 12:56 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\331c
2014-07-10 12:22 - 2014-07-10 12:22 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\3330
2014-07-10 09:28 - 2014-07-10 09:28 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\3344
2014-07-10 13:16 - 2014-07-10 13:16 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\3348
2014-07-10 11:30 - 2014-07-10 11:30 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\3398
2014-07-09 15:03 - 2014-07-09 15:09 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\339c
2014-07-09 15:04 - 2014-07-09 15:04 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\339c\container.dat
2014-07-10 13:21 - 2014-07-10 13:21 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\33ac
2014-07-10 13:24 - 2014-07-10 13:24 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\33b4
2014-07-10 12:27 - 2014-07-10 12:30 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\33d8
2014-07-10 12:30 - 2014-07-10 12:30 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\33d8\container.dat
2014-07-09 15:06 - 2014-07-09 15:07 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\33f8
2014-07-09 15:07 - 2014-07-09 15:07 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\33f8\container.dat
2014-07-09 15:53 - 2014-07-09 15:53 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\342c
2014-07-10 12:57 - 2014-07-10 12:57 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\3434
2014-07-10 12:10 - 2014-07-10 12:10 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\3470
2014-07-10 13:32 - 2014-07-10 13:35 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\3494
2014-07-10 13:35 - 2014-07-10 13:35 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\3494\container.dat
2014-07-10 12:01 - 2014-07-10 12:01 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\349c
2014-07-10 08:30 - 2014-07-10 08:40 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\34c
2014-07-10 08:31 - 2014-07-10 08:31 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\34c\container.dat
2014-07-10 09:07 - 2014-07-10 09:07 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\34d8
2014-07-10 12:30 - 2014-07-10 12:30 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\34dc
2014-07-10 08:46 - 2014-07-10 08:55 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\3508
2014-07-10 08:46 - 2014-07-10 08:46 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\3508\container.dat
2014-07-10 12:07 - 2014-07-10 12:07 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\3510
2014-07-10 12:18 - 2014-07-10 12:18 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\3514
2014-07-10 12:22 - 2014-07-10 12:22 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\3564
2014-07-10 10:33 - 2014-07-10 10:33 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\356c
2014-07-10 12:46 - 2014-07-10 12:48 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\3574
2014-07-10 12:47 - 2014-07-10 12:47 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\3574\container.dat
2014-07-10 12:53 - 2014-07-10 12:53 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\357c
2014-07-10 11:54 - 2014-07-10 11:55 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\35c4
2014-07-10 11:55 - 2014-07-10 11:55 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\35c4\container.dat
2014-07-09 15:28 - 2014-07-09 15:30 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\35d4
2014-07-09 15:30 - 2014-07-09 15:30 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\35d4\container.dat
2014-07-09 15:46 - 2014-07-09 15:49 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\35d8
2014-07-09 15:49 - 2014-07-09 15:49 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\35d8\container.dat
2014-07-09 15:34 - 2014-07-09 15:35 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\35e8
2014-07-09 15:35 - 2014-07-09 15:35 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\35e8\container.dat
2014-07-10 10:05 - 2014-07-10 10:05 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\35ec
2014-07-10 12:18 - 2014-07-10 12:18 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\35f4
2014-07-10 12:31 - 2014-07-10 12:31 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\35f8
2014-07-10 11:11 - 2014-07-10 11:11 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\3600
2014-07-10 10:14 - 2014-07-10 10:14 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\3610
2014-07-10 12:13 - 2014-07-10 12:13 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\3630
2014-07-10 12:08 - 2014-07-10 12:08 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\3644
2014-07-10 09:49 - 2014-07-10 09:52 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\364c
2014-07-10 09:52 - 2014-07-10 09:52 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\364c\container.dat
2014-07-10 13:00 - 2014-07-10 13:00 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\3660
2014-07-10 12:44 - 2014-07-10 12:54 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\3664
2014-07-10 12:46 - 2014-07-10 12:46 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\3664\container.dat
2014-07-09 15:37 - 2014-07-09 15:46 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\3668
2014-07-09 15:38 - 2014-07-09 15:38 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\3668\container.dat
2014-07-10 10:19 - 2014-07-10 10:19 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\366c
2014-07-10 12:59 - 2014-07-10 12:59 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\3690
2014-07-09 15:27 - 2014-07-09 15:41 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\3698
2014-07-09 15:29 - 2014-07-09 15:29 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\3698\container.dat
2014-07-10 08:43 - 2014-07-10 08:55 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\36b4
2014-07-10 08:44 - 2014-07-10 08:44 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\36b4\container.dat
2014-07-09 15:21 - 2014-07-09 15:34 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\36c
2014-07-09 15:22 - 2014-07-09 15:22 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\36c\container.dat
2014-07-10 13:30 - 2014-07-10 13:30 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\36c0
2014-07-10 09:42 - 2014-07-10 09:42 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\36d0
2014-07-10 12:04 - 2014-07-10 12:04 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\36fc
2014-07-10 11:59 - 2014-07-10 11:59 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\3708
2014-07-10 13:10 - 2014-07-10 13:10 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\3710
2014-07-10 09:06 - 2014-07-10 09:06 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\371c
2014-07-10 12:31 - 2014-07-10 12:31 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\3720
2014-07-10 12:17 - 2014-07-10 12:17 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\3724
2014-07-10 12:23 - 2014-07-10 12:23 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\3750
2014-07-10 12:42 - 2014-07-10 12:50 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\3788
2014-07-10 12:44 - 2014-07-10 12:44 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\3788\container.dat
2014-07-10 12:35 - 2014-07-10 12:35 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\378c
2014-07-10 13:13 - 2014-07-10 13:13 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\3798
2014-07-10 08:39 - 2014-07-10 08:48 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\37ac
2014-07-10 08:39 - 2014-07-10 08:39 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\37ac\container.dat
2014-07-10 12:37 - 2014-07-10 12:37 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\37c0
2014-07-09 15:47 - 2014-07-09 15:48 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\37e4
2014-07-09 15:48 - 2014-07-09 15:48 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\37e4\container.dat
2014-07-10 11:24 - 2014-07-10 11:24 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\37ec
2014-07-10 11:58 - 2014-07-10 11:58 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\37f8
2014-07-10 12:59 - 2014-07-10 12:59 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\380c
2014-07-10 12:25 - 2014-07-10 12:31 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\3810
2014-07-10 12:29 - 2014-07-10 12:29 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\3810\container.dat
2014-07-10 11:06 - 2014-07-10 11:06 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\381c
2014-07-10 11:55 - 2014-07-10 11:55 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\3820
2014-07-10 13:25 - 2014-07-10 13:25 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\383c
2014-07-10 12:14 - 2014-07-10 12:14 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\3858
2014-07-09 15:34 - 2014-07-09 15:45 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\386c
2014-07-09 15:35 - 2014-07-09 15:35 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\386c\container.dat
2014-07-09 15:45 - 2014-07-09 15:45 - 0000000 _____ () C:\Users\ronwa\AppData\Local\temp\386c\LWOHZPBR.txt
2014-07-10 09:00 - 2014-07-10 09:03 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\3870
2014-07-10 09:01 - 2014-07-10 09:01 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\3870\container.dat
2014-07-09 15:45 - 2014-07-09 15:48 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\3894
2014-07-09 15:48 - 2014-07-09 15:48 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\3894\container.dat
2014-07-10 08:42 - 2014-07-10 08:54 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\38a8
2014-07-10 08:42 - 2014-07-10 08:42 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\38a8\container.dat
2014-07-10 09:26 - 2014-07-10 09:28 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\38ac
2014-07-10 09:27 - 2014-07-10 09:27 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\38ac\container.dat
2014-07-10 12:40 - 2014-07-10 12:43 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\38f8
2014-07-10 12:43 - 2014-07-10 12:43 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\38f8\container.dat
2014-07-10 08:38 - 2014-07-10 08:49 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\3928
2014-07-10 08:39 - 2014-07-10 08:39 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\3928\container.dat
2014-07-10 12:17 - 2014-07-10 12:17 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\392c
2014-07-10 13:27 - 2014-07-10 13:27 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\3934
2014-07-10 12:26 - 2014-07-10 12:29 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\3938
2014-07-10 12:29 - 2014-07-10 12:29 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\3938\container.dat
2014-07-10 10:32 - 2014-07-10 10:32 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\393c
2014-07-10 11:56 - 2014-07-10 11:56 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\3940
2014-07-09 14:59 - 2014-07-09 15:07 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\39a4
2014-07-09 15:01 - 2014-07-09 15:01 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\39a4\container.dat
2014-07-09 15:27 - 2014-07-09 15:29 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\39ac
2014-07-09 15:29 - 2014-07-09 15:29 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\39ac\container.dat
2014-07-10 09:45 - 2014-07-10 09:45 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\39e4
2014-07-10 12:57 - 2014-07-10 12:57 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\39e8
2014-07-10 12:05 - 2014-07-10 12:05 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\39f4
2014-07-10 12:37 - 2014-07-10 12:37 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\3a0c
2014-07-10 12:28 - 2014-07-10 12:29 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\3a20
2014-07-10 12:29 - 2014-07-10 12:29 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\3a20\container.dat
2014-07-09 15:52 - 2014-07-09 15:55 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\3a24
2014-07-09 15:53 - 2014-07-09 15:53 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\3a24\container.dat
2014-07-09 15:40 - 2014-07-09 15:42 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\3a38
2014-07-09 15:42 - 2014-07-09 15:42 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\3a38\container.dat
2014-07-10 13:04 - 2014-07-10 13:04 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\3a3c
2014-07-10 09:02 - 2014-07-10 09:11 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\3a40
2014-07-10 09:02 - 2014-07-10 09:02 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\3a40\container.dat
2014-07-10 13:19 - 2014-07-10 13:19 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\3a44
2014-07-10 13:23 - 2014-07-10 13:23 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\3a48
2014-07-09 15:06 - 2014-07-09 15:07 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\3a50
2014-07-09 15:07 - 2014-07-09 15:07 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\3a50\container.dat
2014-07-10 12:13 - 2014-07-10 12:13 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\3a70
2014-07-09 15:55 - 2014-07-09 15:55 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\3a84
2014-07-09 15:52 - 2014-07-09 15:52 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\3a8c
2014-07-10 08:39 - 2014-07-10 08:50 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\3aa0
2014-07-10 08:39 - 2014-07-10 08:39 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\3aa0\container.dat
2014-07-10 12:22 - 2014-07-10 12:22 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\3aa8
2014-07-10 12:06 - 2014-07-10 12:06 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\3aac
2014-07-10 11:56 - 2014-07-10 11:56 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\3abc
2014-07-10 12:36 - 2014-07-10 12:36 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\3ac8
2014-07-10 08:39 - 2014-07-10 08:44 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\3ad0
2014-07-10 08:39 - 2014-07-10 08:39 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\3ad0\container.dat
2014-07-10 13:09 - 2014-07-10 13:09 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\3ae0
2014-07-10 12:22 - 2014-07-10 12:22 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\3ae4
2014-07-10 08:57 - 2014-07-10 09:03 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\3af4
2014-07-10 08:57 - 2014-07-10 08:57 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\3af4\container.dat
2014-07-10 12:37 - 2014-07-10 12:37 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\3afc
2014-07-09 15:53 - 2014-07-09 15:53 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\3b00
2014-07-09 15:28 - 2014-07-09 15:30 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\3b10
2014-07-09 15:30 - 2014-07-09 15:30 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\3b10\container.dat
2014-07-10 12:46 - 2014-07-10 12:58 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\3b38
2014-07-10 12:48 - 2014-07-10 12:48 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\3b38\container.dat
2014-07-10 09:02 - 2014-07-10 09:03 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\3b40
2014-07-10 09:03 - 2014-07-10 09:03 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\3b40\container.dat
2014-07-10 10:57 - 2014-07-10 10:57 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\3b84
2014-07-10 10:11 - 2014-07-10 10:11 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\3b8c
2014-07-10 12:25 - 2014-07-10 12:30 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\3ba4
2014-07-10 12:28 - 2014-07-10 12:28 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\3ba4\container.dat
2014-07-10 10:44 - 2014-07-10 10:44 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\3ba8
2014-07-10 12:30 - 2014-07-10 12:30 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\3bbc
2014-07-10 13:19 - 2014-07-10 13:19 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\3bc8
2014-07-10 13:03 - 2014-07-10 13:03 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\3bd0
2014-07-10 12:24 - 2014-07-10 12:24 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\3bd8
2014-07-09 15:04 - 2014-07-09 15:06 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\3bdc
2014-07-09 15:06 - 2014-07-09 15:06 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\3bdc\container.dat
2014-07-09 15:26 - 2014-07-09 15:28 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\3be0
2014-07-09 15:28 - 2014-07-09 15:28 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\3be0\container.dat
2014-07-10 11:39 - 2014-07-10 11:42 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\3be4
2014-07-10 11:42 - 2014-07-10 11:42 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\3be4\container.dat
2014-07-09 15:04 - 2014-07-09 15:05 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\3bf8
2014-07-09 15:05 - 2014-07-09 15:05 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\3bf8\container.dat
2014-07-10 13:06 - 2014-07-10 13:06 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\3bfc
2014-07-10 11:24 - 2014-07-10 11:24 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\3c04
2014-07-10 13:27 - 2014-07-10 13:27 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\3c18
2014-07-10 11:04 - 2014-07-10 11:04 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\3c20
2014-07-10 11:34 - 2014-07-10 11:34 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\3c40
2014-07-10 13:23 - 2014-07-10 13:23 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\3c50
2014-07-10 09:25 - 2014-07-10 09:26 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\3c58
2014-07-10 09:26 - 2014-07-10 09:26 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\3c58\container.dat
2014-07-10 08:52 - 2014-07-10 08:53 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\3c78
2014-07-10 08:52 - 2014-07-10 08:52 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\3c78\container.dat
2014-07-10 12:19 - 2014-07-10 12:19 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\3ca0
2014-07-10 13:32 - 2014-07-10 13:35 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\3cac
2014-07-10 13:35 - 2014-07-10 13:35 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\3cac\container.dat
2014-07-10 13:31 - 2014-07-10 13:31 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\3cb0
2014-07-10 12:46 - 2014-07-10 12:50 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\3cb4
2014-07-10 12:48 - 2014-07-10 12:48 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\3cb4\container.dat
2014-07-10 12:00 - 2014-07-10 12:00 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\3cbc
2014-07-09 15:56 - 2014-07-09 15:56 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\3cd8
2014-07-09 15:50 - 2014-07-09 15:51 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\3cf4
2014-07-09 15:51 - 2014-07-09 15:51 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\3cf4\container.dat
2014-07-09 15:55 - 2014-07-09 15:55 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\3d04
2014-07-09 15:45 - 2014-07-09 15:46 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\3d1c
2014-07-09 15:46 - 2014-07-09 15:46 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\3d1c\container.dat
2014-07-10 11:36 - 2014-07-10 11:36 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\3d30
2014-07-09 15:27 - 2014-07-09 15:28 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\3d48
2014-07-09 15:28 - 2014-07-09 15:28 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\3d48\container.dat
2014-07-10 12:39 - 2014-07-10 12:39 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\3d50
2014-07-10 09:04 - 2014-07-10 09:04 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\3d60
2014-07-10 13:34 - 2014-07-10 13:34 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\3d64
2014-07-10 09:10 - 2014-07-10 09:10 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\3d6c
2014-07-10 12:33 - 2014-07-10 12:33 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\3d78
2014-07-10 12:59 - 2014-07-10 12:59 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\3d7c
2014-07-10 12:22 - 2014-07-10 12:22 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\3da4
2014-07-10 10:01 - 2014-07-10 10:01 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\3db4
2014-07-10 12:31 - 2014-07-10 12:31 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\3dd8
2014-07-10 09:25 - 2014-07-10 09:27 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\3e04
2014-07-10 09:27 - 2014-07-10 09:27 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\3e04\container.dat
2014-07-10 09:45 - 2014-07-10 09:45 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\3e34
2014-07-10 11:12 - 2014-07-10 11:12 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\3e38
2014-07-10 09:37 - 2014-07-10 09:37 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\3e54
2014-07-10 11:55 - 2014-07-10 11:55 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\3e60
2014-07-10 12:21 - 2014-07-10 12:21 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\3e64
2014-07-10 13:14 - 2014-07-10 13:14 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\3e90
2014-07-10 12:34 - 2014-07-10 12:34 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\3ea0
2014-07-09 15:40 - 2014-07-09 15:41 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\3ea4
2014-07-09 15:41 - 2014-07-09 15:41 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\3ea4\container.dat
2014-07-10 12:15 - 2014-07-10 12:15 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\3ea8
2014-07-10 11:21 - 2014-07-10 11:21 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\3eb4
2014-07-10 11:11 - 2014-07-10 11:11 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\3ed4
2014-07-10 08:44 - 2014-07-10 08:55 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\3ee4
2014-07-10 08:44 - 2014-07-10 08:44 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\3ee4\container.dat
2014-07-10 08:41 - 2014-07-10 08:49 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\3ee8
2014-07-10 08:41 - 2014-07-10 08:41 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\3ee8\container.dat
2014-07-09 15:03 - 2014-07-09 15:04 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\3f00
2014-07-09 15:04 - 2014-07-09 15:04 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\3f00\container.dat
2014-07-09 15:49 - 2014-07-09 15:50 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\3f20
2014-07-09 15:50 - 2014-07-09 15:50 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\3f20\container.dat
2014-07-10 12:28 - 2014-07-10 12:32 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\3f24
2014-07-10 12:29 - 2014-07-10 12:29 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\3f24\container.dat
2014-07-10 08:58 - 2014-07-10 09:08 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\3f34
2014-07-10 08:59 - 2014-07-10 08:59 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\3f34\container.dat
2014-07-10 08:50 - 2014-07-10 09:00 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\3ff4
2014-07-10 08:51 - 2014-07-10 08:51 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\3ff4\container.dat
2014-07-09 15:04 - 2014-07-09 15:09 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\4024
2014-07-09 15:05 - 2014-07-09 15:05 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\4024\container.dat
2014-07-10 13:16 - 2014-07-10 13:16 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\4034
2014-07-10 11:18 - 2014-07-10 11:18 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\4038
2014-07-10 12:55 - 2014-07-10 12:55 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\405c
2014-07-09 15:04 - 2014-07-09 15:06 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\4064
2014-07-09 15:06 - 2014-07-09 15:06 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\4064\container.dat
2014-07-10 11:13 - 2014-07-10 11:13 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\4068
2014-07-10 10:06 - 2014-07-10 10:06 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\4078
2014-07-10 08:45 - 2014-07-10 08:56 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\407c
2014-07-10 08:45 - 2014-07-10 08:45 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\407c\container.dat
2014-07-09 14:57 - 2014-07-09 15:09 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\40c
2014-07-09 14:58 - 2014-07-09 14:58 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\40c\container.dat
2014-07-10 11:23 - 2014-07-10 11:23 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\40c0
2014-07-09 15:45 - 2014-07-09 15:54 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\40d8
2014-07-09 15:46 - 2014-07-09 15:46 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\40d8\container.dat
2014-07-10 09:46 - 2014-07-10 09:46 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\40dc
2014-07-10 09:54 - 2014-07-10 10:00 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\40e0
2014-07-10 09:55 - 2014-07-10 09:55 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\40e0\container.dat
2014-07-09 15:34 - 2014-07-09 15:35 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\40f4
2014-07-09 15:35 - 2014-07-09 15:35 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\40f4\container.dat
2014-07-10 09:07 - 2014-07-10 09:07 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\40fc
2014-07-10 08:40 - 2014-07-10 08:41 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\4104
2014-07-10 08:41 - 2014-07-10 08:41 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\4104\container.dat
2014-07-09 15:57 - 2014-07-09 15:57 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\414c
2014-07-10 11:42 - 2014-07-10 11:42 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\4160
2014-07-10 13:14 - 2014-07-10 13:14 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\4168
2014-07-09 15:03 - 2014-07-09 15:04 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\4170
2014-07-09 15:04 - 2014-07-09 15:04 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\4170\container.dat
2014-07-10 13:07 - 2014-07-10 13:07 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\41bc
2014-07-09 15:43 - 2014-07-09 15:55 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\41c0
2014-07-09 15:44 - 2014-07-09 15:44 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\41c0\container.dat
2014-07-09 15:51 - 2014-07-09 15:53 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\41f0
2014-07-09 15:52 - 2014-07-09 15:52 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\41f0\container.dat
2014-07-10 12:07 - 2014-07-10 12:07 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\420
2014-07-10 09:10 - 2014-07-10 09:10 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\4200
2014-07-10 13:05 - 2014-07-10 13:05 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\4214
2014-07-10 09:39 - 2014-07-10 09:39 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\4220
2014-07-10 08:40 - 2014-07-10 08:53 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\4228
2014-07-10 08:41 - 2014-07-10 08:41 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\4228\container.dat
2014-07-09 15:40 - 2014-07-09 15:43 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\4238
2014-07-09 15:41 - 2014-07-09 15:41 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\4238\container.dat
2014-07-10 09:38 - 2014-07-10 09:38 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\424c
2014-07-10 13:00 - 2014-07-10 13:00 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\4268
2014-07-10 12:50 - 2014-07-10 12:50 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\4290
2014-07-10 12:51 - 2014-07-10 12:51 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\42dc
2014-07-10 12:56 - 2014-07-10 12:56 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\42fc
2014-07-10 08:50 - 2014-07-10 09:00 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\4328
2014-07-10 08:51 - 2014-07-10 08:51 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\4328\container.dat
2014-07-10 13:32 - 2014-07-10 13:32 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\4358
2014-07-10 10:36 - 2014-07-10 10:36 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\4374
2014-07-10 13:32 - 2014-07-10 13:35 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\4390
2014-07-10 13:35 - 2014-07-10 13:35 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\4390\container.dat
2014-07-09 15:09 - 2014-07-09 15:09 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\4394
2014-07-10 10:28 - 2014-07-10 10:28 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\4398
2014-07-10 09:45 - 2014-07-10 09:45 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\43c
2014-07-10 09:09 - 2014-07-10 09:09 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\43c0
2014-07-10 11:24 - 2014-07-10 11:24 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\43c8
2014-07-10 13:03 - 2014-07-10 13:03 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\43f0
2014-07-09 15:43 - 2014-07-09 15:45 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\440
2014-07-09 15:45 - 2014-07-09 15:45 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\440\container.dat
2014-07-10 13:25 - 2014-07-10 13:25 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\4418
2014-07-10 09:38 - 2014-07-10 09:38 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\444c
2014-07-10 10:52 - 2014-07-10 10:52 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\4464
2014-07-09 15:30 - 2014-07-09 15:43 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\4474
2014-07-09 15:31 - 2014-07-09 15:31 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\4474\container.dat
2014-07-10 10:49 - 2014-07-10 10:49 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\4488
2014-07-10 10:27 - 2014-07-10 10:27 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\44d4
2014-07-10 11:33 - 2014-07-10 11:33 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\44d8
2014-07-10 11:14 - 2014-07-10 11:14 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\4504
2014-07-10 09:44 - 2014-07-10 09:44 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\450c
2014-07-10 13:34 - 2014-07-10 13:34 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\453c
2014-07-10 09:52 - 2014-07-10 10:03 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\4540
2014-07-10 09:53 - 2014-07-10 09:53 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\4540\container.dat
2014-07-10 11:16 - 2014-07-10 11:16 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\4560
2014-07-10 12:49 - 2014-07-10 12:50 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\4570
2014-07-10 12:50 - 2014-07-10 12:50 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\4570\container.dat
2014-07-10 13:32 - 2014-07-10 13:35 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\45b8
2014-07-10 13:35 - 2014-07-10 13:35 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\45b8\container.dat
2014-07-10 10:35 - 2014-07-10 10:35 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\45c4
2014-07-10 13:14 - 2014-07-10 13:14 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\45f0
2014-07-10 09:09 - 2014-07-10 09:09 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\45fc
2014-07-10 09:54 - 2014-07-10 09:55 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\4604
2014-07-10 09:55 - 2014-07-10 09:55 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\4604\container.dat
2014-07-10 13:07 - 2014-07-10 13:07 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\462c
2014-07-10 11:03 - 2014-07-10 11:03 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\4640
2014-07-09 15:34 - 2014-07-09 15:46 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\465c
2014-07-09 15:35 - 2014-07-09 15:35 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\465c\container.dat
2014-07-10 11:10 - 2014-07-10 11:10 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\466c
2014-07-10 08:53 - 2014-07-10 09:03 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\4678
2014-07-10 08:54 - 2014-07-10 08:54 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\4678\container.dat
2014-07-10 13:08 - 2014-07-10 13:08 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\4690
2014-07-10 13:25 - 2014-07-10 13:25 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\4698
2014-07-10 09:27 - 2014-07-10 09:28 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\46bc
2014-07-10 09:28 - 2014-07-10 09:28 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\46bc\container.dat
2014-07-10 10:10 - 2014-07-10 10:10 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\46c8
2014-07-10 09:07 - 2014-07-10 09:07 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\46dc
2014-07-10 13:20 - 2014-07-10 13:20 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\46e8
2014-07-10 10:19 - 2014-07-10 10:19 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\46ec
2014-07-10 09:55 - 2014-07-10 10:03 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\46f8
2014-07-10 09:57 - 2014-07-10 09:57 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\46f8\container.dat
2014-07-10 09:04 - 2014-07-10 09:04 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\4720
2014-07-10 13:04 - 2014-07-10 13:04 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\4738
2014-07-10 10:13 - 2014-07-10 10:13 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\4744
2014-07-10 11:33 - 2014-07-10 11:33 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\4750
2014-07-10 08:54 - 2014-07-10 09:03 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\476c
2014-07-10 08:55 - 2014-07-10 08:55 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\476c\container.dat
2014-07-10 13:25 - 2014-07-10 13:25 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\4794
2014-07-09 15:46 - 2014-07-09 15:47 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\47a0
2014-07-09 15:47 - 2014-07-09 15:47 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\47a0\container.dat
2014-07-10 11:55 - 2014-07-10 11:55 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\47c
2014-07-10 11:40 - 2014-07-10 11:43 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\47d0
2014-07-10 11:43 - 2014-07-10 11:43 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\47d0\container.dat
2014-07-10 08:41 - 2014-07-10 08:54 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\47e0
2014-07-10 08:42 - 2014-07-10 08:42 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\47e0\container.dat
2014-07-10 11:16 - 2014-07-10 11:16 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\47e8
2014-07-10 10:45 - 2014-07-10 10:45 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\47f4
2014-07-10 12:57 - 2014-07-10 12:57 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\47fc
2014-07-10 08:55 - 2014-07-10 09:05 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\480c
2014-07-10 08:55 - 2014-07-10 08:55 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\480c\container.dat
2014-07-10 09:18 - 2014-07-10 09:19 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\484
2014-07-10 09:19 - 2014-07-10 09:19 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\484\container.dat
2014-07-10 09:41 - 2014-07-10 09:41 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\4854
2014-07-10 10:20 - 2014-07-10 10:20 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\4860
2014-07-10 08:56 - 2014-07-10 09:03 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\486c
2014-07-10 08:56 - 2014-07-10 08:56 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\486c\container.dat
2014-07-10 08:59 - 2014-07-10 09:05 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\48a8
2014-07-10 09:00 - 2014-07-10 09:00 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\48a8\container.dat
2014-07-10 11:42 - 2014-07-10 11:43 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\48b4
2014-07-10 11:43 - 2014-07-10 11:43 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\48b4\container.dat
2014-07-10 10:10 - 2014-07-10 10:10 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\48b8
2014-07-10 13:29 - 2014-07-10 13:29 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\48c
2014-07-09 15:08 - 2014-07-09 15:09 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\4904
2014-07-09 15:09 - 2014-07-09 15:09 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\4904\container.dat
2014-07-10 10:56 - 2014-07-10 10:56 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\4908
2014-07-10 10:00 - 2014-07-10 10:01 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\4910
2014-07-10 10:01 - 2014-07-10 10:01 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\4910\container.dat
2014-07-10 10:14 - 2014-07-10 10:14 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\4954
2014-07-10 10:50 - 2014-07-10 10:50 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\49a0
2014-07-10 08:55 - 2014-07-10 09:03 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\49b0
2014-07-10 08:55 - 2014-07-10 08:55 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\49b0\container.dat
2014-07-10 13:23 - 2014-07-10 13:23 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\49c
2014-07-10 08:53 - 2014-07-10 09:04 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\49d0
2014-07-10 08:53 - 2014-07-10 08:53 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\49d0\container.dat
2014-07-10 08:47 - 2014-07-10 08:56 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\4a38
2014-07-10 08:47 - 2014-07-10 08:47 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\4a38\container.dat
2014-07-10 08:55 - 2014-07-10 09:04 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\4aa0
2014-07-10 08:55 - 2014-07-10 08:55 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\4aa0\container.dat
2014-07-09 15:32 - 2014-07-09 15:33 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\4ab0
2014-07-09 15:33 - 2014-07-09 15:33 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\4ab0\container.dat
2014-07-09 15:38 - 2014-07-09 15:40 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\4abc
2014-07-09 15:40 - 2014-07-09 15:40 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\4abc\container.dat
2014-07-09 15:45 - 2014-07-09 15:49 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\4ad8
2014-07-09 15:49 - 2014-07-09 15:49 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\4ad8\container.dat
2014-07-10 10:27 - 2014-07-10 10:27 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\4ae4
2014-07-09 15:47 - 2014-07-09 15:48 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\4b00
2014-07-09 15:48 - 2014-07-09 15:48 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\4b00\container.dat
2014-07-10 10:36 - 2014-07-10 10:36 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\4b6c
2014-07-10 10:34 - 2014-07-10 10:34 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\4b7c
2014-07-10 09:04 - 2014-07-10 09:04 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\4b8c
2014-07-10 09:05 - 2014-07-10 09:05 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\4bb0
2014-07-10 08:50 - 2014-07-10 08:59 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\4bd4
2014-07-10 08:50 - 2014-07-10 08:50 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\4bd4\container.dat
2014-07-09 15:48 - 2014-07-09 15:53 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\4bfc
2014-07-09 15:50 - 2014-07-09 15:50 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\4bfc\container.dat
2014-07-10 09:51 - 2014-07-10 09:52 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\4c08
2014-07-10 09:52 - 2014-07-10 09:52 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\4c08\container.dat
2014-07-10 10:18 - 2014-07-10 10:18 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\4c50
2014-07-10 10:07 - 2014-07-10 10:07 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\4c78
2014-07-10 09:39 - 2014-07-10 09:39 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\4c7c
2014-07-10 10:28 - 2014-07-10 10:28 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\4c84
2014-07-10 11:29 - 2014-07-10 11:29 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\4c98
2014-07-10 10:49 - 2014-07-10 10:49 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\4ca4
2014-07-09 15:53 - 2014-07-09 15:53 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\4cf4
2014-07-10 09:09 - 2014-07-10 09:09 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\4d1c
2014-07-10 10:53 - 2014-07-10 10:53 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\4d28
2014-07-09 15:37 - 2014-07-09 15:50 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\4d5c
2014-07-09 15:39 - 2014-07-09 15:39 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\4d5c\container.dat
2014-07-09 15:50 - 2014-07-09 15:54 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\4d60
2014-07-09 15:51 - 2014-07-09 15:51 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\4d60\container.dat
2014-07-10 09:36 - 2014-07-10 09:36 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\4d64
2014-07-10 11:21 - 2014-07-10 11:21 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\4d84
2014-07-10 09:07 - 2014-07-10 09:07 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\4dc4
2014-07-10 09:00 - 2014-07-10 09:04 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\4df4
2014-07-10 09:01 - 2014-07-10 09:01 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\4df4\container.dat
2014-07-10 10:16 - 2014-07-10 10:16 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\4e10
2014-07-10 10:17 - 2014-07-10 10:17 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\4e24
2014-07-10 11:19 - 2014-07-10 11:19 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\4e40
2014-07-10 10:40 - 2014-07-10 10:40 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\4e60
2014-07-10 10:27 - 2014-07-10 10:27 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\4e9c
2014-07-10 10:58 - 2014-07-10 10:58 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\4ea0
2014-07-10 10:19 - 2014-07-10 10:19 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\4eb8
2014-07-09 15:39 - 2014-07-09 15:49 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\4ebc
2014-07-09 15:40 - 2014-07-09 15:40 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\4ebc\container.dat
2014-07-10 09:30 - 2014-07-10 09:30 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\4ec4
2014-07-10 09:30 - 2014-07-10 09:30 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\4ed4
2014-07-10 10:18 - 2014-07-10 10:18 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\4f28
2014-07-09 15:38 - 2014-07-09 15:50 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\4f40
2014-07-09 15:39 - 2014-07-09 15:39 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\4f40\container.dat
2014-07-10 10:59 - 2014-07-10 10:59 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\4f4c
2014-07-09 15:40 - 2014-07-09 15:42 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\4f98
2014-07-09 15:42 - 2014-07-09 15:42 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\4f98\container.dat
2014-07-10 10:58 - 2014-07-10 10:58 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\4fe0
2014-07-10 09:58 - 2014-07-10 10:01 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\4ffc
2014-07-10 09:59 - 2014-07-10 09:59 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\4ffc\container.dat
2014-07-10 11:33 - 2014-07-10 11:33 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\5004
2014-07-10 11:41 - 2014-07-10 11:42 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\500c
2014-07-10 11:42 - 2014-07-10 11:42 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\500c\container.dat
2014-07-10 10:22 - 2014-07-10 10:22 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\5020
2014-07-10 09:07 - 2014-07-10 09:07 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\50b4
2014-07-10 09:53 - 2014-07-10 09:54 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\50e4
2014-07-10 09:54 - 2014-07-10 09:54 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\50e4\container.dat
2014-07-10 09:57 - 2014-07-10 10:09 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\50ec
2014-07-10 09:58 - 2014-07-10 09:58 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\50ec\container.dat
2014-07-10 09:00 - 2014-07-10 09:11 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\50fc
2014-07-10 09:00 - 2014-07-10 09:00 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\50fc\container.dat
2014-07-10 08:57 - 2014-07-10 09:04 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\5154
2014-07-10 08:58 - 2014-07-10 08:58 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\5154\container.dat
2014-07-10 11:24 - 2014-07-10 11:24 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\51c4
2014-07-10 10:19 - 2014-07-10 10:19 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\5204
2014-07-10 10:13 - 2014-07-10 10:13 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\5230
2014-07-10 10:10 - 2014-07-10 10:10 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\5288
2014-07-10 10:22 - 2014-07-10 10:22 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\5298
2014-07-10 10:59 - 2014-07-10 10:59 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\52c0
2014-07-10 11:31 - 2014-07-10 11:31 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\5330
2014-07-10 08:55 - 2014-07-10 09:06 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\5338
2014-07-10 08:55 - 2014-07-10 08:55 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\5338\container.dat
2014-07-10 11:21 - 2014-07-10 11:21 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\533c
2014-07-10 11:12 - 2014-07-10 11:12 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\5344
2014-07-10 11:26 - 2014-07-10 11:26 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\5348
2014-07-10 11:22 - 2014-07-10 11:22 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\5360
2014-07-10 08:51 - 2014-07-10 09:01 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\536c
2014-07-10 08:51 - 2014-07-10 08:51 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\536c\container.dat
2014-07-10 09:56 - 2014-07-10 10:02 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\53a8
2014-07-10 09:57 - 2014-07-10 09:57 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\53a8\container.dat
2014-07-10 11:42 - 2014-07-10 11:43 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\53d0
2014-07-10 11:43 - 2014-07-10 11:43 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\53d0\container.dat
2014-07-10 09:44 - 2014-07-10 09:44 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\53dc
2014-07-10 11:26 - 2014-07-10 11:26 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\53f4
2014-07-10 11:39 - 2014-07-10 11:43 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\53fc
2014-07-10 11:42 - 2014-07-10 11:42 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\53fc\container.dat
2014-07-10 11:29 - 2014-07-10 11:29 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\5404
2014-07-10 11:01 - 2014-07-10 11:01 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\5418
2014-07-10 09:45 - 2014-07-10 09:45 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\5420
2014-07-10 10:55 - 2014-07-10 10:55 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\5434
2014-07-10 10:48 - 2014-07-10 10:48 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\55cc
2014-07-10 09:55 - 2014-07-10 09:56 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\5604
2014-07-10 09:56 - 2014-07-10 09:56 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\5604\container.dat
2014-07-10 09:39 - 2014-07-10 09:39 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\5700
2014-07-10 10:01 - 2014-07-10 10:01 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\5734
2014-07-10 09:44 - 2014-07-10 09:44 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\5748
2014-07-10 11:12 - 2014-07-10 11:12 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\575c
2014-07-10 13:26 - 2014-07-10 13:26 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\578
2014-07-10 09:53 - 2014-07-10 10:02 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\57a8
2014-07-10 09:54 - 2014-07-10 09:54 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\57a8\container.dat
2014-07-10 09:30 - 2014-07-10 09:30 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\57d8
2014-07-10 10:55 - 2014-07-10 10:55 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\57dc
2014-07-10 10:06 - 2014-07-10 10:06 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\580c
2014-07-10 09:51 - 2014-07-10 09:52 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\5814
2014-07-10 09:52 - 2014-07-10 09:52 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\5814\container.dat
2014-07-10 09:42 - 2014-07-10 09:42 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\5848
2014-07-10 10:03 - 2014-07-10 10:03 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\5898
2014-07-10 09:29 - 2014-07-10 09:29 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\58a0
2014-07-10 09:36 - 2014-07-10 09:36 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\591c
2014-07-10 09:43 - 2014-07-10 09:43 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\5928
2014-07-10 09:45 - 2014-07-10 09:45 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\5934
2014-07-10 11:00 - 2014-07-10 11:00 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\594c
2014-07-10 10:24 - 2014-07-10 10:24 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\596c
2014-07-10 10:54 - 2014-07-10 10:54 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\5984
2014-07-10 10:52 - 2014-07-10 10:52 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\5988
2014-07-10 09:42 - 2014-07-10 09:42 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\59d0
2014-07-10 10:48 - 2014-07-10 10:48 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\5a64
2014-07-10 09:29 - 2014-07-10 09:29 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\5a88
2014-07-10 10:46 - 2014-07-10 10:46 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\5a94
2014-07-10 10:36 - 2014-07-10 10:36 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\5ac8
2014-07-10 11:43 - 2014-07-10 11:43 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\5b14
2014-07-10 11:12 - 2014-07-10 11:12 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\5c0c
2014-07-10 09:38 - 2014-07-10 09:38 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\5c4
2014-07-10 11:03 - 2014-07-10 11:03 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\5c84
2014-07-10 12:44 - 2014-07-10 12:51 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\5d0
2014-07-10 12:45 - 2014-07-10 12:45 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\5d0\container.dat
2014-07-10 11:17 - 2014-07-10 11:17 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\5d24
2014-07-10 11:11 - 2014-07-10 11:11 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\5d28
2014-07-10 10:54 - 2014-07-10 10:54 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\5d3c
2014-07-10 11:36 - 2014-07-10 11:36 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\5d4
2014-07-10 09:46 - 2014-07-10 09:46 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\5d90
2014-07-10 11:38 - 2014-07-10 11:43 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\5dc8
2014-07-10 11:42 - 2014-07-10 11:42 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\5dc8\container.dat
2014-07-10 09:47 - 2014-07-10 09:47 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\5dd8
2014-07-10 10:05 - 2014-07-10 10:05 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\5dfc
2014-07-10 10:26 - 2014-07-10 10:26 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\5e44
2014-07-10 11:20 - 2014-07-10 11:20 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\5ea0
2014-07-10 10:39 - 2014-07-10 10:39 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\5ee0
2014-07-10 10:18 - 2014-07-10 10:18 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\5f0c
2014-07-10 10:10 - 2014-07-10 10:10 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\5f30
2014-07-10 11:38 - 2014-07-10 11:42 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\5f44
2014-07-10 11:42 - 2014-07-10 11:42 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\5f44\container.dat
2014-07-10 10:36 - 2014-07-10 10:36 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\5fb0
2014-07-10 10:04 - 2014-07-10 10:04 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\5fb8
2014-07-10 09:47 - 2014-07-10 09:47 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\5fc0
2014-07-10 10:28 - 2014-07-10 10:28 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\5fd8
2014-07-10 10:45 - 2014-07-10 10:45 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\5fe0
2014-07-10 09:17 - 2014-07-10 09:21 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\604
2014-07-10 09:21 - 2014-07-10 09:21 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\604\container.dat
2014-07-10 11:03 - 2014-07-10 11:03 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\604c
2014-07-10 11:07 - 2014-07-10 11:07 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\6064
2014-07-10 11:08 - 2014-07-10 11:08 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\6078
2014-07-10 09:56 - 2014-07-10 09:58 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\60d8
2014-07-10 09:58 - 2014-07-10 09:58 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\60d8\container.dat
2014-07-10 10:06 - 2014-07-10 10:06 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\613c
2014-07-10 11:17 - 2014-07-10 11:17 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\6148
2014-07-10 10:09 - 2014-07-10 10:09 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\6168
2014-07-10 11:30 - 2014-07-10 11:30 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\618c
2014-07-10 11:30 - 2014-07-10 11:30 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\6194
2014-07-10 10:37 - 2014-07-10 10:37 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\61e8
2014-07-10 10:41 - 2014-07-10 10:41 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\622c
2014-07-10 10:40 - 2014-07-10 10:40 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\629c
2014-07-10 10:55 - 2014-07-10 10:55 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\62cc
2014-07-10 10:30 - 2014-07-10 10:30 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\62f8
2014-07-10 09:53 - 2014-07-10 10:03 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\635c
2014-07-10 09:54 - 2014-07-10 09:54 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\635c\container.dat
2014-07-10 10:38 - 2014-07-10 10:38 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\636c
2014-07-10 10:03 - 2014-07-10 10:03 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\6388
2014-07-10 11:15 - 2014-07-10 11:15 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\63c0
2014-07-10 11:07 - 2014-07-10 11:07 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\6428
2014-07-10 11:03 - 2014-07-10 11:03 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\6434
2014-07-10 11:15 - 2014-07-10 11:15 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\644c
2014-07-10 11:29 - 2014-07-10 11:29 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\6450
2014-07-10 10:08 - 2014-07-10 10:08 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\648c
2014-07-10 11:29 - 2014-07-10 11:29 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\6498
2014-07-10 09:36 - 2014-07-10 09:36 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\64c
2014-07-10 11:43 - 2014-07-10 11:43 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\64c4
2014-07-10 11:19 - 2014-07-10 11:19 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\64f4
2014-07-10 11:21 - 2014-07-10 11:21 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\6500
2014-07-10 10:57 - 2014-07-10 10:57 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\6538
2014-07-10 10:31 - 2014-07-10 10:31 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\6558
2014-07-10 10:40 - 2014-07-10 10:40 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\65e4
2014-07-10 10:31 - 2014-07-10 10:31 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\65f0
2014-07-10 10:45 - 2014-07-10 10:45 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\6630
2014-07-10 11:38 - 2014-07-10 11:38 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\6650
2014-07-10 10:37 - 2014-07-10 10:37 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\6660
2014-07-10 09:57 - 2014-07-10 10:01 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\6668
2014-07-10 09:58 - 2014-07-10 09:58 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\6668\container.dat
2014-07-10 10:22 - 2014-07-10 10:22 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\66c4
2014-07-10 11:01 - 2014-07-10 11:01 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\66d8
2014-07-10 09:34 - 2014-07-10 09:34 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\66f8
2014-07-10 11:02 - 2014-07-10 11:02 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\670c
2014-07-10 11:03 - 2014-07-10 11:03 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\6734
2014-07-10 11:24 - 2014-07-10 11:24 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\6768
2014-07-10 11:42 - 2014-07-10 11:43 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\6774
2014-07-10 11:43 - 2014-07-10 11:43 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\6774\container.dat
2014-07-10 10:27 - 2014-07-10 10:27 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\677c
2014-07-10 11:29 - 2014-07-10 11:29 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\67c0
2014-07-10 09:33 - 2014-07-10 09:33 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\67f8
2014-07-10 10:10 - 2014-07-10 10:10 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\680c
2014-07-10 10:05 - 2014-07-10 10:05 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\682c
2014-07-10 09:33 - 2014-07-10 09:33 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\684c
2014-07-10 09:33 - 2014-07-10 09:33 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\68c8
2014-07-10 09:33 - 2014-07-10 09:33 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\68dc
2014-07-10 11:11 - 2014-07-10 11:11 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\68e8
2014-07-10 10:19 - 2014-07-10 10:19 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\6940
2014-07-10 12:39 - 2014-07-10 12:39 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\69c
2014-07-10 11:25 - 2014-07-10 11:25 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\6a14
2014-07-10 10:40 - 2014-07-10 10:40 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\6a58
2014-07-10 09:36 - 2014-07-10 09:36 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\6a60
2014-07-10 11:37 - 2014-07-10 11:37 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\6aac
2014-07-10 09:53 - 2014-07-10 09:54 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\6ac8
2014-07-10 09:54 - 2014-07-10 09:54 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\6ac8\container.dat
2014-07-10 10:54 - 2014-07-10 10:54 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\6acc
2014-07-10 11:33 - 2014-07-10 11:33 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\6adc
2014-07-10 09:37 - 2014-07-10 09:37 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\6b10
2014-07-10 11:33 - 2014-07-10 11:33 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\6b20
2014-07-10 10:47 - 2014-07-10 10:47 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\6b48
2014-07-10 10:18 - 2014-07-10 10:18 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\6ba4
2014-07-10 09:54 - 2014-07-10 09:56 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\6be8
2014-07-10 09:56 - 2014-07-10 09:56 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\6be8\container.dat
2014-07-10 11:38 - 2014-07-10 11:38 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\6c2c
2014-07-10 10:19 - 2014-07-10 10:19 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\6c30
2014-07-10 10:43 - 2014-07-10 10:43 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\6c34
2014-07-10 11:40 - 2014-07-10 11:41 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\6c48
2014-07-10 11:41 - 2014-07-10 11:41 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\6c48\container.dat
2014-07-10 11:29 - 2014-07-10 11:29 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\6c54
2014-07-10 10:02 - 2014-07-10 10:02 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\6cb4
2014-07-10 11:38 - 2014-07-10 11:41 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\6d40
2014-07-10 11:41 - 2014-07-10 11:41 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\6d40\container.dat
2014-07-10 10:10 - 2014-07-10 10:10 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\6d94
2014-07-10 09:53 - 2014-07-10 09:55 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\6d9c
2014-07-10 09:55 - 2014-07-10 09:55 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\6d9c\container.dat
2014-07-10 11:31 - 2014-07-10 11:31 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\6e38
2014-07-10 11:31 - 2014-07-10 11:31 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\6e40
2014-07-10 10:47 - 2014-07-10 10:47 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\6e78
2014-07-10 10:04 - 2014-07-10 10:04 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\6ec
2014-07-10 10:45 - 2014-07-10 10:45 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\6ec4
2014-07-10 10:11 - 2014-07-10 10:11 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\6f48
2014-07-10 10:28 - 2014-07-10 10:28 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\6f60
2014-07-10 11:20 - 2014-07-10 11:20 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\6f78
2014-07-10 11:06 - 2014-07-10 11:06 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\6fc8
2014-07-10 10:23 - 2014-07-10 10:23 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\6fdc
2014-07-10 11:25 - 2014-07-10 11:25 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\700c
2014-07-10 11:24 - 2014-07-10 11:24 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\7044
2014-07-10 10:58 - 2014-07-10 10:58 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\707c
2014-07-10 10:13 - 2014-07-10 10:13 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\70a8
2014-07-10 10:14 - 2014-07-10 10:14 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\71d4
2014-07-10 10:25 - 2014-07-10 10:25 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\71dc
2014-07-10 09:48 - 2014-07-10 09:48 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\71f4
2014-07-10 10:13 - 2014-07-10 10:13 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\7210
2014-07-10 11:21 - 2014-07-10 11:21 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\7224
2014-07-10 10:42 - 2014-07-10 10:42 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\7268
2014-07-10 10:56 - 2014-07-10 10:56 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\72b0
2014-07-10 11:42 - 2014-07-10 11:43 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\72b4
2014-07-10 11:43 - 2014-07-10 11:43 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\72b4\container.dat
2014-07-10 09:48 - 2014-07-10 09:48 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\7360
2014-07-10 10:56 - 2014-07-10 10:56 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\73e4
2014-07-10 12:13 - 2014-07-10 12:13 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\740
2014-07-10 10:19 - 2014-07-10 10:19 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\7438
2014-07-10 11:15 - 2014-07-10 11:15 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\7444
2014-07-10 10:45 - 2014-07-10 10:45 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\7458
2014-07-09 14:56 - 2014-07-09 15:06 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\748
2014-07-09 14:57 - 2014-07-09 14:57 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\748\container.dat
2014-07-10 10:30 - 2014-07-10 10:30 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\7498
2014-07-10 11:06 - 2014-07-10 11:06 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\751c
2014-07-10 09:54 - 2014-07-10 09:55 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\7534
2014-07-10 09:55 - 2014-07-10 09:55 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\7534\container.dat
2014-07-10 10:09 - 2014-07-10 10:09 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\7554
2014-07-10 10:45 - 2014-07-10 10:45 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\759c
2014-07-10 09:54 - 2014-07-10 10:01 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\75ac
2014-07-10 09:55 - 2014-07-10 09:55 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\75ac\container.dat
2014-07-10 10:31 - 2014-07-10 10:31 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\75f0
2014-07-10 09:54 - 2014-07-10 10:02 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\760c
2014-07-10 09:55 - 2014-07-10 09:55 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\760c\container.dat
2014-07-10 10:29 - 2014-07-10 10:29 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\762c
2014-07-10 11:28 - 2014-07-10 11:28 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\7640
2014-07-10 10:31 - 2014-07-10 10:31 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\7664
2014-07-10 11:11 - 2014-07-10 11:11 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\7668
2014-07-10 10:00 - 2014-07-10 10:10 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\767c
2014-07-10 10:01 - 2014-07-10 10:01 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\767c\container.dat
2014-07-10 09:48 - 2014-07-10 09:52 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\76a0
2014-07-10 09:52 - 2014-07-10 09:52 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\76a0\container.dat
2014-07-10 11:35 - 2014-07-10 11:35 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\76a8
2014-07-10 11:20 - 2014-07-10 11:20 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\7778
2014-07-10 10:59 - 2014-07-10 10:59 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\7780
2014-07-10 11:38 - 2014-07-10 11:43 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\77dc
2014-07-10 11:41 - 2014-07-10 11:41 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\77dc\container.dat
2014-07-10 09:54 - 2014-07-10 10:05 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\7810
2014-07-10 09:55 - 2014-07-10 09:55 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\7810\container.dat
2014-07-10 11:07 - 2014-07-10 11:07 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\7874
2014-07-10 11:38 - 2014-07-10 11:38 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\7884
2014-07-10 10:15 - 2014-07-10 10:15 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\7894
2014-07-10 11:24 - 2014-07-10 11:24 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\78bc
2014-07-10 11:02 - 2014-07-10 11:02 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\78c0
2014-07-10 09:54 - 2014-07-10 10:01 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\78dc
2014-07-10 09:55 - 2014-07-10 09:55 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\78dc\container.dat
2014-07-10 10:54 - 2014-07-10 10:54 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\7938
2014-07-10 11:28 - 2014-07-10 11:28 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\793c
2014-07-10 11:12 - 2014-07-10 11:12 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\798c
2014-07-10 10:54 - 2014-07-10 10:54 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\79a0
2014-07-10 10:27 - 2014-07-10 10:27 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\79b0
2014-07-10 10:31 - 2014-07-10 10:31 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\7a60
2014-07-10 10:01 - 2014-07-10 10:01 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\7ac8
2014-07-10 11:40 - 2014-07-10 11:43 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\7ad4
2014-07-10 11:43 - 2014-07-10 11:43 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\7ad4\container.dat
2014-07-10 11:41 - 2014-07-10 11:42 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\7aec
2014-07-10 11:42 - 2014-07-10 11:42 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\7aec\container.dat
2014-07-10 10:41 - 2014-07-10 10:41 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\7af0
2014-07-10 09:35 - 2014-07-10 09:35 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\7b24
2014-07-10 10:45 - 2014-07-10 10:45 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\7b58
2014-07-10 10:57 - 2014-07-10 10:57 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\7bc0
2014-07-10 11:12 - 2014-07-10 11:12 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\7bc4
2014-07-10 10:01 - 2014-07-10 10:01 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\7c0c
2014-07-10 11:05 - 2014-07-10 11:05 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\7c40
2014-07-10 10:31 - 2014-07-10 10:31 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\7c7c
2014-07-10 10:48 - 2014-07-10 10:48 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\7d00
2014-07-10 10:46 - 2014-07-10 10:46 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\7d24
2014-07-10 09:35 - 2014-07-10 09:35 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\7d48
2014-07-10 10:10 - 2014-07-10 10:10 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\7d54
2014-07-10 09:35 - 2014-07-10 09:35 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\7d5c
2014-07-10 09:51 - 2014-07-10 10:01 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\7db0
2014-07-10 09:52 - 2014-07-10 09:52 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\7db0\container.dat
2014-07-10 10:22 - 2014-07-10 10:22 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\7dc0
2014-07-10 10:02 - 2014-07-10 10:02 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\7ddc
2014-07-10 10:04 - 2014-07-10 10:04 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\7e2c
2014-07-10 09:50 - 2014-07-10 10:03 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\7e88
2014-07-10 09:53 - 2014-07-10 09:53 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\7e88\container.dat
2014-07-10 11:03 - 2014-07-10 11:03 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\7ea0
2014-07-10 11:33 - 2014-07-10 11:33 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\7eb0
2014-07-10 10:49 - 2014-07-10 10:49 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\7eb4
2014-07-10 10:40 - 2014-07-10 10:40 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\7ec0
2014-07-10 10:20 - 2014-07-10 10:20 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\7f10
2014-07-10 10:35 - 2014-07-10 10:35 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\8004
2014-07-10 10:21 - 2014-07-10 10:21 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\8028
2014-07-10 11:34 - 2014-07-10 11:34 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\8038
2014-07-10 11:15 - 2014-07-10 11:15 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\8090
2014-07-10 10:50 - 2014-07-10 10:50 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\80e8
2014-07-10 10:05 - 2014-07-10 10:05 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\8100
2014-07-10 10:22 - 2014-07-10 10:22 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\8118
2014-07-10 10:32 - 2014-07-10 10:32 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\8198
2014-07-10 09:36 - 2014-07-10 09:36 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\81d0
2014-07-10 11:41 - 2014-07-10 11:43 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\8200
2014-07-10 11:43 - 2014-07-10 11:43 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\8200\container.dat
2014-07-10 11:15 - 2014-07-10 11:15 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\8204
2014-07-10 10:36 - 2014-07-10 10:36 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\8210
2014-07-10 09:55 - 2014-07-10 10:02 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\8228
2014-07-10 09:56 - 2014-07-10 09:56 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\8228\container.dat
2014-07-10 09:58 - 2014-07-10 10:01 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\825c
2014-07-10 09:59 - 2014-07-10 09:59 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\825c\container.dat
2014-07-10 11:20 - 2014-07-10 11:20 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\8278
2014-07-10 10:36 - 2014-07-10 10:36 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\8290
2014-07-10 11:30 - 2014-07-10 11:30 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\8294
2014-07-10 11:14 - 2014-07-10 11:14 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\8298
2014-07-10 09:36 - 2014-07-10 09:36 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\8314
2014-07-10 11:23 - 2014-07-10 11:23 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\83a0
2014-07-10 09:36 - 2014-07-10 09:36 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\83a4
2014-07-10 11:49 - 2014-07-10 11:55 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\8a8
2014-07-10 11:50 - 2014-07-10 11:50 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\8a8\container.dat
2014-07-10 13:08 - 2014-07-10 13:08 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\8b4
2014-07-10 09:18 - 2014-07-10 09:19 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\8cc
2014-07-10 09:19 - 2014-07-10 09:19 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\8cc\container.dat
2014-07-09 15:20 - 2014-07-09 15:21 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\990
2014-07-09 15:21 - 2014-07-09 15:21 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\990\container.dat
2014-07-10 08:31 - 2014-07-10 08:33 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\9a8
2014-07-10 08:33 - 2014-07-10 08:33 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\9a8\container.dat
2014-07-10 12:55 - 2014-07-10 12:55 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\9d8
2014-07-10 10:36 - 2014-07-10 10:36 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\a24
2014-07-10 12:12 - 2014-07-10 12:12 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\a78
2014-07-10 09:27 - 2014-07-10 09:27 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\Adobe
2014-07-10 09:27 - 2014-07-10 09:27 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\Adobe\Acrobat
2014-07-10 09:27 - 2014-07-10 09:27 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\Adobe\Acrobat\10.0
2014-07-10 12:05 - 2014-07-10 12:05 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\b4c
2014-07-09 15:05 - 2014-07-09 15:06 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\b50
2014-07-09 15:06 - 2014-07-09 15:06 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\b50\container.dat
2014-07-10 12:24 - 2014-07-10 12:24 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\b68
2014-07-10 12:28 - 2014-07-10 12:29 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\ba4
2014-07-10 12:29 - 2014-07-10 12:29 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\ba4\container.dat
2014-07-09 15:20 - 2014-07-09 15:21 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\bbc
2014-07-09 15:21 - 2014-07-09 15:21 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\bbc\container.dat
2014-07-10 11:47 - 2014-07-10 11:48 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\bc0
2014-07-10 11:48 - 2014-07-10 11:48 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\bc0\container.dat
2014-07-10 09:18 - 2014-07-10 09:19 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\bd4
2014-07-10 09:19 - 2014-07-10 09:19 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\bd4\container.dat
2014-07-10 09:18 - 2014-07-10 09:20 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\bdc
2014-07-10 09:20 - 2014-07-10 09:20 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\bdc\container.dat
2014-07-10 13:05 - 2014-07-10 13:05 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\bfc
2014-07-09 15:22 - 2014-07-09 15:22 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\C2X5FEB
2014-07-09 15:22 - 2014-07-09 07:35 - 1117990 _____ () C:\Users\ronwa\AppData\Local\temp\C2X5FEB\Standard Production System.pptx
2014-07-10 09:31 - 2014-07-10 09:31 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\c48
2014-07-10 08:38 - 2014-07-10 08:49 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\c78
2014-07-10 08:39 - 2014-07-10 08:39 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\c78\container.dat
2014-07-10 11:42 - 2014-07-10 11:43 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\ca0
2014-07-10 11:43 - 2014-07-10 11:43 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\ca0\container.dat
2014-07-10 10:18 - 2014-07-10 10:18 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\cac
2014-07-09 15:31 - 2014-07-09 15:43 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\cdc
2014-07-09 15:33 - 2014-07-09 15:33 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\cdc\container.dat
2014-07-09 15:20 - 2014-07-09 15:32 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\ce4
2014-07-09 15:21 - 2014-07-09 15:21 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\ce4\container.dat
2014-07-09 14:54 - 2014-07-10 09:15 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\citrixlogs
2014-07-10 07:32 - 2014-07-10 09:15 - 0000126 _____ () C:\Users\ronwa\AppData\Local\temp\citrixlogs\queue.xml
2014-07-09 14:54 - 2014-07-09 15:44 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\citrixlogs\gotomeeting
2014-07-09 15:44 - 2014-07-10 12:44 - 0000615 _____ () C:\Users\ronwa\AppData\Local\temp\citrixlogs\gotomeeting\G2MUpdate.log
2014-07-09 14:54 - 2014-07-10 11:45 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\citrixlogs\gotomeeting\1350
2014-07-09 15:21 - 2014-07-10 09:31 - 0007779 _____ () C:\Users\ronwa\AppData\Local\temp\citrixlogs\gotomeeting\1350\G2MOutlookAddin.log
2014-07-09 15:21 - 2014-07-10 08:08 - 0011152 _____ () C:\Users\ronwa\AppData\Local\temp\citrixlogs\gotomeeting\1350\G2MOutlookAddin_last.log
2014-07-09 14:54 - 2014-07-10 11:45 - 0000248 _____ () C:\Users\ronwa\AppData\Local\temp\citrixlogs\gotomeeting\1350\G2MOutlookAddin_util.log
2014-07-09 15:18 - 2014-07-09 15:18 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\citrixlogs\gotomeeting\1350\log161E.tmp
2014-07-09 15:18 - 2014-07-09 15:57 - 0002088 _____ () C:\Users\ronwa\AppData\Local\temp\citrixlogs\gotomeeting\1350\log161E.tmp\G2MStart.log
2014-07-09 15:18 - 2014-07-09 15:57 - 0025810 _____ () C:\Users\ronwa\AppData\Local\temp\citrixlogs\gotomeeting\1350\log161E.tmp\GoToMeeting_00.log
2014-07-10 07:29 - 2014-07-10 07:29 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\citrixlogs\gotomeeting\1350\log26E0.tmp
2014-07-10 07:29 - 2014-07-10 07:32 - 0001853 _____ () C:\Users\ronwa\AppData\Local\temp\citrixlogs\gotomeeting\1350\log26E0.tmp\G2MStart.log
2014-07-10 07:29 - 2014-07-10 07:31 - 0017909 _____ () C:\Users\ronwa\AppData\Local\temp\citrixlogs\gotomeeting\1350\log26E0.tmp\GoToMeeting_00.log
2014-07-09 15:13 - 2014-07-09 15:13 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\citrixlogs\gotomeeting\1350\log383E.tmp
2014-07-09 15:13 - 2014-07-09 15:15 - 0002189 _____ () C:\Users\ronwa\AppData\Local\temp\citrixlogs\gotomeeting\1350\log383E.tmp\G2MStart.log
2014-07-09 15:13 - 2014-07-09 15:15 - 0022264 _____ () C:\Users\ronwa\AppData\Local\temp\citrixlogs\gotomeeting\1350\log383E.tmp\GoToMeeting_00.log
2014-07-09 14:54 - 2014-07-09 14:54 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\citrixlogs\gotomeeting\1350\log3B3B.tmp
2014-07-09 14:54 - 2014-07-09 15:10 - 0002275 _____ () C:\Users\ronwa\AppData\Local\temp\citrixlogs\gotomeeting\1350\log3B3B.tmp\G2MStart.log
2014-07-09 14:54 - 2014-07-09 15:10 - 0025255 _____ () C:\Users\ronwa\AppData\Local\temp\citrixlogs\gotomeeting\1350\log3B3B.tmp\GoToMeeting_00.log
2014-07-10 07:34 - 2014-07-10 07:34 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\citrixlogs\gotomeeting\1350\log48A3.tmp
2014-07-10 07:34 - 2014-07-10 07:35 - 0001853 _____ () C:\Users\ronwa\AppData\Local\temp\citrixlogs\gotomeeting\1350\log48A3.tmp\G2MStart.log
2014-07-10 07:34 - 2014-07-10 07:35 - 0012135 _____ () C:\Users\ronwa\AppData\Local\temp\citrixlogs\gotomeeting\1350\log48A3.tmp\GoToMeeting_00.log
2014-07-10 11:45 - 2014-07-10 11:45 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\citrixlogs\gotomeeting\1350\log6180.tmp
2014-07-10 11:45 - 2014-07-10 11:45 - 0001473 _____ () C:\Users\ronwa\AppData\Local\temp\citrixlogs\gotomeeting\1350\log6180.tmp\G2MStart.log
2014-07-10 11:45 - 2014-07-10 11:45 - 0066921 _____ () C:\Users\ronwa\AppData\Local\temp\citrixlogs\gotomeeting\1350\log6180.tmp\GoToMeeting_00.log
2014-07-10 09:14 - 2014-07-10 09:15 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\citrixlogs\gotomeeting\1350\log694C.tmp
2014-07-10 09:14 - 2014-07-10 09:15 - 0001853 _____ () C:\Users\ronwa\AppData\Local\temp\citrixlogs\gotomeeting\1350\log694C.tmp\G2MStart.log
2014-07-10 09:15 - 2014-07-10 09:15 - 0012302 _____ () C:\Users\ronwa\AppData\Local\temp\citrixlogs\gotomeeting\1350\log694C.tmp\GoToMeeting_00.log
2014-07-10 08:29 - 2014-07-10 08:29 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\citrixlogs\gotomeeting\1350\logE4A3.tmp
2014-07-10 08:29 - 2014-07-10 08:31 - 0001849 _____ () C:\Users\ronwa\AppData\Local\temp\citrixlogs\gotomeeting\1350\logE4A3.tmp\G2MStart.log
2014-07-10 08:29 - 2014-07-10 08:31 - 0022696 _____ () C:\Users\ronwa\AppData\Local\temp\citrixlogs\gotomeeting\1350\logE4A3.tmp\GoToMeeting_00.log
2014-07-10 08:32 - 2014-07-10 08:44 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\dc4
2014-07-10 08:33 - 2014-07-10 08:33 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\dc4\container.dat
2014-07-09 14:56 - 2014-07-09 14:56 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\DDNi
2014-07-09 14:57 - 2014-07-09 14:57 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\DNTException
2014-07-09 15:31 - 2014-07-09 15:33 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\e00
2014-07-09 15:33 - 2014-07-09 15:33 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\e00\container.dat
2014-07-10 11:56 - 2014-07-10 11:56 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\e64
2014-07-10 09:00 - 2014-07-10 09:03 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\e6c
2014-07-10 09:00 - 2014-07-10 09:00 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\e6c\container.dat
2014-07-09 15:15 - 2014-07-09 15:15 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\e70
2014-07-09 15:29 - 2014-07-09 15:42 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\ea4
2014-07-09 15:30 - 2014-07-09 15:30 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\ea4\container.dat
2014-07-09 15:20 - 2014-07-09 15:21 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\ee0
2014-07-09 15:21 - 2014-07-09 15:21 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\ee0\container.dat
2014-07-09 15:25 - 2014-07-10 07:47 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\EScan
2014-07-10 11:47 - 2014-07-10 11:48 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\f68
2014-07-10 11:48 - 2014-07-10 11:48 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\f68\container.dat
2014-07-10 10:46 - 2014-07-10 10:46 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\fa4
2014-07-10 12:15 - 2014-07-10 12:15 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\fac
2014-07-10 08:37 - 2014-07-10 08:48 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\fc0
2014-07-10 08:39 - 2014-07-10 08:39 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\fc0\container.dat
2014-07-10 07:30 - 2014-07-10 07:33 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\Google Toolbar
2014-07-09 14:55 - 2014-07-10 12:43 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\IECompatCache
2014-07-10 09:52 - 2014-07-10 12:43 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\IECompatCache\container.dat
2014-07-09 14:55 - 2014-07-10 08:44 - 0000000 __SHD () C:\Users\ronwa\AppData\Local\temp\iecompatuaCache
2014-07-10 08:44 - 2014-07-10 08:44 - 0000000 ___SH () C:\Users\ronwa\AppData\Local\temp\iecompatuaCache\container.dat
2014-07-09 14:55 - 2014-07-09 14:55 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\Low
2014-07-10 10:20 - 2014-07-10 10:20 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\VBE
2014-07-10 11:45 - 2014-07-10 11:45 - 0000000 ____D () C:\Users\ronwa\AppData\Local\temp\WPDNSE

====== End of Folder: ======

==== End of Fixlog ====



#12 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:41 AM

Posted 10 July 2014 - 02:34 PM

Ok. Please download Process Explorer and start it with administrator privileges.

Move your mouse over the dllhost.exe in the process list so that you get the little info box like in this image:

image_thumb_21.png

 

Please tell me the lines that are written there after "COM Class:".

Test all instances of dllhost.exe to see if they're all the same.


Edited by aharonov, 10 July 2014 - 02:35 PM.


#13 BartW

BartW
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:11:41 PM

Posted 10 July 2014 - 02:52 PM

Am I in the right place? it doesn't look like yours at all, I attached a screen shot.

 

When I hover it says

 

Command Line:

   C:\WINDOWS\SYSWOW64\DLLHOST.EXE

 

Path:

   C:\Windows\SysWOW64\dllhost.exe

 


Also, yes they are all the same

Attached Files



#14 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:41 AM

Posted 10 July 2014 - 03:29 PM

You did it right but it didn't work out..
Next try:

In process explorer again, select one instance on dllhost.exe by clicking on it. Then in the menu chose "View -> Lower Pane View -> DLLs". Now the windows should be split and in the lower pane there is a list of dll files. Please adjust the size of the lower pane so that the whole list is visible and post a screenshot of it.

#15 BartW

BartW
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:11:41 PM

Posted 10 July 2014 - 03:45 PM

There were too many dll's for me to get in one screen shot.  I did one, then rolled down then did the next, both are attached.

 

Again, I appreciate your help.

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users