Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need help with this log from RogueKiller(Possible rootkit)


  • This topic is locked This topic is locked
27 replies to this topic

#1 MrNobodyx

MrNobodyx

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:36 AM

Posted 25 November 2014 - 04:30 AM

Hello guys firstly i would like to thanks Tigzy for this awsome software he has created for us

I have ran a scan and it came back with this result which i have uploaded a log for reference. I am not sure if it was a positive or false positive so i need the help from the community thanks.

i have uploaded the log file i am unsure if there is a need to upload the possible infected dll? I am concern if this is a false postivive or not.

 

 

Edit:I am not sure if i have posted in the correct section move the thread if needed thanks! :)

Edit 2: I have ran SFC /SCANNOW on elavated cmd with no integrity violation and also virus, malware and rootkit scan using MBAM,rkill,mbar(malware bytes anti-rootkit),Kaspersky,TDSSKILLER and found nothing

Attached Files


Edited by MrNobodyx, 25 November 2014 - 05:06 AM.


BC AdBot (Login to Remove)

 


m

#2 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,896 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:36 AM

Posted 25 November 2014 - 11:16 AM

======Zoek.exe======

Take action to disable your antivirus and antispyware programs, as they may conflict with Zoek.exe
>> Info on how to disable your security applications > http://www.bleepingcomputer.com/forums/topic114351.html

Download 51a612a8b27e2-Zoek.pngzoek.exe to your desktop
  • If Internet Explorer, any other browser, or a security program issues a warning indicating the file is unsafe, please ignore, since it is a false warning.
Using Zoek.exe
  • On the Desktop, double-click Zoek.exe to start the tool.
    Windows Vista, 7 and 8 users right-click the file and select: Run as Administrator.
    Give the program a few seconds to appear.
  • Copy and paste the following script in the code box:
  • Note: This script is written for usage on this system only, do not use it on any other computer even if the problems are similar.
    standardsearch;
    torpigcheck;
    installedprogs;
    uninstall-list;
    srinfo;
    
  • Click the "Run script" button and wait patiently.
  • When finished the logfile will be opened in notepad.
  • If a reboot is needed the logfile will be opened after reboot.
  • The zoek-results.log can also be found on your systemdrive.
  • Please post the logfile for further review in your next comment.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#3 MrNobodyx

MrNobodyx
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:36 AM

Posted 25 November 2014 - 09:29 PM

It says log file is too huge



#4 MrNobodyx

MrNobodyx
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:36 AM

Posted 25 November 2014 - 09:40 PM

I am unable to post the log file file size is too huge!



#5 MrNobodyx

MrNobodyx
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:36 AM

Posted 25 November 2014 - 09:46 PM

I have split into two parts

Attached Files



#6 MrNobodyx

MrNobodyx
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:36 AM

Posted 25 November 2014 - 09:50 PM

======= C: =====
2014-11-24 07:48:10    D41D8CD98F00B204E9800998ECF8427E    0    ----a-w-    C:\cscript
====== C:\Users\xtre\AppData\Roaming ======
2014-11-26 04:39:25    --------    d-----w-    C:\Users\xtre\AppData\Local\CrashDumps
2014-11-24 21:37:42    --------    d-----w-    C:\Users\xtre\AppData\Roaming\iFunbox_UserCache
2014-11-24 21:36:56    --------    d-----w-    C:\Users\xtre\AppData\Local\Apple Computer
2014-11-24 21:36:55    --------    d-----w-    C:\Users\xtre\AppData\Roaming\Apple Computer
2014-11-24 21:35:58    --------    d-----w-    C:\Users\xtre\AppData\Local\Apple
2014-11-24 21:35:53    --------    d-----w-    C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\Apple Computer
2014-11-24 21:09:37    --------    d-----w-    C:\Users\xtre\AppData\Roaming\IDM
2014-11-24 21:09:37    --------    d-----w-    C:\Users\xtre\AppData\Roaming\DMCache
2014-11-24 21:09:33    --------    d-----w-    C:\Users\xtre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2014-11-24 21:08:14    --------    d-----w-    C:\Users\xtre\AppData\Roaming\vlc
2014-11-24 19:45:59    --------    d-----w-    C:\Users\xtre\AppData\Local\Adobe
2014-11-24 19:12:40    --------    d-----w-    C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\Microsoft
2014-11-24 05:10:01    --------    d-----w-    C:\Users\xtre\AppData\Local\Microsoft Help
2014-11-24 05:06:07    --------    d-----w-    C:\Users\xtre\AppData\Roaming\WinRAR
2014-11-24 05:05:12    --------    d-----w-    C:\Users\xtre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-11-24 05:02:54    --------    d-----w-    C:\Users\xtre\AppData\Local\Akamai
2014-11-24 04:36:11    B5D564A07E2079C7F1F89B8152B73772    418840    ----a-w-    C:\Windows\serviceprofiles\Localservice\AppData\Local\FontCache3.0.0.0.dat
2014-11-24 04:31:04    --------    d-sh--w-    C:\Users\xtre\AppData\Local\EmieBrowserModeList
2014-11-24 04:31:02    --------    d-sh--w-    C:\Users\xtre\AppData\Locallow\EmieBrowserModeList
2014-11-24 04:20:56    --------    d-----w-    C:\Users\xtre\AppData\Local\CyberGhost
2014-11-24 04:18:32    --------    d-----w-    C:\Users\xtre\AppData\Local\Programs
2014-11-24 02:55:02    --------    d-----w-    C:\Users\xtre\AppData\Roaming\Identities
2014-11-24 02:31:40    --------    d-----w-    C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft
2014-11-24 02:31:35    --------    d-----w-    C:\Users\xtre\AppData\Local\Google
2014-11-24 02:30:33    --------    d-----w-    C:\Users\xtre\AppData\Roaming\Mozilla
2014-11-24 02:30:33    --------    d-----w-    C:\Users\xtre\AppData\Local\Mozilla
2014-11-24 02:03:53    --------    d-----w-    C:\Users\xtre\AppData\Local\ElevatedDiagnostics
2014-11-24 02:03:36    --------    d-----w-    C:\Users\xtre\AppData\Local\Diagnostics
2014-11-24 02:03:09    --------    d-s---w-    C:\Windows\serviceprofiles\Localservice\AppData\Locallow\Microsoft
2014-11-24 01:53:31    --------    d-----w-    C:\Windows\serviceprofiles\Localservice\AppData\Local\PnrpSqm
2014-11-24 01:53:10    --------    d-----w-    C:\Users\xtre\AppData\Local\Skype
2014-11-24 01:53:04    --------    d-----w-    C:\Users\xtre\AppData\Roaming\Skype
2014-11-24 01:53:00    --------    d-s---w-    C:\Windows\sysWoW64\config\systemprofile\AppData\Locallow\Microsoft
2014-11-24 01:52:27    --------    d-----w-    C:\Windows\serviceprofiles\Localservice\AppData\Roaming\PeerNetworking
2014-11-24 01:52:16    --------    d-s---w-    C:\Windows\serviceprofiles\networkservice\AppData\Locallow\Microsoft
2014-11-24 01:52:05    --------    d-sh--w-    C:\Users\xtre\AppData\Locallow\EmieUserList
2014-11-24 01:52:04    --------    d-sh--w-    C:\Users\xtre\AppData\Local\EmieUserList
2014-11-24 01:52:04    --------    d-sh--w-    C:\Users\xtre\AppData\Local\EmieSiteList
2014-11-24 01:52:01    --------    d-sh--w-    C:\Users\xtre\AppData\Locallow\EmieSiteList
2014-11-24 01:50:19    --------    d-----r-    C:\Users\xtre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-11-24 01:50:19    --------    d-----r-    C:\Users\xtre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-11-24 01:50:11    --------    d-----w-    C:\Users\xtre\AppData\Roaming\Adobe
2014-11-24 01:50:09    --------    d-----w-    C:\Users\xtre\AppData\Local\VirtualStore
2014-11-24 01:50:01    --------    d-----w-    C:\Users\xtre\AppData\Local\Packages
2014-11-24 01:49:50    --------    d-s---w-    C:\Users\xtre\AppData\Locallow\Microsoft
2014-11-24 01:49:42    --------    d-s---w-    C:\Users\xtre\AppData\Roaming\Microsoft
2014-11-24 01:49:42    --------    d-----w-    C:\Users\xtre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-11-24 01:49:42    --------    d-----w-    C:\Users\xtre\AppData\Local\Temp
2014-11-24 01:49:42    --------    d-----w-    C:\Users\xtre\AppData\Local\Microsoft
2014-11-24 01:49:42    --------    d-----r-    C:\Users\xtre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-24 01:49:42    --------    d-----r-    C:\Users\xtre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-11-24 01:49:42    --------    d-----r-    C:\Users\xtre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-11-24 01:49:09    --------    d-s---w-    C:\Windows\SysNative\config\systemprofile\AppData\Locallow\Microsoft
2014-11-24 01:49:07    --------    d-s---w-    C:\Windows\SysNative\config\systemprofile\AppData\Roaming\Microsoft
====== C:\Users\xtre ======
2014-11-26 00:28:36    --------    d-----w-    C:\ProgramData\RogueKiller
2014-11-26 00:27:30    86D57AC9FEFD3B541F1A016C1A4ECFAC    18310232    ----a-w-    C:\Users\xtre\Desktop\RogueKillerX64.exe
2014-11-26 00:08:05    FCCD0F6A733248E8F624B9FE813F0324    1944824    ----a-w-    C:\Users\xtre\Desktop\rkill.exe
2014-11-24 21:37:37    --------    d-----w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\i-Funbox DevTeam
2014-11-24 21:36:53    --------    d-----w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-11-24 21:36:13    --------    d-----w-    C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-11-24 21:36:13    --------    d-----w-    C:\ProgramData\Apple Computer
2014-11-24 21:35:36    --------    d-----w-    C:\ProgramData\Apple
2014-11-24 21:09:37    --------    d-----w-    C:\ProgramData\IDM
2014-11-24 21:09:33    --------    d-----w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2014-11-24 19:07:31    --------    d-----w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-11-24 08:40:09    6504113C2218667814D4F54847BA046A    2140160    ----a-w-    C:\Users\xtre\Desktop\adwcleaner_4.101.exe
2014-11-24 07:23:50    --------    d-----r-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-11-24 05:10:00    --------    d-----w-    C:\ProgramData\Microsoft Help
2014-11-24 05:05:12    --------    d-----w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-11-24 04:18:37    --------    d-----w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost 5
2014-11-24 04:15:56    --------    d-----w-    C:\ProgramData\Kaspersky Lab
2014-11-24 02:31:53    --------    d-----w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-11-24 02:03:32    --------    d-sh--w-    C:\Users\xtre\IntelGraphicsProfiles
2014-11-24 01:53:01    --------    d-----w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-11-24 01:52:57    --------    d-----w-    C:\ProgramData\Skype
2014-11-24 01:50:19    --------    d-----r-    C:\Users\xtre\Searches
2014-11-24 01:50:19    --------    d-----r-    C:\Users\xtre\Contacts
2014-11-24 01:49:43    6FC234AD3752E1267B34FB12BCD6718B    20    --sh--w-    C:\Users\xtre\ntuser.ini
2014-11-24 01:49:42    --------    d--h--w-    C:\Users\xtre\AppData
2014-11-24 01:49:42    --------    d-----r-    C:\Users\xtre\Videos
2014-11-24 01:49:42    --------    d-----r-    C:\Users\xtre\Saved Games
2014-11-24 01:49:42    --------    d-----r-    C:\Users\xtre\Pictures
2014-11-24 01:49:42    --------    d-----r-    C:\Users\xtre\Music
2014-11-24 01:49:42    --------    d-----r-    C:\Users\xtre\Links
2014-11-24 01:49:42    --------    d-----r-    C:\Users\xtre\Favorites
2014-11-24 01:49:42    --------    d-----r-    C:\Users\xtre\Downloads
2014-11-24 01:49:42    --------    d-----r-    C:\Users\xtre\Documents
2014-11-24 01:49:42    --------    d-----r-    C:\Users\xtre\Desktop

====== C: exe-files ==
2014-11-26 04:37:06    E273331224005C5A8A504164373DE1DC    535304    ----a-w-    C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
2014-11-26 04:37:06    9E47522861242EE002D7F385C35D1322    2887824    ----a-w-    C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
2014-11-26 04:37:06    5B3DE7968D23B476AFB256D8014B25B9    333424    ----a-w-    C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScannerA.exe
2014-11-26 04:37:06    3C3F35C91F230493B088B334E39D1F7A    358144    ----a-w-    C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
2014-11-26 02:09:09    2AD9820E4B17E78110A6AA06BF5C1CE2    4184008    ----a-w-    C:\Users\xtre\Downloads\Programs\tdsskiller.exe
2014-11-26 00:27:30    86D57AC9FEFD3B541F1A016C1A4ECFAC    18310232    ----a-w-    C:\Users\xtre\Desktop\RogueKillerX64.exe
2014-11-26 00:11:30    FAB83053CAE661446491946824E843CC    821560    ----a-w-    C:\Users\xtre\Desktop\mbar\Plugins\fixdamage.exe
2014-11-26 00:11:30    EACCC127C05090878AC0153FA17C4E65    54072    ----a-w-    C:\Users\xtre\Desktop\mbar\mbamdor.exe
2014-11-26 00:11:30    2E65369E31EC7B7C95ABCD5516A06B5F    1216824    ----a-w-    C:\Users\xtre\Desktop\mbar\mbar.exe
2014-11-26 00:08:05    FCCD0F6A733248E8F624B9FE813F0324    1944824    ----a-w-    C:\Users\xtre\Desktop\rkill.exe
2014-11-24 21:37:37    4B4FD5B4C1585FEF9448813D5242EBA7    162816    ----a-w-    C:\Program Files (x86)\i-Funbox DevTeam\updater.exe
2014-11-24 21:37:36    E100286D0F3E0CA1F3F06234FEB029DE    2520064    ----a-w-    C:\Program Files (x86)\i-Funbox DevTeam\iFunBox.exe
2014-11-24 21:37:36    55356DB055CCA43551333017C9009478    1194185    ----a-w-    C:\Program Files (x86)\i-Funbox DevTeam\unins000.exe
2014-11-24 21:07:22    52437302E4A48A6915AFE987423A1587    275217    ----a-w-    C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe
2014-11-24 08:40:09    6504113C2218667814D4F54847BA046A    2140160    ----a-w-    C:\Users\xtre\Desktop\adwcleaner_4.101.exe
2014-11-24 07:19:29    A8DCB154A1FFB849B5315CCBDFD677B6    214616    ----a-w-    C:\MSOCache\All Users\{90150000-0011-0000-1000-0000000FF1CE}-C\setup.exe
2014-11-24 07:19:20    11E0B35479C895888BA3D7F619DCFFF3    178760    ----a-w-    C:\MSOCache\All Users\{90150000-0011-0000-1000-0000000FF1CE}-C\ose.exe
2014-11-24 05:05:08    A7BD161340441E05660A35BEDD3C0D3E    61528    ----a-w-    C:\Program Files\WinRAR\Ace32Loader.exe
2014-11-24 05:05:07    D6E12AA71AF6F8EFB3B2EC6AB248C994    186968    ----a-w-    C:\Program Files\WinRAR\Uninstall.exe
2014-11-24 05:05:07    CC5C25A53E17302A24522A2782BD8849    527448    ----a-w-    C:\Program Files\WinRAR\Rar.exe
2014-11-24 05:05:07    B48F8B86F0E2CD510E8A58CE424EEFF7    332376    ----a-w-    C:\Program Files\WinRAR\UnRAR.exe
2014-11-24 05:05:07    5BFE3084837BAB6C17B4BD1379E8CED5    1500248    ----a-w-    C:\Program Files\WinRAR\WinRAR.exe
2014-11-24 05:02:57    1B34EF0654A5BDF63CC2C4D39503A504    4570000    ----a-w-    C:\Users\xtre\AppData\Local\Akamai\ControlPanel.exe
2014-11-24 04:45:13    5E0458CFB499C7641F35CB1FFD5F69BD    400456    ----a-w-    C:\Program Files (x86)\InstallShield Installation Information\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}\setup.exe
2014-11-24 04:45:11    BCE3974EB6C6A535062A8D1EAF757513    55840    ------w-    C:\Program Files (x86)\Realtek\Realtek Card Reader\SetEHCIKey.exe
2014-11-24 04:45:11    BA9F72B06199A2E92852D77F74354377    2474056    ----a-w-    C:\Program Files (x86)\Realtek\Realtek Card Reader\RIconMan.exe
2014-11-24 04:45:11    9B9939DE3454A62A8B450C2937266462    90696    ----a-w-    C:\Program Files (x86)\Realtek\Realtek Card Reader\revcon64.exe
2014-11-24 04:45:11    8B23FB9DD8CDF72B7C8A598FE9E1336C    563416    ------w-    C:\Program Files (x86)\Realtek\Realtek Card Reader\Rmb.exe
2014-11-24 04:45:11    57C5A20DA6D63CBFAB28A0EDFE911CD3    86600    ----a-w-    C:\Program Files (x86)\Realtek\Realtek Card Reader\revcon32.exe
2014-11-24 04:24:50    6DBE73C09215E281F4283641144110A5    35480    ----a-w-    C:\Windows\System32\TsWpfWrp.exe
2014-11-24 04:24:50    38045850ACB96313A1983A8803302906    35480    ----a-w-    C:\Windows\SysWOW64\TsWpfWrp.exe
2014-11-24 04:20:53    946D1AE94B07B8772CF96E6C7575B847    83823    ----a-w-    C:\Program Files\TAP-Windows\Uninstall.exe
2014-11-24 04:18:36    F2A37CE935727EE62F76D5763C39EAC3    856920    ----a-w-    C:\Program Files\CyberGhost 5\Data\OpenVPN\openssl.exe
2014-11-24 04:18:36    D8FED32CA7893009276518CD74978FC3    675640    ----a-w-    C:\Program Files\CyberGhost 5\Data\OpenVPN\openvpn.exe
2014-11-24 04:18:36    B00DC457F1E921FCB9974B44CA25A829    410216    ----a-w-    C:\Program Files\CyberGhost 5\CyberGhost.exe
2014-11-24 04:18:36    AC9B2624EF366742C9AD32B86225A251    240536    ----a-w-    C:\Program Files\CyberGhost 5\Data\OpenVPN\tap-windows_64.exe
2014-11-24 04:18:36    AC9B2624EF366742C9AD32B86225A251    240536    ----a-w-    C:\Program Files\CyberGhost 5\Data\OpenVPN\tap-windows.exe
2014-11-24 04:18:36    82BEB702209AA9C0CC9CA78D2E42322A    121448    ----a-w-    C:\Program Files\CyberGhost 5\Data\Tools\certutil.exe
2014-11-24 04:18:36    4B4D0C47B19D1B52E4C244C828FA9338    1206888    ----a-w-    C:\Program Files\CyberGhost 5\unins000.exe
2014-11-24 04:18:36    4573FDAC7E69211FA057E7DE54C81292    56936    ----a-w-    C:\Program Files\CyberGhost 5\makecert.exe
2014-11-24 04:18:36    37C753D5AB2DBA14E7B7E1DC56B87C27    445352    ----a-w-    C:\Program Files\CyberGhost 5\wyUpdate.exe
2014-11-24 04:18:36    2FEA072433696EC7CC109FD42CBBA6A8    78952    ----a-w-    C:\Program Files\CyberGhost 5\Data\Tools\nvspbind.exe
2014-11-24 04:18:36    268390B1AA638C548171BEDB7C316BE0    831080    ----a-w-    C:\Program Files\CyberGhost 5\Data\Tools\nwchelper.exe
2014-11-24 04:18:36    0E098D1938FD2B7DB85FB7078D2C91D1    575592    ----a-w-    C:\Program Files\CyberGhost 5\Data\Tools\FirewallHelper.exe
2014-11-24 04:18:36    08D4BD3F12DFF3A11E4F2C09745DA0FA    64616    ----a-w-    C:\Program Files\CyberGhost 5\Service.exe
2014-11-24 03:57:04    A7B22A0542D02AB67A0A0D3107DD53F0    275080    ------w-    C:\Windows\System32\MpSigStub.exe
2014-11-24 03:24:55    D92FB5770CBDE049A4732B76A77F6864    103374192    ----a-w-    C:\Windows\System32\MRT.exe
2014-11-24 02:41:14    4B37A33F4F5237BF02E537F8D12D1129    2207488    ----a-w-    C:\Windows\SysWOW64\explorer.exe
2014-11-24 02:41:12    3E1AB61882114C3CD9368E289C72CCA2    372400    ----a-w-    C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
2014-11-24 02:41:11    85D47EB257B06094F052E0C8AEFA3BEE    2501368    ----a-w-    C:\Windows\explorer.exe
2014-11-24 02:41:09    3CB8568B576AE4C77FDA55CBC3B4F29D    7474496    ----a-w-    C:\Windows\System32\ntoskrnl.exe
2014-11-24 02:40:44    C4B19856F8BA56B3BE2E5F6AE3668C14    3118096    ----a-w-    C:\Windows\System32\WpcMon.exe
2014-11-24 02:40:44    840456C7950F0F720034A3551B9084C6    360448    ----a-w-    C:\Windows\System32\rdpclip.exe
2014-11-24 02:40:44    4D9EBA81A03CCDB6C301FA619D37A0B6    165888    ----a-w-    C:\Windows\System32\rdpinput.exe
2014-11-24 02:40:40    3FCC4EA8045B78B3D20880D117B1525F    4690432    ----a-w-    C:\Windows\System32\xpsrchvw.exe
2014-11-24 02:40:29    CAFF452152F2EF1CD888A78AA8B10D20    29696    ----a-w-    C:\Windows\SysWOW64\wuapp.exe
2014-11-24 02:40:29    AA941FA93495C22D9CE2056E62D38C38    35840    ----a-w-    C:\Windows\System32\wuapp.exe
2014-11-24 02:40:29    6DA660F80D71F40790D357C8B66DFA28    55776    ----a-w-    C:\Windows\System32\wuauclt.exe
2014-11-24 02:40:20    EF4EF8833FE1B8E08E6D0736F3B0BE02    366080    ----a-w-    C:\Windows\System32\MDEServer.exe
2014-11-24 02:40:20    DC649F6A8D565722C5861FB5B25F269B    3553280    ----a-w-    C:\Windows\SysWOW64\xpsrchvw.exe
2014-11-24 02:40:20    0AB4454AA8FE8746D9DBBB118CB1AFC0    1478144    ----a-w-    C:\Program Files\Windows Media Player\wmpnetwk.exe
2014-11-24 02:40:19    0F482667A9E21B73590DC55FF52A726A    2003456    ----a-w-    C:\Windows\System32\mmc.exe
2014-11-24 02:40:14    D9B22E20CA388418C89F9F351E20F27C    3724800    ----a-w-    C:\Windows\System32\WinSAT.exe
2014-11-24 02:40:13    935532BF3E1A6EABBF3BB43E44ACAEF1    1843712    ----a-w-    C:\Windows\System32\WMPDMC.exe
2014-11-24 02:40:12    D760CBE8ADA11F064A08D60AF62FD9F2    1586688    ----a-w-    C:\Program Files\Common Files\microsoft shared\ink\mip.exe
2014-11-24 02:40:10    B316385FD7C1E1CBAD339C33CF3C0409    1563136    ----a-w-    C:\Windows\SysWOW64\mmc.exe
2014-11-24 02:40:07    8519218ECB3C67B13A7CCAD4453B6012    755712    ----a-w-    C:\Windows\SysWOW64\osk.exe
2014-11-24 02:40:07    17BD0C6AA822D5957EF63E3884CF5BC2    833536    ----a-w-    C:\Windows\System32\osk.exe
2014-11-24 02:40:06    440361CE1AE458B20C16E2D96E7AD592    1478144    ----a-w-    C:\Windows\SysWOW64\WMPDMC.exe
2014-11-24 02:40:04    ACFB8C8D67121F79B0D4D64DEE0AF45B    903168    ----a-w-    C:\Windows\System32\SearchIndexer.exe
2014-11-24 02:40:04    226B4A88EB18B3A86B6D56B0FC05F35C    6692352    ----a-w-    C:\Windows\System32\mspaint.exe
2014-11-24 02:40:04    0A98E3657F37F1EFC2F9A7EEB2131EE6    881152    ----a-w-    C:\Windows\System32\printfilterpipelinesvc.exe
2014-11-24 02:40:04    08F907936CCEA76361C7B8769A263BCB    724480    ----a-w-    C:\Windows\System32\WWAHost.exe
2014-11-24 02:40:03    2D7A23572055B1B0358CC86E61042FD5    4610048    ----a-w-    C:\Program Files\Windows NT\Accessories\wordpad.exe
2014-11-24 02:40:03    2A488C54E43AACE58DAE37C0D0161945    2138112    ----a-w-    C:\Program Files\Windows Journal\Journal.exe
2014-11-24 02:40:02    D43F34B4901C499FE13798149879DCD8    161960    ----a-w-    C:\Windows\System32\CompatTel\QueryAppBlock.exe
2014-11-24 02:40:02    679A800CFFBB8EA970506887045F2E41    46752    ----a-w-    C:\Windows\System32\CompatTel\wicainventory.exe
2014-11-24 02:40:01    A7B70CC424CDA9813E0FAA1E6E165D80    626176    ----a-w-    C:\Windows\SysWOW64\WWAHost.exe
2014-11-24 02:40:01    9361355721F51E3A25DF53702D10E9DE    19264    ----a-w-    C:\Windows\System32\dllhost.exe
2014-11-24 02:40:01    770BAA636F3B61DA7E414421444F84FD    272248    ----a-w-    C:\Windows\System32\audiodg.exe
2014-11-24 02:40:01    03FD9DA4FDC8F31D287CDE45CBA89B2F    642560    ----a-w-    C:\Windows\System32\MDMAgent.exe
2014-11-24 02:39:59    9D80704514E761D225E3FE6AB01FD021    653312    ----a-w-    C:\Windows\System32\SettingSyncHost.exe
2014-11-24 02:39:59    36985672B1DB833CEC11A51BC9F8C671    1497600    ----a-w-    C:\Windows\System32\RecoveryDrive.exe
2014-11-24 02:39:57    9919D598108E8E449D98ABA2C43D2F20    1103768    ----a-w-    C:\Windows\SysWOW64\Taskmgr.exe
2014-11-24 02:39:57    1B84FBA247447BBF80A0883495823263    6465536    ----a-w-    C:\Windows\SysWOW64\mspaint.exe
2014-11-24 02:39:56    FF7F81D48A8F8D3954AB46265423FCF8    925696    ----a-w-    C:\Windows\System32\autoconv.exe
2014-11-24 02:39:56    DAD789C1C1B03311DC7FCFEB5D1520E4    1239576    ----a-w-    C:\Windows\System32\Taskmgr.exe
2014-11-24 02:39:56    B72B52259E744B7C2D174FC69D422D83    1060352    ----a-w-    C:\Windows\SysWOW64\certutil.exe
2014-11-24 02:39:56    6415421246DCE336D640BCCECA9F2D2B    846336    ----a-w-    C:\Windows\System32\InputMethod\JPN\JpnIME.exe
2014-11-24 02:39:55    A81988DCC4FA440AA88B84CA452F5E22    1571328    ----a-w-    C:\Windows\System32\wbengine.exe
2014-11-24 02:39:55    78B0100BE4A533819A043093FC64CE3E    710144    ----a-w-    C:\Windows\SysWOW64\SearchIndexer.exe
2014-11-24 02:39:53    3D1CD0D52BAFAE2E6CA090B034BFFFD2    524288    ----a-w-    C:\Windows\SysWOW64\SettingSyncHost.exe
2014-11-24 02:39:52    FCB156A6745631A67DEA61827061D483    827392    ----a-w-    C:\Windows\System32\spoolsv.exe
2014-11-24 02:39:52    D79B371BD8F72E7CA56BAB578142E84A    832000    ----a-w-    C:\Windows\SysWOW64\autoconv.exe
2014-11-24 02:39:52    9DBE490B2EFF17E4409A03C7CC79A5D9    4327936    ----a-w-    C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
2014-11-24 02:39:50    94FAFD473CDD80CE19A21FB9503D7ED1    1454080    ----a-w-    C:\Windows\System32\VSSVC.exe
2014-11-24 02:39:49    A4049225E5D28033760E81F220B146F5    784384    ----a-w-    C:\Windows\System32\lpksetup.exe
2014-11-24 02:39:47    E22E6FA0D6CB00DCB986AB7385645043    861696    ----a-w-    C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe
2014-11-24 02:39:47    80E856B1AFAEB6195EADAAD65945147C    1001472    ----a-w-    C:\Windows\HelpPane.exe
2014-11-24 02:39:46    26DC0A5AC057092223DAC9AE332D09D5    475136    ----a-w-    C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
2014-11-24 02:39:46    1DF2FC82B861BC9612657D1661E9AE33    514560    ----a-w-    C:\Windows\System32\wbem\WmiPrvSE.exe
2014-11-24 02:39:45    8A4D808D1EC7C1C47B2C8BF488A9A07A    1313792    ----a-w-    C:\Windows\System32\vds.exe
2014-11-24 02:39:45    502050ECE2A5F1FBDCC467FB3C96A2C2    933376    ----a-w-    C:\Windows\System32\calc.exe
2014-11-24 02:39:45    2AED7F68A9F7F31C22D655E707E09AA5    637952    ----a-w-    C:\Windows\System32\IME\SHARED\IMEWDBLD.EXE
2014-11-24 02:39:43    CFC1DE2EB39CC6446429876044BAB0B5    662120    ----a-w-    C:\Windows\System32\DMRServer.exe
2014-11-24 02:39:43    BBDCDEA5CD2CA0470A21B00F05CE97FB    1291776    ----a-w-    C:\Windows\System32\certutil.exe
2014-11-24 02:39:43    330C8CBD4343D04E72834B159D260E78    418816    ----a-w-    C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
2014-11-24 02:39:43    1B130B95523628679C264A3855167BFB    616960    ----a-w-    C:\Windows\System32\msra.exe
2014-11-24 02:39:42    70696A95F26778CFCB106ECEAA40F4D9    1519560    ----a-w-    C:\Windows\System32\winload.exe
2014-11-24 02:39:42    70696A95F26778CFCB106ECEAA40F4D9    1519560    ----a-w-    C:\Windows\System32\Boot\winload.exe
2014-11-24 02:39:42    1F90837902E14A8687EB059C9770D5B2    599552    ----a-w-    C:\Windows\System32\RMActivate_isv.exe
2014-11-24 02:39:40    82AD083D4F5A164FA1A9FCECB853E98F    569344    ----a-w-    C:\Windows\System32\RMActivate.exe
2014-11-24 02:39:39    B7314F539E17BE50C374E2486BC571BD    943616    ----a-w-    C:\Windows\System32\WFS.exe
2014-11-24 02:39:38    F28A6788920165FA30FA4E05DC6B2651    816128    ----a-w-    C:\Windows\SysWOW64\calc.exe
2014-11-24 02:39:38    6F94A57D1F05A1A68C33D49B6751C8C6    479744    ----a-w-    C:\Windows\System32\StikyNot.exe
2014-11-24 02:39:38    5BF02EBEFEDC706318C96E2E60EDCB91    411128    ----a-w-    C:\Windows\System32\services.exe
2014-11-24 02:39:38    3663F0BB881A16A689F33A21C1A3C76B    1356840    ----a-w-    C:\Windows\System32\winresume.exe
2014-11-24 02:39:38    28C17798ECB0E8D548CEEDEC6CCE2640    516096    ----a-w-    C:\Windows\System32\wbem\WMIC.exe
2014-11-24 02:39:37    E7163A1B260E5ACC75B79C89D8D67D26    31496    ----a-w-    C:\Windows\System32\CameraSettingsUIHost.exe
2014-11-24 02:39:37    D3F3E871637A7BA65D9A53C2DAD666AF    562688    ----a-w-    C:\Windows\SysWOW64\RMActivate_isv.exe
2014-11-24 02:39:37    C7EF6AFE6D2D06AFAB1C8876BCA66E6D    271152    ----a-w-    C:\Windows\System32\SystemSettingsAdminFlows.exe
2014-11-24 02:39:37    5DF6298DDD28823F787A35D443B6CF1A    87296    ----a-w-    C:\Windows\ImmersiveControlPanel\SystemSettings.exe
2014-11-24 02:39:37    3FA8D5D1D5806847389B252F205B9C72    27360    ----a-w-    C:\Windows\System32\SystemSettingsRemoveDevice.exe
2014-11-24 02:39:36    789FC70CD6956C3E480630385CBFBE12    1171456    ----a-w-    C:\Windows\System32\mstsc.exe
2014-11-24 02:39:35    FBB333226156159B843F31253708B853    543744    ----a-w-    C:\Windows\SysWOW64\RMActivate.exe
2014-11-24 02:39:35    F196DD5DF14BA47DDC18D8771075C09A    343040    ----a-w-    C:\Windows\System32\IME\SHARED\ImeBroker.exe
2014-11-24 02:39:35    3BB588C6C4B35DE5C438E8CBADAE0D9B    1086976    ----a-w-    C:\Windows\SysWOW64\mstsc.exe
2014-11-24 02:39:33    62C46287E2B5C73D37B9EC1B2ECCF39B    485376    ----a-w-    C:\Windows\SysWOW64\IME\SHARED\IMEWDBLD.EXE
2014-11-24 02:39:33    3AAB3F3107C0F2FDE2AD082EB98A84EA    981504    ----a-w-    C:\Windows\SysWOW64\msdt.exe
2014-11-24 02:39:32    7474098E40072B5C6C5D16B562AE81FF    468480    ----a-w-    C:\Windows\System32\taskeng.exe
2014-11-24 02:39:31    A0B632173B5BFE54FDD022174710E89D    604160    ----a-w-    C:\Windows\System32\IME\IMEJP\IMJPDCT.EXE
2014-11-24 02:39:28    F9AC348C7124900311A5B6AE25AEFE2D    342528    ----a-w-    C:\Windows\System32\diskraid.exe
2014-11-24 02:39:28    71F99D108A429C131E8335B5E4FE01F9    1041920    ----a-w-    C:\Windows\System32\msdt.exe
2014-11-24 02:39:27    B32D42B7A7E2C2CF608E78516332C319    337408    ----a-w-    C:\Windows\System32\SearchProtocolHost.exe
2014-11-24 02:39:27    351A11A1AEE5A501342B2A67F40E36E0    543744    ----a-w-    C:\Windows\System32\Speech\SpeechUX\SpeechUXWiz.exe
2014-11-24 02:39:25    AB4E20D1EBC31110537B02C33BA1EC3D    494592    ----a-w-    C:\Windows\System32\RMActivate_ssp_isv.exe
2014-11-24 02:39:24    F3707AD1248E34793E779D33ECE3F883    306176    ----a-w-    C:\Windows\System32\WUDFHost.exe
2014-11-24 02:39:24    EF58D13E22CD654D3973694E459C0A63    493568    ----a-w-    C:\Windows\System32\RMActivate_ssp.exe
2014-11-24 02:39:23    179606714C1C3B2CDB842CBC861F70D2    1913128    ----a-w-    C:\Windows\System32\DisplaySwitch.exe
2014-11-24 02:39:22    F5AE03DE0AD60F5B17B82F2CD68402FE    357376    ----a-w-    C:\Windows\System32\cmd.exe
2014-11-24 02:39:22    EB7963B1EAF76D24490F577C68ABD5A2    488448    ----a-w-    C:\Windows\SysWOW64\IME\IMEJP\IMJPDCT.EXE
2014-11-24 02:39:22    C0EEC0815A343B93969777DE7EDCAA60    404480    ----a-w-    C:\Windows\SysWOW64\wbem\WMIC.exe
2014-11-24 02:39:21    F1422C3B0232F78BFB19B51CBC88BB50    294880    ----a-w-    C:\Windows\System32\bdeunlock.exe
2014-11-24 02:39:21    EEBAD566FFB5AB7E5E716562E29789EC    324608    ----a-w-    C:\Windows\System32\IME\IMEJP\imjpuexc.exe
2014-11-24 02:39:21    9A064223317CD4058E7DC3828A14ACC0    119808    ----a-w-    C:\Windows\System32\InputMethod\CHS\ChsIME.exe
2014-11-24 02:39:21    7C018DAE249465A4355E6BBD419BAEFA    249344    ----a-w-    C:\Windows\System32\InputMethod\KOR\KorIME.exe
2014-11-24 02:39:21    707D808C66602C637ED4B0E2A6369CC0    449536    ----a-w-    C:\Windows\System32\Sysprep\sysprep.exe
2014-11-24 02:39:21    5239F0E6FED485B613FEE5A3148E8265    115712    ----a-w-    C:\Windows\System32\InputMethod\CHT\ChtIME.exe
2014-11-24 02:39:21    35687E363B171A26E1D96C9E98DA7312    369640    ----a-w-    C:\Windows\vpnplugins\juniper\JunosPulseVpn.exe
2014-11-24 02:39:20    D1830D0DFA71A88D85050C0E5FEA21F1    284672    ----a-w-    C:\Windows\System32\Dxpserver.exe
2014-11-24 02:39:20    B044D24DD6710D6609C288AFFB176FAE    272896    ----a-w-    C:\Windows\SysWOW64\SearchProtocolHost.exe
2014-11-24 02:39:20    5D5DB4E622155C23762004355D21DCED    483328    ----a-w-    C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-11-24 02:39:20    405857FAFED20C6648876A96BB780A1B    482304    ----a-w-    C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-11-24 02:39:19    94CCF6030081F088DA5068DF780755AC    1906872    ----a-w-    C:\Windows\SysWOW64\DisplaySwitch.exe
2014-11-24 02:39:19    736F623EC009672F7FC2C2935B2498D4    316416    ----a-w-    C:\Windows\SysWOW64\certreq.exe
2014-11-24 02:39:18    BA6D57C56752EA3C2E68F96EDB2C746B    536576    ----a-w-    C:\Windows\System32\migwiz\migwiz.exe
2014-11-24 02:39:18    9834FA3ABD72CAF3C172055EAEF8796D    284672    ----a-w-    C:\Windows\SysWOW64\diskraid.exe
2014-11-24 02:39:18    480EFB85D77BC06DBA0656D288E6EEB8    1807360    ----a-w-    C:\Program Files (x86)\Windows Media Player\setup_wm.exe
2014-11-24 02:39:17    D5669294F78A7D48C318EF22D5685BA7    361472    ----a-w-    C:\Windows\System32\conhost.exe
2014-11-24 02:39:16    622D21C40A25F9834A03BFD5FF4710C1    315392    ----a-w-    C:\Windows\SysWOW64\cmd.exe
2014-11-24 02:39:16    36E9B9F507662FCA8D6BEB02DF93394C    371200    ----a-w-    C:\Windows\System32\msinfo32.exe
2014-11-24 02:39:16    36E9B9F507662FCA8D6BEB02DF93394C    371200    ----a-w-    C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe
2014-11-24 02:39:16    2787F786619099A7DF635E35C569C9E4    242176    ----a-w-    C:\Windows\System32\wevtutil.exe
2014-11-24 02:39:15    F94CC07307376D39D9D3C7365ADED51F    333824    ----a-w-    C:\Windows\SysWOW64\msinfo32.exe
2014-11-24 02:39:15    F94CC07307376D39D9D3C7365ADED51F    333824    ----a-w-    C:\Program Files (x86)\Common Files\Microsoft Shared\MSInfo\msinfo32.exe
2014-11-24 02:39:15    EA4F8F483DFD664C61BD9EE7AD5C72D5    359936    ----a-w-    C:\Windows\SysWOW64\taskeng.exe
2014-11-24 02:39:15    6CE3735B6EFED65A643C31A0D696536D    18584    ----a-w-    C:\Windows\System32\SlideToShutDown.exe
2014-11-24 02:39:15    56D4EB246D12C31FDFD7010084023DD3    233448    ----a-w-    C:\Windows\System32\ProximityUxHost.exe
2014-11-24 02:39:15    461F690E23BD38DF5EA544F2261B882C    216576    ----a-w-    C:\Windows\System32\gpresult.exe
2014-11-24 02:39:15    3D38C52024AE85C056C2F08D168AAB5E    796160    ----a-w-    C:\Windows\System32\mblctr.exe
2014-11-24 02:39:15    2FC9CB23274026E3B3A4ADAA007AB95F    34568    ----a-w-    C:\Windows\System32\UserAccountBroker.exe
2014-11-24 02:39:15    25F1FD8901377D14854F53D2A1DF1963    29408    ----a-w-    C:\Windows\System32\PickerHost.exe
2014-11-24 02:39:14    CB9A4E4D752179CDD226CEDAF991AECA    517120    ----a-w-    C:\Windows\System32\wimserv.exe
2014-11-24 02:39:13    6A0628874E4857DCB9715C2F1522CEBE    433664    ----a-w-    C:\Windows\System32\wksprt.exe
2014-11-24 02:39:12    E49BDA4B3B6D5679B71C30CDF48AA31D    181816    ----a-w-    C:\Windows\System32\AuthHost.exe
2014-11-24 02:39:11    FC94451298C32170A5DCB8581586585A    161792    ----a-w-    C:\Windows\System32\diskpart.exe
2014-11-24 02:39:11    4E4B7C64792041557A3592B7793D3C7F    192512    ----a-w-    C:\Windows\SysWOW64\gpresult.exe
2014-11-24 02:39:10    4967093B32BDDABA9193360A1EF3F649    177664    ----a-w-    C:\Windows\SysWOW64\wevtutil.exe
2014-11-24 02:39:10    438AE824E136CFB1CC3466299763F70D    242688    ----a-w-    C:\Windows\SysWOW64\IME\IMEJP\imjpuexc.exe
2014-11-24 02:39:10    304B6AEC4639A7CCCCF544C6BA6177B2    658944    ----a-w-    C:\Windows\System32\FXSSVC.exe
2014-11-24 02:39:09    A631ACD5979C5F362CF6CD50CA8CEC88    197632    ----a-w-    C:\Windows\System32\appidpolicyconverter.exe
2014-11-24 02:39:09    9FABC89E9C0047A7E393DCBB7F22D3CE    184832    ----a-w-    C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
2014-11-24 02:39:09    9C41BBF210D922C2A3621021F2EF4095    248832    ----a-w-    C:\Windows\System32\FXSCOVER.exe
2014-11-24 02:39:09    9583B495D80B586548B0E87E92E87578    475648    ----a-w-    C:\Windows\System32\SnippingTool.exe
2014-11-24 02:39:09    56D59A78F7E260137706C681F808B5B9    272896    ----a-w-    C:\Windows\SysWOW64\esentutl.exe
2014-11-24 02:39:09    1477D34880BC5D81B40C58EF3799A604    585728    ----a-w-    C:\Windows\System32\recimg.exe
2014-11-24 02:39:08    63182B43F5E479840C1C7648042C9F1C    145920    ----a-w-    C:\Windows\SysWOW64\diskpart.exe
2014-11-24 02:39:08    4880B02DCFFE654496BD4A1FFEA522A6    384000    ----a-w-    C:\Windows\System32\certreq.exe
2014-11-24 02:39:08    1275462A4337DBC5518859316BEF262C    413136    ----a-w-    C:\Windows\SysWOW64\WerFault.exe
2014-11-24 02:39:07    65F1E257505D7FCDD3360B1764E5CBCA    369152    ----a-w-    C:\Windows\SysWOW64\tracerpt.exe
2014-11-24 02:39:07    184D10CE4DC3456B5A39BE9CD273E7E5    846848    ----a-w-    C:\Windows\System32\Magnify.exe
2014-11-24 02:39:06    6A13392704DA5A0504C60EBBB64A44C8    779776    ----a-w-    C:\Windows\SysWOW64\Magnify.exe
2014-11-24 02:39:05    EAF16851F7F6DF68558EE35F9AC22939    22208    ----a-w-    C:\Windows\System32\PurchaseWindowsLicense.exe
2014-11-24 02:39:05    DA0973777069BEFF69D9D89476340104    216920    ----a-w-    C:\Windows\System32\SndVol.exe
2014-11-24 02:39:05    B411D87B239022E69B2B4B381A70EA91    248320    ----a-w-    C:\Windows\SysWOW64\mcbuilder.exe
2014-11-24 02:39:05    75C6D3709E8B616D9ED14E2B390DCFEB    278392    ----a-w-    C:\Windows\System32\wkspbroker.exe
2014-11-24 02:39:05    707D3D8A2A2F1B8923C383AEF6370AF7    229376    ----a-w-    C:\Windows\System32\bitsadmin.exe
2014-11-24 02:39:05    61B53950F13B05BDA1653B0007C75F93    566784    ----a-w-    C:\Windows\SysWOW64\psr.exe
2014-11-24 02:39:05    4F34A4F06512102DECDF2F3986C39320    229376    ----a-w-    C:\Windows\System32\schtasks.exe
2014-11-24 02:39:05    46521E96E41A1BBD5B9DF8577F5054B9    1207296    ----a-w-    C:\Windows\System32\aitstatic.exe
2014-11-24 02:39:04    E22DDB0809EF8B94A93E2B3C2850EE25    141824    ----a-w-    C:\Windows\System32\CloudStorageWizard.exe
2014-11-24 02:39:04    53EBD90F1A3956E1E2C1A68FC45D9590    313344    ----a-w-    C:\Windows\System32\NAPSTAT.EXE
2014-11-24 02:39:04    5296801CCC59CE9ACCCD6B71C336FF6D    215552    ----a-w-    C:\Windows\System32\wbem\wbemtest.exe
2014-11-24 02:39:04    147DE9B95F5AD54310138525E4A55E5E    333312    ----a-w-    C:\Windows\System32\dxdiag.exe
2014-11-24 02:39:04    0AE0600292768660DEED436FCBFE1BB1    288768    ----a-w-    C:\Windows\SysWOW64\dxdiag.exe
2014-11-24 02:39:03    A8E6F31A32E32664C50BC733892C9974    241664    ----a-w-    C:\Windows\System32\spool\tools\PrintBrmEngine.exe
2014-11-24 02:39:03    8D40C30D3BA0030D55C1249C118D7F63    190048    ----a-w-    C:\Windows\SysWOW64\SndVol.exe
2014-11-24 02:39:03    5D519360495998E38FF56F2E98EB5057    281088    ----a-w-    C:\Windows\System32\mcbuilder.exe
2014-11-24 02:39:02    83331E85C06F66D70037D684A452AE97    103744    ----a-w-    C:\Windows\System32\embeddedapplauncher.exe
2014-11-24 02:39:02    4B8899882458D96FDD8677D49BD0C5B0    382976    ----a-w-    C:\Windows\System32\wsqmcons.exe
2014-11-24 02:39:02    4ABD52BC6FF33F33C8B930A8EB78D591    601600    ----a-w-    C:\Windows\System32\psr.exe
2014-11-24 02:39:01    F142A198022703328D38F31F3A9B7646    304128    ----a-w-    C:\Windows\System32\esentutl.exe
2014-11-24 02:39:01    D0FDA91CD1B8CDDDC593F7CD664F2D7A    182272    ----a-w-    C:\Windows\SysWOW64\schtasks.exe
2014-11-24 02:39:00    D9EE4ACBA0FD5AF721EC2CE5226B5E2E    146432    ----a-w-    C:\Windows\System32\vssadmin.exe
2014-11-24 02:39:00    CBB3E45CB806909DC95275D74E6C4949    126464    ----a-w-    C:\Windows\System32\tpmvscmgrsvr.exe
2014-11-24 02:39:00    B96F7A1236C3F21212DE2C40A3DDB005    201728    ----a-w-    C:\Windows\System32\wbem\WmiApSrv.exe
2014-11-24 02:39:00    AF0E3D13AFD461E9A0663790EF2566D4    125952    ----a-w-    C:\Windows\System32\rmttpmvscmgrsvr.exe
2014-11-24 02:39:00    957F485F6C2C65F59ACCBC859E628E94    295424    ----a-w-    C:\Windows\SysWOW64\eudcedit.exe
2014-11-24 02:39:00    875639948BFE79B858C455438ED8983A    133632    ----a-w-    C:\Windows\System32\immersivetpmvscmgrsvr.exe
2014-11-24 02:38:59    8BAB7A5D5C1477D0641195E623DB32B4    212992    ----a-w-    C:\Windows\SysWOW64\notepad.exe
2014-11-24 02:38:58    D2E909052BB8D134031EC8475D3A2A15    103424    ----a-w-    C:\Windows\System32\BitLockerDeviceEncryption.exe
2014-11-24 02:38:58    B959C3C433E9CC08A2F02BF60AF32344    116224    ----a-w-    C:\Windows\SysWOW64\CloudStorageWizard.exe
2014-11-24 02:38:58    9AC75D112F499D1466ADFD96738BF978    197120    ----a-w-    C:\Windows\SysWOW64\bitsadmin.exe
2014-11-24 02:38:58    6DCD12586353DC6307AC781045CA13A4    465320    ----a-w-    C:\Windows\System32\WerFault.exe
2014-11-24 02:38:57    D536CCCE2A7992688DB76941506EA970    148992    ----a-w-    C:\Windows\SysWOW64\wscript.exe
2014-11-24 02:38:57    959A31D0CD013CEA0C66DB7C03BCBDDF    221184    ----a-w-    C:\Windows\System32\notepad.exe
2014-11-24 02:38:57    959A31D0CD013CEA0C66DB7C03BCBDDF    221184    ----a-w-    C:\Windows\notepad.exe
2014-11-24 02:38:57    48430DD3D6BA660E3A4CE684E6CE2D42    153088    ----a-w-    C:\Windows\System32\tpmvscmgr.exe
2014-11-24 02:38:57    3DADD7D033C7977D2A64578FB4E110D4    375296    ----a-w-    C:\Windows\SysWOW64\IME\SHARED\IMCCPHR.exe
2014-11-24 02:38:57    3853171F1D9BC8BD3F3E679B0125740D    131584    ----a-w-    C:\Windows\SysWOW64\cscript.exe
2014-11-24 02:38:56    D7C5BB242E49819E0870EACA178C49C1    111024    ----a-w-    C:\Windows\System32\RestoreOptIn.exe
2014-11-24 02:38:56    A2D81602CF500B0EB4D005019415811B    143360    ----a-w-    C:\Windows\System32\mtstocom.exe
2014-11-24 02:38:56    5C6C8392274C60D7C3A8B0DDD97AB7D9    171520    ----a-w-    C:\Windows\System32\wbem\WMIADAP.exe
2014-11-24 02:38:56    44F3A3BD24F4ECDA3AA3A6BB1A28983A    396288    ----a-w-    C:\Windows\System32\IME\SHARED\IMCCPHR.exe
2014-11-24 02:38:56    2F3FED31AC2846D8AD5DBC396A7E3DF1    134144    ----a-w-    C:\Windows\SysWOW64\regedit.exe
2014-11-24 02:38:55    D179C920F5A992A904460BD41BEB136E    124416    ----a-w-    C:\Windows\SysWOW64\mtstocom.exe
2014-11-24 02:38:55    B3A74F22EDA79AE7E21F2967DEDF19B1    1841664    ----a-w-    C:\Program Files\Windows Media Player\setup_wm.exe
2014-11-24 02:38:55    A06A915D9E17550B5D24924403BEA708    286720    ----a-w-    C:\Windows\System32\wbadmin.exe
2014-11-24 02:38:55    81FC187B779D59E4FD2F646BB03EBF03    113152    ----a-w-    C:\Windows\System32\dwm.exe
2014-11-24 02:38:55    7016ACD1D0C1CC6ACF45CBC6C90D0575    89344    ----a-w-    C:\Windows\System32\taskhost.exe
2014-11-24 02:38:55    48B1D17D254D6C1236A957781A7D4DF4    267776    ----a-w-    C:\Windows\SysWOW64\IME\SHARED\IMEPADSV.EXE
2014-11-24 02:38:54    F6B2F2FBF1622DCF952F098731051980    94464    ----a-w-    C:\Windows\SysWOW64\RestoreOptIn.exe
2014-11-24 02:38:54    EA625EDB861F6FCDD68CC3D384C663E6    214528    ----a-w-    C:\Windows\System32\PresentationSettings.exe
2014-11-24 02:38:54    D5A4023796B0B34EA8ABD16C39BE1B10    8704    ----a-w-    C:\Windows\SysWOW64\dllhst3g.exe
2014-11-24 02:38:54    CC05C14EEFF5E7813A49718BA88E59B0    17216    ----a-w-    C:\Windows\SysWOW64\dllhost.exe
2014-11-24 02:38:54    BEAFD6DD127E7798928FA8C4835EED3E    172032    ----a-w-    C:\Windows\System32\wscript.exe
2014-11-24 02:38:54    9BB5C0D8EC1BB63A80E107C7CC5B8DA5    299008    ----a-w-    C:\Windows\System32\IME\SHARED\IMEPADSV.EXE
2014-11-24 02:38:54    92D184C0851753F67DC5BE6126FA9CFD    130560    ----a-w-    C:\Windows\SysWOW64\wbem\WMIADAP.exe
2014-11-24 02:38:54    1C82BF4E9BA611D2D00033CD69932B5B    21696    ----a-w-    C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
2014-11-24 02:38:53    89B3BE8159AD528AAA38B2B86F569A12    143360    ----a-w-    C:\Windows\System32\SoundRecorder.exe
2014-11-24 02:38:53    27E1A2AF3C22B021C3FB8FE1FF29E424    273408    ----a-w-    C:\Windows\SysWOW64\NAPSTAT.EXE
2014-11-24 02:38:51    D46284C3ACA129625819EA8FC1A33503    87040    ----a-w-    C:\Windows\System32\TSWbPrxy.exe
2014-11-24 02:38:51    8CE85B161698E2C2984DF59BB7A40F5D    139776    ----a-w-    C:\Windows\SysWOW64\net1.exe
2014-11-24 02:38:51    8930570F7F76840334962EFC6C173438    309760    ----a-w-    C:\Windows\System32\wusa.exe
2014-11-24 02:38:51    17E650E888D57AB51E9C3494E49A2045    158720    ----a-w-    C:\Windows\System32\cscript.exe
2014-11-24 02:38:50    2A4142185F8D37BDA876068B92A6224F    119808    ----a-w-    C:\Windows\SysWOW64\rekeywiz.exe
2014-11-24 02:38:49    FDFC0C0C4F3F1EE2B700624B07D0928C    192512    ----a-w-    C:\Windows\SysWOW64\unregmp2.exe
2014-11-24 02:38:49    4528D6BF9236A5328042F45BD6CA5199    84992    ----a-w-    C:\Program Files\Windows Media Player\wmprph.exe
2014-11-24 02:38:49    419B4E97EDD043FECE4F71BB7E387C91    411648    ----a-w-    C:\Windows\System32\tracerpt.exe
2014-11-24 02:38:49    3A84DDB49BF46DD19436ACEFEC71929B    191032    ----a-w-    C:\Windows\System32\systemreset.exe
2014-11-24 02:38:49    1912CC8202105F952A995BE1227CC72F    200192    ----a-w-    C:\Windows\System32\SearchFilterHost.exe
2014-11-24 02:38:48    A494889A6E8447D20AC5E7FC67AEB91D    203776    ----a-w-    C:\Windows\System32\IME\SHARED\imecfmui.exe
2014-11-24 02:38:48    852B1F115173D58B16ED718E71FB881D    129536    ----a-w-    C:\Windows\SysWOW64\verifier.exe
2014-11-24 02:38:48    6A7644DD7F83120D7230C67D74C180EB    176640    ----a-w-    C:\Windows\System32\fvenotify.exe
2014-11-24 02:38:48    536B6A942BECD2F3A17A0A9CAF548360    898048    ----a-w-    C:\Windows\System32\sdclt.exe
2014-11-24 02:38:48    0BDA7EC0A57799EF56854017F57E9F9B    104448    ----a-w-    C:\Windows\System32\taskkill.exe
2014-11-24 02:38:47    8D33CF59330AF85672F29C100F3A8EBF    149504    ----a-w-    C:\Windows\System32\IME\SHARED\IMESEARCH.EXE
2014-11-24 02:38:47    24545F27520CB02431DE83B6AC6B0FC9    644608    ----a-w-    C:\Windows\SysWOW64\dccw.exe
2014-11-24 02:38:47    0FEFA833033864FAF529D4D32743207D    136192    ----a-w-    C:\Windows\System32\oobe\msoobe.exe
2014-11-24 02:38:45    F8AB92DBBEC3250393BE036F4F01E61F    93696    ----a-w-    C:\Windows\System32\cmstp.exe
2014-11-24 02:38:45    8B91AB73D2A10F6128FA3E18F728DB65    342528    ----a-w-    C:\Windows\System32\eudcedit.exe
2014-11-24 02:38:45    0BAAB365EEF90959E7FE5D89C741903B    260928    --s-a-r-    C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
2014-11-24 02:38:44    E2890A4C9F3B35DC35D45AB663B5927A    124416    ----a-w-    C:\Windows\System32\raserver.exe
2014-11-24 02:38:44    B212B2FE6910AF8B2068F2FF2242204F    197632    ----a-w-    C:\Windows\System32\PkgMgr.exe
2014-11-24 02:38:44    AAF89CB3B1FBCD88F19059952F70C3A5    123904    ----a-w-    C:\Windows\System32\rekeywiz.exe
2014-11-24 02:38:44    A570A64292214C43E0BA50E6A72A6380    145920    ----a-w-    C:\Windows\System32\wininit.exe
2014-11-24 02:38:44    7E10190F9497903EC69714D721809F8F    84184    ----a-w-    C:\Windows\System32\taskhostex.exe
2014-11-24 02:38:44    14A45BE6F5678339F0EC5752D9849410    96768    ----a-w-    C:\Windows\System32\alg.exe
2014-11-24 02:38:43    F7E627DDF4C3B09BDB8954E02B4A375C    205312    ----a-w-    C:\Windows\System32\manage-bde.exe
2014-11-24 02:38:43    D1A5A16C5C361DFC062E7ADFD3D0C49F    163840    ----a-w-    C:\Windows\System32\fveprompt.exe
2014-11-24 02:38:43    A9FE3A5D771B9EAB7C971915997BBE5A    106496    ----a-w-    C:\Windows\SysWOW64\Robocopy.exe
2014-11-24 02:38:43    45494488A0D869069D5BBA5F587AAFAE    69632    ----a-w-    C:\Program Files (x86)\Windows Media Player\wmprph.exe
2014-11-24 02:38:43    371F38821E1F96E613A6831FA1BFE089    102912    ----a-w-    C:\Windows\SysWOW64\raserver.exe
2014-11-24 02:38:43    32983919437EEC5EE9BA31B7F7766C72    78848    ----a-w-    C:\Windows\SysWOW64\taskkill.exe
2014-11-24 02:38:42    E477138F4631314608317A73A0844C17    78336    ----a-w-    C:\Windows\SysWOW64\systeminfo.exe
2014-11-24 02:38:42    2C56E3290BED2E82AE666EEA01843073    98664    ----a-w-    C:\Windows\System32\OpenWith.exe
2014-11-24 02:38:42    237DD6F74120F2C67B511815B6FCC73F    109056    ----a-w-    C:\Windows\SysWOW64\setupugc.exe
2014-11-24 02:38:41    9CB8ACC3ACF20C07D99DC41D5E44BAFA    111616    ----a-w-    C:\Windows\SysWOW64\vssadmin.exe
2014-11-24 02:38:41    9115A4002D040BF7F16AC1E29F353FB9    186880    ----a-w-    C:\Windows\System32\msconfig.exe
2014-11-24 02:38:41    4EAD4E81DB8B24F6D29B3C71FE48DBB9    102912    ----a-w-    C:\Windows\System32\systeminfo.exe
2014-11-24 02:38:41    44A94FB4C76528D2382FFE04B05827C3    106496    ----a-w-    C:\Windows\servicing\TrustedInstaller.exe
2014-11-24 02:38:41    29A8637FDC6945B47BEC8CF54FC78771    106496    ----a-w-    C:\Windows\System32\wecutil.exe
2014-11-24 02:38:41    1629E70C423461DC7480A495FED8BC24    168960    ----a-w-    C:\Windows\SysWOW64\SearchFilterHost.exe
2014-11-24 02:38:41    0CB14A5281EE411B6D13B205C146EB85    561664    ----a-w-    C:\Windows\SysWOW64\dfrgui.exe
2014-11-24 02:38:40    EE69991DCEA4CA4189F42DEEE5D7666A    270336    ----a-w-    C:\Windows\System32\sethc.exe
2014-11-24 02:38:40    C7AC98601D543EFF883E3D3E48797BF2    313344    ----a-w-    C:\Windows\SysWOW64\cttune.exe
2014-11-24 02:38:40    4F9FB9DA5F92CC00372C171BF0EDB29C    272528    ----a-w-    C:\Windows\System32\oobe\Setup.exe
2014-11-24 02:38:40    273D5E4FCF4CEFA06D81004CDE0948C9    85504    ----a-w-    C:\Windows\System32\Utilman.exe
2014-11-24 02:38:39    F9753A07979B1DAE7E50E3838FE2CA57    166400    ----a-w-    C:\Windows\System32\verifier.exe
2014-11-24 02:38:39    C68A9321B783BE9641C6A51C68C01004    80896    ----a-w-    C:\Windows\SysWOW64\tasklist.exe
2014-11-24 02:38:39    C473C1338A7A36F142BDF361118B20E8    72704    ----a-w-    C:\Program Files (x86)\Windows Media Player\wmlaunch.exe
2014-11-24 02:38:39    BE8E8B7C9E7E7961FC86B21DEAA71A61    44544    ----a-w-    C:\Windows\SysWOW64\xcopy.exe
2014-11-24 02:38:39    350324E13019DD097D52FE8EAD596B18    48640    ----a-w-    C:\Windows\System32\xcopy.exe
2014-11-24 02:38:39    1DFE1ED0A9EF0FA4FFE8D08DFB00F121    91936    ----a-w-    C:\Windows\SysWOW64\OpenWith.exe
2014-11-24 02:38:38    CB908509B2FD8557B71F3A16840DF6AA    327168    ----a-w-    C:\Windows\System32\cttune.exe
2014-11-24 02:38:38    A7C1632CE4B824C271A514F7D8C5042A    84480    ----a-w-    C:\Windows\SysWOW64\cmstp.exe
2014-11-24 02:38:38    72EB8B48F0B0DAE0D2297D43C6FDA4AD    121856    ----a-w-    C:\Windows\System32\setupugc.exe
2014-11-24 02:38:38    6C61301436B82EED62BE8E31A90BA956    660480    ----a-w-    C:\Windows\System32\dccw.exe
2014-11-24 02:38:38    6C56049244A18816695CA8719A6A1BB2    89600    ----a-w-    C:\Windows\SysWOW64\TpmInit.exe
2014-11-24 02:38:38    4238CBE22DA0FFB3026A2279174F6CFB    126976    ----a-w-    C:\Windows\SysWOW64\IME\SHARED\IMESEARCH.EXE
2014-11-24 02:38:38    3779404878B061A0A53E794DFEE73AB4    76432    ----a-w-    C:\Windows\System32\sessionmsg.exe
2014-11-24 02:38:37    F4005D35661CE88BDB2E800B620C069D    180224    ----a-w-    C:\Windows\SysWOW64\IME\SHARED\imecfmui.exe
2014-11-24 02:38:37    E6215EE9BD1542B1DA1E229761CEF879    64512    ----a-w-    C:\Windows\SysWOW64\getmac.exe
2014-11-24 02:38:37    C4425F0D97931F1E194CC5F7A1ACEC7F    155136    ----a-w-    C:\Windows\SysWOW64\charmap.exe
2014-11-24 02:38:37    8BEC5B139C1DC65802CF6843F1CC7A84    84480    ----a-w-    C:\Windows\System32\getmac.exe
2014-11-24 02:38:37    7B34C25C04328E4528903598B107A22C    77312    ----a-w-    C:\Windows\System32\MsSpellCheckingHost.exe
2014-11-24 02:38:36    BF4474899C09F4306F9336021921FDED    439808    ----a-w-    C:\Windows\System32\IME\IMETC\IMTCPROP.exe
2014-11-24 02:38:36    BBCE9EF51F6B7FCDE02AB8BD17EFB68D    68096    ----a-w-    C:\Windows\SysWOW64\driverquery.exe
2014-11-24 02:38:36    A3F48D90EE53FDF2547B41F87A7C8080    169472    ----a-w-    C:\Windows\System32\net1.exe
2014-11-24 02:38:36    2FBF5195706741B439B345A640A04D8D    421376    ----a-w-    C:\Windows\SysWOW64\IME\IMETC\IMTCPROP.exe
2014-11-24 02:38:35    C3D20AC571E20AFC880DFE85DD3E8C7A    46592    ----a-w-    C:\Windows\SysWOW64\net.exe
2014-11-24 02:38:35    B67DB709F5FDAA89CA6C2CB6C1E39B3B    154624    ----a-w-    C:\Windows\regedit.exe
2014-11-24 02:38:35    95779B00ED14966731C7764C38D27398    69120    ----a-w-    C:\Windows\SysWOW64\makecab.exe
2014-11-24 02:38:35    7C9063042129EBF83FEA45C338777C61    101376    ----a-w-    C:\Windows\System32\tasklist.exe
2014-11-24 02:38:35    6A6F3AABC9F80BEA07BC927C0A37566F    113664    ----a-w-    C:\Windows\SysWOW64\fsutil.exe
2014-11-24 02:38:35    455C8F5562AD5CD7254B041951A27A94    97792    ----a-w-    C:\Windows\SysWOW64\drvinst.exe
2014-11-24 02:38:35    367A84EFE7C79181F02AE1AE393F2C17    273920    ----a-w-    C:\Windows\System32\rstrui.exe
2014-11-24 02:38:34    7769BBA82979D22AC1FD7786A13D6278    112128    ----a-w-    C:\Windows\System32\MbaeParserTask.exe
2014-11-24 02:38:34    63C9C88D3031CE8800012C600199C780    80384    ----a-w-    C:\Windows\SysWOW64\wecutil.exe
2014-11-24 02:38:34    5DAB3A3EC2A253CEB5FF4135ED5F571C    84480    ----a-w-    C:\Windows\System32\makecab.exe
2014-11-24 02:38:34    39A272E888EBD1F46D4D270679AB94F5    70144    ----a-w-    C:\Windows\SysWOW64\powercfg.exe
2014-11-24 02:38:33    F318244F614C2BECA454040FEDA82F9C    83456    ----a-w-    C:\Windows\System32\driverquery.exe
2014-11-24 02:38:33    F0D6FA1110EFFFD3A773757A2DB0C950    104448    ----a-w-    C:\Windows\System32\TpmInit.exe
2014-11-24 02:38:33    C6F9F48E411F40C3AFF1A7A29146972F    61440    ----a-w-    C:\Windows\SysWOW64\MsSpellCheckingHost.exe
2014-11-24 02:38:33    C031E215B8B08C752BF362F6D4C5D3AD    478720    ----a-w-    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
2014-11-24 02:38:33    B04260F1057D2C30D6475F553A3F85E3    578048    ----a-w-    C:\Windows\System32\dfrgui.exe
2014-11-24 02:38:33    685089737C87B468DFA87A1BA5240DEE    157184    ----a-w-    C:\Windows\System32\aitagent.exe
2014-11-24 02:38:33    378AB44C0CFEC574F0AC5DE6DF3A587C    48128    ----a-w-    C:\Windows\SysWOW64\ftp.exe
2014-11-24 02:38:33    055CCE830A54C2C1B598E2066F65C9AB    59904    ----a-w-    C:\Windows\SysWOW64\msiexec.exe
2014-11-24 02:38:32    F3EF56F76D69361022B47EF1E6201644    305664    ----a-w-    C:\Windows\SysWOW64\wusa.exe
2014-11-24 02:38:32    CA351630EA88F256B7058B7D118DD831    78336    ----a-w-    C:\Windows\SysWOW64\bootcfg.exe
2014-11-24 02:38:32    6D1BFCF8A39600F2EEDCCC54C3859B2A    70144    ----a-w-    C:\Windows\SysWOW64\Utilman.exe
2014-11-24 02:38:32    5B0B8913F4E835B3E435010700501082    70656    ----a-w-    C:\Windows\SysWOW64\w32tm.exe
2014-11-24 02:38:32    4D9DA155B7B449964E14FC32124CC601    128512    ----a-w-    C:\Windows\splwow64.exe
2014-11-24 02:38:32    2EB30D546F49F04DFDC48B1F3EC87DD6    97280    ----a-w-    C:\Windows\System32\isoburn.exe
2014-11-24 02:38:31    F4F9FC355B6C729EEB4D69186E0BA93E    64512    ----a-w-    C:\Windows\System32\msiexec.exe
2014-11-24 02:38:31    E5DF3FC37BBA664AF7F7015A52B3D813    808448    ----a-w-    C:\Program Files\Common Files\microsoft shared\ink\FlickLearningWizard.exe
2014-11-24 02:38:31    98708D958FB98D7E29BD4879F1AE59BB    138240    ----a-w-    C:\Windows\SysWOW64\DWWIN.EXE
2014-11-24 02:38:31    778450DD29C0AB1C0523F5D2C4EE53CA    77312    ----a-w-    C:\Windows\SysWOW64\nslookup.exe
2014-11-24 02:38:31    7467EC1D75804DF9357A0660919E9831    55808    ----a-w-    C:\Windows\System32\net.exe
2014-11-24 02:38:31    2EFA21F174B423D4793720E20DA0262C    124928    ----a-w-    C:\Windows\System32\Robocopy.exe
2014-11-24 02:38:31    2178BC087872BE7CCAFC9CA5B360BC44    41832    ----a-w-    C:\Windows\System32\LockScreenContentServer.exe
2014-11-24 02:38:31    0192A141A2F8BF6B8721C337488CE2D2    88576    ----a-w-    C:\Windows\System32\dispdiag.exe
2014-11-24 02:38:30    D121187B21F3C4835BD9C931E8017F92    34016    ----a-w-    C:\Windows\SysWOW64\CredentialUIBroker.exe
2014-11-24 02:38:30    C554258F7B2D2E80ABB96744D76E31FA    82944    ----a-w-    C:\Windows\SysWOW64\netsh.exe
2014-11-24 02:38:30    BFFD361F6129F4273F9B16F3D4D5D119    53760    ----a-w-    C:\Windows\System32\ftp.exe
2014-11-24 02:38:30    B6FB0E42189A76F093DFEA763EB6B63B    28352    ----a-w-    C:\Windows\SysWOW64\CameraSettingsUIHost.exe
2014-11-24 02:38:30    B615484BB96BDE7A14E2105E2C9DDC38    30944    ----a-w-    C:\Windows\SysWOW64\UserAccountBroker.exe
2014-11-24 02:38:30    B03766C8585727AEDB6D8942CD1156AD    25824    ----a-w-    C:\Windows\WinStore\WSHost.exe
2014-11-24 02:38:30    7C36A441C73F079781ABA8F3DAEDFB37    136296    ----a-w-    C:\Windows\SysWOW64\wermgr.exe
2014-11-24 02:38:30    6FFE4867F610041AE5F8DB33F00B92E9    45464    ----a-w-    C:\Windows\System32\CloudNotifications.exe
2014-11-24 02:38:30    66CFAA5940A06DAF10F5203BC2B1A5AB    94720    ----a-w-    C:\Windows\System32\dasHost.exe
2014-11-24 02:38:30    2C0D23D6649257689FAF0C56D151CAC9    26304    ----a-w-    C:\Windows\SysWOW64\PickerHost.exe
2014-11-24 02:38:30    0FE08362765BCE7767F6DD50EEC111C7    90624    ----a-w-    C:\Windows\SysWOW64\isoburn.exe
2014-11-24 02:38:30    0E0407CCEB45B0E0D6BC8B738C2EBD8D    47104    ----a-w-    C:\Windows\System32\SyncHost.exe
2014-11-24 02:38:29    D0ABC231C0B3E88C6B612B28ABBF734D    33088    ----a-w-    C:\Windows\SysWOW64\svchost.exe
2014-11-24 02:38:29    8C9AF0916544CA8189D2B7F38E72C963    38736    ----a-w-    C:\Windows\System32\CredentialUIBroker.exe
2014-11-24 02:38:29    79D99A2342910F4990B2601A5D52BE7E    40816    ----a-w-    C:\Windows\SysWOW64\CloudNotifications.exe
2014-11-24 02:38:29    79C2E16500375B22AF2C27D4AB06C5D4    188928    ----a-w-    C:\Windows\System32\irftp.exe
2014-11-24 02:38:29    6BDDC423CCDDB15AB14A0A54C148091F    393728    ----a-w-    C:\Windows\SysWOW64\shrpubw.exe
2014-11-24 02:38:29    543A5E3C156C388BDC324670A0DC5140    86016    ----a-w-    C:\Windows\SysWOW64\wiaacmgr.exe
2014-11-24 02:38:29    40272BFE4802E962F885D4B13B19CC7D    40960    ----a-w-    C:\Windows\SysWOW64\SyncHost.exe
2014-11-24 02:38:29    302886D701913C3D0D6E6B1C628990CE    102400    ----a-w-    C:\Windows\System32\IME\SHARED\IMEDICTUPDATEUI.EXE
2014-11-24 02:38:29    0DE5F6FA18138C8434546C41CD92B28B    96768    ----a-w-    C:\Windows\System32\wiaacmgr.exe
2014-11-24 02:38:28    E3A2AD05E24105B35E986CF9CB38EC47    38792    ----a-w-    C:\Windows\System32\svchost.exe
2014-11-24 02:38:28    D1D7C8EA7A0E3DAC58C69CD5BD431644    53760    ----a-w-    C:\Windows\System32\AtBroker.exe
2014-11-24 02:38:28    B9596044CC56729A998E26618703AA49    69632    ----a-w-    C:\Windows\SysWOW64\IME\IMETC\IMTCLNWZ.EXE
2014-11-24 02:38:28    8C802B994174449D3B3D78A0F230066A    44544    ----a-w-    C:\Windows\System32\rrinstaller.exe
2014-11-24 02:38:28    89EE2CBD98FC7F567A3602AC9B6520DB    36864    ----a-w-    C:\Windows\SysWOW64\rrinstaller.exe
2014-11-24 02:38:28    759AEE379369F2DED6B8D4C67924949F    175256    ----a-w-    C:\Windows\System32\migwiz\MigSetup.exe
2014-11-24 02:38:28    71F454FDDC36732FA5E0AC6B518DF41F    51712    ----a-w-    C:\Windows\SysWOW64\takeown.exe
2014-11-24 02:38:28    421B1E635E43A97F98FE7E1A8B612CAA    48128    ----a-w-    C:\Windows\SysWOW64\cmdl32.exe
2014-11-24 02:38:28    3ACF7798E2F32C30D299FCBD7FCC1005    58880    ----a-w-    C:\Windows\System32\RDSPnf.exe
2014-11-24 02:38:28    231CE1E1D7D98B44371FFFF407D68B59    131648    ----a-w-    C:\Windows\System32\easinvoker.exe
2014-11-24 02:38:28    1F118E2EFF2EBDF244F97E8CCE5910E2    49152    ----a-w-    C:\Windows\System32\wbem\scrcons.exe
2014-11-24 02:38:28    0E4E3F33C13F7123C6847D92216A2B44    61440    ----a-w-    C:\Windows\SysWOW64\openfiles.exe
2014-11-24 02:38:27    F8BBB43CCDB47E012CE7B6B2EC59C0A6    103056    ----a-w-    C:\Program Files (x86)\Windows Photo Viewer\ImagingDevices.exe
2014-11-24 02:38:27    ED71D0AEF596E4722BE7DA4F5AA6ECB7    173568    ----a-w-    C:\Windows\System32\oobe\windeploy.exe
2014-11-24 02:38:27    E85463D19104CACD79A25CACB0B57C1D    41472    ----a-w-    C:\Windows\System32\lpkinstall.exe
2014-11-24 02:38:27    C2350763FCDC8AD7A678164EE0814C4F    49664    ----a-w-    C:\Windows\System32\wbem\unsecapp.exe
2014-11-24 02:38:27    ADDA72DA35960A0A6D273D7FB0C6C782    79360    ----a-w-    C:\Windows\SysWOW64\wlanext.exe
2014-11-24 02:38:27    9185E08355F08704C94361CAA325099A    104592    ----a-w-    C:\Program Files\Windows Photo Viewer\ImagingDevices.exe
2014-11-24 02:38:27    660927A8213F3A9AB378BDFB195E7277    162304    ----a-w-    C:\Windows\SysWOW64\perfmon.exe
2014-11-24 02:38:27    6343A4BB2F54CC5950DAE2280E199486    46592    ----a-w-    C:\Windows\SysWOW64\setx.exe
2014-11-24 02:38:27    36F9A68EFA72F11A0F833541F650F4DD    120320    ----a-w-    C:\Windows\SysWOW64\EhStorAuthn.exe
2014-11-24 02:38:26    F0DD9B02088C36EF4DD15BB5371EC86D    40960    ----a-w-    C:\Windows\System32\RdpSa.exe
2014-11-24 02:38:26    EF8FA4F195C6239273C100AB370FCFDC    460288    ----a-w-    C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
2014-11-24 02:38:26    E9E0977AA1067CACA5969AFD1D225E55    112640    ----a-w-    C:\Windows\System32\drvinst.exe
2014-11-24 02:38:26    E8EE938ACFA3E8704EF17E5BD41FC634    29888    ----a-w-    C:\Windows\SysWOW64\PasswordOnWakeSettingFlyout.exe
2014-11-24 02:38:26    E65EA82BD4DE61FBC516D9D486E7E0F5    101888    ----a-w-    C:\Windows\System32\IME\IMEJP\IMJPSET.EXE
2014-11-24 02:38:26    DF779C342FD402434475404C17F9ACD5    34304    ----a-w-    C:\Windows\System32\ThumbnailExtractionHost.exe
2014-11-24 02:38:26    BD4A0F28B1ADE3F9465656992C5B9D08    31968    ----a-w-    C:\Windows\System32\PasswordOnWakeSettingFlyout.exe
2014-11-24 02:38:26    645C77CC048202B5FF4C95CE5314028C    54272    ----a-w-    C:\Windows\System32\BdeUISrv.exe
2014-11-24 02:38:26    5D5F4DCC07227B0BE7668A9AE01F83A2    49664    ----a-w-    C:\Windows\System32\sdchange.exe
2014-11-24 02:38:26    4E4062218CD5C40069E2130E3167C0D6    80896    ----a-w-    C:\Windows\System32\w32tm.exe
2014-11-24 02:38:26    382100E75B6F4668AEAEF228C6CEFFAD    47024    ----a-w-    C:\Windows\System32\lsass.exe
2014-11-24 02:38:26    1F0D53F187AD7292AD2C71553E642AD8    90624    ----a-w-    C:\Program Files\Windows Media Player\wmlaunch.exe
2014-11-24 02:38:25    E574D1702A90525E1FD1A4E4E34BB967    57856    ----a-w-    C:\Windows\SysWOW64\whoami.exe
2014-11-24 02:38:25    537BFBA3084BAE2892C0FCAA08A12C0B    184832    ----a-w-    C:\Windows\System32\Defrag.exe
2014-11-24 02:38:24    FB62A87E7EAF3567F59FF0562906DBD3    61952    ----a-w-    C:\Windows\SysWOW64\reg.exe
2014-11-24 02:38:24    F7748C331F0110582C80AD53350CA2AF    354304    ----a-w-    C:\Windows\System32\bdechangepin.exe
2014-11-24 02:38:24    E1B602515E52AE19E95AA2EF84C96329    140288    ----a-w-    C:\Windows\System32\fhmanagew.exe
2014-11-24 02:38:24    CFEEE55CC0ECE487DAC4E99FE26C44EA    28480    ----a-w-    C:\Windows\System32\SysResetErr.exe
2014-11-24 02:38:24    BC649E23D662F1220D2D768FDF1325A1    29408    ----a-w-    C:\Windows\System32\mfpmp.exe
2014-11-24 02:38:24    A8479EBBAB4050E7DC15CE61AB749367    40960    ----a-w-    C:\Windows\SysWOW64\sdchange.exe
2014-11-24 02:38:24    7BC189A4F335EE0C973C170339DB06F7    82432    ----a-w-    C:\Windows\System32\powercfg.exe
2014-11-24 02:38:24    6157399F64B82B0CB1F941F0EB897F44    116032    ----a-w-    C:\Windows\System32\consent.exe
2014-11-24 02:38:24    56ED778D9DA4B7AF1A6BBC33A241D282    52224    ----a-w-    C:\Windows\SysWOW64\auditpol.exe
2014-11-24 02:38:24    494570DEFF512528DA5E6BD361553B0B    35328    ----a-w-    C:\Windows\System32\pwlauncher.exe
2014-11-24 02:38:24    3AB72DEB6B51776FEE7045DF17268313    29696    ----a-w-    C:\Windows\SysWOW64\ThumbnailExtractionHost.exe
2014-11-24 02:38:24    0BCDEB035B9346D3C3C6C8BB1AA7F38C    139984    ----a-w-    C:\Windows\System32\wermgr.exe
2014-11-24 02:38:24    04446BA6D8ECEF7BCF4652A71E2F3F84    59392    ----a-w-    C:\Windows\System32\wlrmdr.exe
2014-11-24 02:38:23    F50A9AF926E284DEA04CCF62342EB28D    38912    ----a-w-    C:\Windows\SysWOW64\cmmon32.exe
2014-11-24 02:38:23    EAB85C3AAC14EEE80DC0B13B4CF69D0C    42496    ----a-w-    C:\Windows\System32\cttunesvr.exe
2014-11-24 02:38:23    D64CA46ADD6660B145487AA4AB7BE1A9    26816    ----a-w-    C:\Windows\SysWOW64\mfpmp.exe
2014-11-24 02:38:23    C192FDE4036DAC07BF61B911B68777F2    33576    ----a-w-    C:\Windows\System32\RuntimeBroker.exe
2014-11-24 02:38:23    C0E552B6EC9D9FCE25491D40EDA3C3BB    39424    ----a-w-    C:\Windows\SysWOW64\TSTheme.exe
2014-11-24 02:38:23    BED8AAA73312F7EE5D22B40BED3770E0    212480    ----a-w-    C:\Windows\SysWOW64\cleanmgr.exe
2014-11-24 02:38:23    5EBDA250D9AD873C3879282AC6F49FB7    258560    ----a-w-    C:\Windows\SysWOW64\sethc.exe
2014-11-24 02:38:23    5C464CD6F607D8E7FD267C27FAE153BB    32040    ----a-w-    C:\Windows\SysWOW64\WerFaultSecure.exe
2014-11-24 02:38:23    4C733DDAA7FFC14C29D9C514E86333F7    32768    ----a-w-    C:\Windows\System32\netcfg.exe
2014-11-24 02:38:23    371347940B083B296098293C4CFF03BE    92672    ----a-w-    C:\Windows\SysWOW64\IME\IMEJP\IMJPSET.EXE
2014-11-24 02:38:23    1CCABEDBF395006E447280770FFE1792    72704    ----a-w-    C:\Windows\System32\PrintBrmUi.exe
2014-11-24 02:38:23    1B10370359F8B6CC355E34225C8BA6D4    65024    ----a-w-    C:\Windows\System32\auditpol.exe
2014-11-24 02:38:23    1A1252D725D20C7A173873A67681F5D3    403968    ----a-w-    C:\Windows\System32\shrpubw.exe
2014-11-24 02:38:23    0CECE58298CB7EB6C4D6278CF5FDD298    37376    ----a-w-    C:\Windows\SysWOW64\cttunesvr.exe
2014-11-24 02:38:22    E10AE6488736BD2EF693911B55777A8B    74752    ----a-w-    C:\Windows\System32\oobe\audit.exe
2014-11-24 02:38:22    D26A4676E3E1016F10C8C93E589D9837    53760    ----a-w-    C:\Windows\System32\SystemResetPlatform\SystemResetOSUpdates.exe
2014-11-24 02:38:22    CF761658FD95EEFFC6F0D3BB0C6B4192    61952    ----a-w-    C:\Windows\System32\oobe\oobeldr.exe
2014-11-24 02:38:22    C9A51BDEC4B4E0B6EF51B64637677D14    45568    ----a-w-    C:\Windows\System32\TSTheme.exe
2014-11-24 02:38:22    C8F49607D9E8DE73B1A1330C502A94AB    71168    ----a-w-    C:\Program Files\Windows Media Player\wmpnscfg.exe
2014-11-24 02:38:22    A7424D3F969DF63145BB317D2167101E    34304    ----a-w-    C:\Windows\SysWOW64\sfc.exe
2014-11-24 02:38:22    8BFE805555CDAF6387912A34D7978DAA    51200    ----a-w-    C:\Windows\SysWOW64\rundll32.exe
2014-11-24 02:38:22    8A8A24256B145338E025DCD848CBC1EF    124928    ----a-w-    C:\Windows\System32\repair-bde.exe
2014-11-24 02:38:22    663A605F4B0532F1565ECA49238463F1    40960    ----a-w-    C:\Windows\SysWOW64\forfiles.exe
2014-11-24 02:38:22    30463A5EA5BB6D0F8F3EB43F496DF2F3    32768    ----a-w-    C:\Windows\SysWOW64\eventcreate.exe
2014-11-24 02:38:22    2E862F8AAA85563A8C8DFBF869F30DE9    129536    ----a-w-    C:\Windows\System32\EhStorAuthn.exe
2014-11-24 02:38:21    EE6C60CDA116F680F04A62794F59495E    23040    ----a-w-    C:\Windows\SysWOW64\comp.exe
2014-11-24 02:38:21    E14C6ADFC8FE002023459590BFF0009C    147456    ----a-w-    C:\Windows\SysWOW64\iscsicli.exe
2014-11-24 02:38:21    CB1511A4E14C072450E5A61BD74859E3    180224    ----a-w-    C:\Windows\System32\perfmon.exe
2014-11-24 02:38:21    C89E5078CD86C1A5409D129301AEEC69    77824    ----a-w-    C:\Windows\System32\IME\IMETC\IMTCLNWZ.EXE
2014-11-24 02:38:21    B8CE5BF7CD0DA8B61DD5AC291448D4DF    160768    ----a-w-    C:\Windows\System32\DWWIN.EXE
2014-11-24 02:38:21    B3595442D82ADCB77E05F40356AC0E70    38912    ----a-w-    C:\Windows\SysWOW64\cipher.exe
2014-11-24 02:38:21    9E5E5D92EBB4440FE32A7B0118985167    45056    ----a-w-    C:\Windows\SysWOW64\rasphone.exe
2014-11-24 02:38:21    915747E010A9414B069173284A9B93F4    144384    ----a-w-    C:\Windows\System32\msdtc.exe
2014-11-24 02:38:21    8F18809F4BFC308C6624DA7CF893B1A7    36352    ----a-w-    C:\Windows\SysWOW64\RdpSa.exe
2014-11-24 02:38:21    70A0532AF4FD7F08DE435A673761D1B9    22528    ----a-w-    C:\Windows\SysWOW64\fc.exe
2014-11-24 02:38:21    6990615C65E7465D37CC488F4F80334E    33792    ----a-w-    C:\Windows\SysWOW64\where.exe
2014-11-24 02:38:21    65815CA6999CD1B9439E96FD0F15D77F    26112    ----a-w-    C:\Windows\SysWOW64\timeout.exe
2014-11-24 02:38:21    58F2D81D89ACA61829DD1229EEEF456B    25088    ----a-w-    C:\Windows\System32\comp.exe
2014-11-24 02:38:21    3BD56F470A31D10BAF438EDD33DE862A    28160    ----a-w-    C:\Windows\SysWOW64\choice.exe
2014-11-24 02:38:21    1DD4C19B016FC95E7B2236DA1DE8845C    24064    ----a-w-    C:\Windows\SysWOW64\clip.exe
2014-11-24 02:38:21    0BE4FCCB6BE4FCCF4A449755B71D9277    46080    ----a-w-    C:\Windows\System32\ddodiag.exe
2014-11-24 02:38:20    F242D97F626E85028B49BB0ABE2D6ADD    41472    ----a-w-    C:\Windows\SysWOW64\typeperf.exe
2014-11-24 02:38:20    F13495CC16D58F8616BCE3222EBCF75A    49664    ----a-w-    C:\Windows\SysWOW64\expand.exe
2014-11-24 02:38:20    E60A78277038401E5866F6372966C8B2    35840    ----a-w-    C:\Windows\SysWOW64\rdrleakdiag.exe
2014-11-24 02:38:20    DEEF74F6208E8A4262861CFCE0F96436    36720    ----a-w-    C:\Windows\System32\WerFaultSecure.exe
2014-11-24 02:38:20    D3C5EA3BC3DEA379F768050860A54C96    28672    ----a-w-    C:\Windows\SysWOW64\ByteCodeGenerator.exe
2014-11-24 02:38:20    BC47097A8D4C5D6AD66F05CF438F5907    32256    ----a-w-    C:\Windows\SysWOW64\dialer.exe
2014-11-24 02:38:20    A28D8409C85320EF7AC2DBBA954F4AA5    33792    ----a-w-    C:\Windows\System32\ByteCodeGenerator.exe
2014-11-24 02:38:20    A0158E92E454D6457DA72789C9E43108    155136    ----a-w-    C:\Windows\System32\RelPost.exe
2014-11-24 02:38:20    948BE69F835E0D6C5978978935DDD5A3    30720    ----a-w-    C:\Windows\SysWOW64\gpscript.exe
2014-11-24 02:38:20    892BB23D295E74D53B2DB9F620D67348    217600    ----a-w-    C:\Windows\System32\cleanmgr.exe
2014-11-24 02:38:20    7C5B6800DA17EB12A3794FA094C695AF    24576    ----a-w-    C:\Windows\System32\fc.exe
2014-11-24 02:38:20    2F0FF942FC55D9719D5126C3BD5D6FC2    34816    ----a-w-    C:\Windows\SysWOW64\runonce.exe
2014-11-24 02:38:20    11BE0596CB51340D3B4B4F152EDCD6BE    32256    ----a-w-    C:\Windows\SysWOW64\waitfor.exe
2014-11-24 02:38:19    E680A34BE9C0222EC60910C02DDC43FE    39936    ----a-w-    C:\Windows\System32\sfc.exe
2014-11-24 02:38:19    A118E7EBCA9EE4BDA788647C0A093743    31232    ----a-w-    C:\Windows\System32\WPDShextAutoplay.exe
2014-11-24 02:38:19    8D2C2B54B86AF85923EEBFE5AEF68280    60928    ----a-w-    C:\Windows\SysWOW64\sc.exe
2014-11-24 02:38:19    6C308D32AFA41D26CE2A0EA8F7B79565    54784    ----a-w-    C:\Windows\System32\rundll32.exe
2014-11-24 02:38:19    65A87F52C76B0FFD52132AF8CFA7E42B    35328    ----a-w-    C:\Windows\System32\gpscript.exe
2014-11-24 02:38:19    49024F93E548AC017A3255965E08B53E    25600    ----a-w-    C:\Windows\SysWOW64\setup16.exe
2014-11-24 02:38:19    3C2D4F48D0401B68F3D52E112D43BB2B    41472    ----a-w-    C:\Windows\SysWOW64\winrs.exe
2014-11-24 02:38:19    049A6E9C689E058AC091C3DD08CB06DF    195072    ----a-w-    C:\Windows\SysWOW64\PkgMgr.exe
2014-11-24 02:38:18    EB61D7E3412CB8069CEED7A2BB6C63EE    100352    ----a-w-    C:\Windows\System32\wlanext.exe
2014-11-24 02:38:18    E46CDE2B20C7CA09D7D882DFDCD2C941    64512    ----a-w-    C:\Windows\System32\expand.exe
2014-11-24 02:38:18    D71E670D8ABA49FCD8570CDE2ED6CCF0    108864    ----a-w-    C:\Windows\System32\bootsect.exe
2014-11-24 02:38:18    CAB994BE92BFB1F0786685F8724F609A    392192    --sha-w-    C:\Program Files (x86)\Windows Mail\WinMail.exe
2014-11-24 02:38:18    C973B3C3149C0CBACD0B252C28403F81    31232    ----a-w-    C:\Windows\SysWOW64\shutdown.exe
2014-11-24 02:38:18    B561FB82845777D51363F102B61F522D    235008    ----a-w-    C:\Windows\System32\unregmp2.exe
2014-11-24 02:38:18    A4838CBDD848977479BBB9682B9C688B    36352    ----a-w-    C:\Windows\System32\sxstrace.exe
2014-11-24 02:38:18    A329A8498AD1138D93FC35EECF1933F7    32256    ----a-w-    C:\Windows\System32\dfp.exe
2014-11-24 02:38:18    917FC5B02553EEADC9C5B1DAD1A49228    29184    ----a-w-    C:\Windows\SysWOW64\findstr.exe
2014-11-24 02:38:18    7C67469A8B9A0748A063BF5616AE4582    18432    ----a-w-    C:\Windows\SysWOW64\convert.exe
2014-11-24 02:38:18    7344D720C61BD5028B5C521B6ACDA95D    136704    ----a-w-    C:\Windows\System32\fsutil.exe
2014-11-24 02:38:18    605D5636D32018E40D44311E2B93E825    22016    ----a-w-    C:\Windows\SysWOW64\chkdsk.exe
2014-11-24 02:38:18    5E1B10477EF43893470C8E4D76CB68F2    92672    ----a-w-    C:\Windows\System32\netsh.exe
2014-11-24 02:38:18    58C59B461537EFA3A0B8F2B9A74C1306    165376    ----a-w-    C:\Windows\System32\charmap.exe
2014-11-24 02:38:18    502865C0DFD9008033CE18B4FDF5A125    26624    ----a-w-    C:\Windows\SysWOW64\WPDShextAutoplay.exe
2014-11-24 02:38:18    3BC20F7729BF10DEF74D6650DD247AF2    58880    ----a-w-    C:\Windows\System32\drvcfg.exe
2014-11-24 02:38:16    D609D59A042C04A50EB41EC5D52F7471    69120    ----a-w-    C:\Windows\System32\whoami.exe
2014-11-24 02:38:16    D5499543F6E7AF08CED6806E71DF114F    29696    ----a-w-    C:\Windows\SysWOW64\icacls.exe
2014-11-24 02:38:16    B90FBBE506E1AAAF7B67C5DA6445E7E1    42496    ----a-w-    C:\Windows\SysWOW64\AtBroker.exe
2014-11-24 02:38:16    9578C9BD78F531885E3A1979B6F8A9FF    32768    ----a-w-    C:\Windows\SysWOW64\NETSTAT.EXE
2014-11-24 02:38:16    7B07BF22B8E20F59586BBDA3C3A6812A    58368    ----a-w-    C:\Windows\System32\SrTasks.exe
2014-11-24 02:38:16    6485C385CFF0FAFEC87551CF68DD8E98    25600    ----a-w-    C:\Windows\System32\vdsldr.exe
2014-11-24 02:38:16    53AD2AF1647B25B2C0CDFE71E082C04D    33792    ----a-w-    C:\Windows\System32\findstr.exe
2014-11-24 02:38:16    2BC3C46D9FF5DEACE62D581E905B60FC    165376    ----a-w-    C:\Windows\System32\bcdboot.exe
2014-11-24 02:38:16    0C3201F9DFFAA3A53D40DC7FED00D948    62464    ----a-w-    C:\Windows\SysWOW64\MuiUnattend.exe
2014-11-24 02:38:15    F1291C9C23C5661F4B371FF214260AE1    76800    ----a-w-    C:\Windows\System32\PrintIsolationHost.exe
2014-11-24 02:38:15    D10643FC0095434C819316CA6CD748C0    22528    ----a-w-    C:\Windows\SysWOW64\userinit.exe
2014-11-24 02:38:15    BB24B1B12791DF931ECD2CFF60CF4640    166912    ----a-w-    C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2014-11-24 02:38:15    A1B3D10AE7E90DB636E09048B3743B99    38400    ----a-w-    C:\Windows\SysWOW64\ddodiag.exe
2014-11-24 02:38:15    A075298AC8966078C2A1D2C9FE946E7C    37376    ----a-w-    C:\Windows\SysWOW64\SecEdit.exe
2014-11-24 02:38:15    924730E819DCDF5B4AE205C7EEC9539F    66560    ----a-w-    C:\Windows\System32\IME\IMEJP\IMJPUEX.EXE
2014-11-24 02:38:15    8B5CA542E14F9FEE131DF387077B0837    18432    ----a-w-    C:\Windows\SysWOW64\replace.exe
2014-11-24 02:38:15    8AE95C9655D24787AC951D84C0999DDF    43520    ----a-w-    C:\Windows\System32\runonce.exe
2014-11-24 02:38:15    7999AA6512A538A3BB1DAC08D398869E    18432    ----a-w-    C:\Windows\SysWOW64\attrib.exe
2014-11-24 02:38:15    6EF150944E2E99595C9D55D9345B716F    20992    ----a-w-    C:\Windows\System32\convert.exe
2014-11-24 02:38:15    6911A8DF98110D31E3923932A3D7EF0B    23552    ----a-w-    C:\Windows\System32\spool\tools\PrintBrm.exe
2014-11-24 02:38:15    596E05B1032B0AE8F94C9A580C67F30D    22528    ----a-w-    C:\Windows\SysWOW64\RdpSaProxy.exe
2014-11-24 02:38:15    5721AEC5C748D65D55C9BAE09D9577C1    38400    ----a-w-    C:\Windows\System32\NetEvtFwdr.exe
2014-11-24 02:38:15    3B108DB2C714875A1821C7E1203F7A32    171008    ----a-w-    C:\Program Files\Windows Media Player\wmplayer.exe
2014-11-24 02:38:15    307FD4E371BABCF236D128EAD7F46688    16384    ----a-w-    C:\Windows\SysWOW64\doskey.exe
2014-11-24 02:38:15    2694FD07F210CAA3179766B23E1F5E7C    31744    ----a-w-    C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-11-24 02:38:15    2256BC9746D7D020DD98F19CDF0CD43A    27136    ----a-w-    C:\Windows\SysWOW64\cacls.exe
2014-11-24 02:38:15    1DAD525A80DB3587350F042C317528C1    17408    ----a-w-    C:\Windows\System32\icsunattend.exe
2014-11-24 02:38:15    008EE0AF717ECC77A270279C7B15D2CB    30208    ----a-w-    C:\Windows\System32\WSManHTTPConfig.exe
2014-11-24 02:38:14    EF0DB115967BFB1996403434AA3C9D7E    90624    ----a-w-    C:\Windows\System32\CompMgmtLauncher.exe
2014-11-24 02:38:14    E351D4093244901313069B7BFF5A822B    20992    ----a-w-    C:\Windows\System32\bridgeunattend.exe
2014-11-24 02:38:14    DF801B9FC4247EBFBFE07E5EC417C5B0    30208    ----a-w-    C:\Windows\SysWOW64\proquota.exe
2014-11-24 02:38:14    DEBCA8079506F74FF7DDA17693520B45    18944    ----a-w-    C:\Windows\SysWOW64\compact.exe
2014-11-24 02:38:14    D72FF4940F8314B9307DC25E5C81AFC9    23552    ----a-w-    C:\Windows\SysWOW64\winrshost.exe
2014-11-24 02:38:14    C0708CC729C51E096140CEB98E8A5919    15360    ----a-w-    C:\Windows\SysWOW64\find.exe
2014-11-24 02:38:14    A99EB3FB4A038785DEB4CE6B903799DA    65024    ----a-w-    C:\Program Files (x86)\Windows Mail\wabmig.exe
2014-11-24 02:38:14    723755CB0045BA754BCBC983B1CC87BE    130560    ----a-w-    C:\Windows\System32\BdeHdCfg.exe
2014-11-24 02:38:14    6B9F448B1DFF4638CE0BFCA6EB8EAF30    25088    ----a-w-    C:\Windows\System32\chkdsk.exe
2014-11-24 02:38:14    211DF3DCB3A613F5F35CF15207CF6328    24064    ----a-w-    C:\Windows\SysWOW64\netiougc.exe
2014-11-24 02:38:14    1085ED38C71081B80E697F35726A6C0A    18944    ----a-w-    C:\Windows\SysWOW64\chkntfs.exe
2014-11-24 02:38:13    DCCE9B491ECA7B31A801D17021CE67F0    41984    ----a-w-    C:\Windows\System32\cmmon32.exe
2014-11-24 02:38:13    D32403089DC1C255FE15CF0C4719DF95    51712    ----a-w-    C:\Windows\System32\cmdl32.exe
2014-11-24 02:38:13    D0A1F92B3EE9A1BACB8A00B7039BB8BB    30208    ----a-w-    C:\Windows\System32\oobe\AuditShD.exe
2014-11-24 02:38:13    CDEDD3C9C264059626A3A4867CE6A0D6    31232    ----a-w-    C:\Windows\SysWOW64\ipconfig.exe
2014-11-24 02:38:13    C41525C8F3F1E27013222A8C537CBBE9    15360    ----a-w-    C:\Windows\SysWOW64\prevhost.exe
2014-11-24 02:38:13    B6BC8EB212990545DF8CE8CB1BD20B82    29696    ----a-w-    C:\Windows\SysWOW64\credwiz.exe
2014-11-24 02:38:13    99DF29AB6C7C29CEB531614BD677F56F    35328    ----a-w-    C:\Windows\SysWOW64\wsmprovhost.exe
2014-11-24 02:38:13    80A9F735A0A9CC4E79C5D83451543017    15360    ----a-w-    C:\Windows\SysWOW64\icsunattend.exe
2014-11-24 02:38:13    7E421CBAF3DB19860413EC55C5B03F61    56320    ----a-w-    C:\Windows\SysWOW64\xwizard.exe
2014-11-24 02:38:13    7B2913DB1F7C33D676C30CB3FBF4F25A    43520    ----a-w-    C:\Windows\SysWOW64\lodctr.exe
2014-11-24 02:38:13    70DDB6C5BEF79AB8A6E35D1F1488579D    25600    ----a-w-    C:\Windows\SysWOW64\RpcPing.exe
2014-11-24 02:38:13    6A5160CD919D717F439FD09BED9D8AAB    16896    ----a-w-    C:\Windows\System32\prevhost.exe
2014-11-24 02:38:13    66CF561128C67CC750E797DED53CA414    29184    ----a-w-    C:\Windows\SysWOW64\sxstrace.exe
2014-11-24 02:38:13    607DDC78852AE90B118040B3E4CC96D2    21504    ----a-w-    C:\Windows\SysWOW64\odbcconf.exe
2014-11-24 02:38:13    50752D2AEDF0E27FF7EFCA584755A203    40960    ----a-w-    C:\Windows\SysWOW64\regini.exe
2014-11-24 02:38:13    372F5FFF7E99B7AAA82D9B6005602943    32256    ----a-w-    C:\Windows\System32\BackgroundTransferHost.exe
2014-11-24 02:38:13    34215162FF8440E3342071D5A7FDCB3C    1192280    ----a-w-    C:\Windows\Boot\PCAT\memtest.exe
2014-11-24 02:38:13    310DDED43A7D5BEB18AD9C5FC22277AC    22016    ----a-w-    C:\Windows\SysWOW64\ReAgentc.exe
2014-11-24 02:38:13    2AFA70B713D8AF4279C9FDAE7AD08A9D    61952    ----a-w-    C:\Windows\System32\xwizard.exe
2014-11-24 02:38:13    0F76F00192C4300413049BFE79491D87    20992    ----a-w-    C:\Windows\System32\replace.exe
2014-11-24 02:38:13    05E6467411B53FA9A9BDA3ED902100D3    22528    ----a-w-    C:\Windows\SysWOW64\dvdupgrd.exe
2014-11-24 02:38:13    03757652A80F880890ECEDA57A926665    24576    ----a-w-    C:\Windows\SysWOW64\CheckNetIsolation.exe
2014-11-24 02:38:12    C986BC582DC9D178E357995AD9B7DBB0    25600    ----a-w-    C:\Windows\System32\RdpSaProxy.exe
2014-11-24 02:38:12    C51676B83E61E46AB7BDD3D93023511C    65024    ----a-w-    C:\Windows\System32\djoin.exe
2014-11-24 02:38:12    C39DC8940BF6CBF408250FFF74ABDA10    104960    ----a-w-    C:\Windows\System32\SpaceAgent.exe
2014-11-24 02:38:12    BA7C36F4B1C9F18EBA3BC775D314E9D8    20480    ----a-w-    C:\Windows\System32\chkntfs.exe
2014-11-24 02:38:12    AB6CF680CD42FA3002E7D1F30874C726    104448    ----a-w-    C:\Program Files (x86)\Windows Media Player\wmpshare.exe
2014-11-24 02:38:12    A7B228235B8DEB9E5CC2A8252CA15543    61952    ----a-w-    C:\Windows\SysWOW64\IME\IMEJP\IMJPUEX.EXE
2014-11-24 02:38:12    9A2112C578A445FE5E525361ED6FB0DB    29184    ----a-w-    C:\Windows\SysWOW64\extrac32.exe
2014-11-24 02:38:12    942FAF084F4417750E5B53613191B1CA    44032    ----a-w-    C:\Windows\System32\cipher.exe
2014-11-24 02:38:12    893AD0503E3954706E5638F6957A9C83    31744    ----a-w-    C:\Windows\System32\wsmprovhost.exe
2014-11-24 02:38:12    854A8501BA8683D4036BF8B6BB488916    21504    ----a-w-    C:\Windows\SysWOW64\netbtugc.exe
2014-11-24 02:38:12    6994D557AC4E5E5F358C3412C0E866F9    20480    ----a-w-    C:\Windows\System32\regsvr32.exe
2014-11-24 02:38:12    65AB4D02CC2F8D21B92EFA0F9923EA91    104960    ----a-w-    C:\Windows\SysWOW64\fontview.exe
2014-11-24 02:38:12    4531C5D20A1AC56C450D1B3F3098D110    21504    ----a-w-    C:\Windows\SysWOW64\sdbinst.exe
2014-11-24 02:38:12    369993D4B8C009393A2F9BCBB7BD2587    514560    ----a-w-    C:\Program Files (x86)\Windows Mail\wab.exe
2014-11-24 02:38:12    2E177D2B3846BC0828309A27FD225B28    136192    ----a-w-    C:\Windows\System32\WorkFolders.exe
2014-11-24 02:38:12    1AB0610FE23F904FBDDD36178A95423D    105472    ----a-w-    C:\Program Files\Windows Media Player\wmpshare.exe
2014-11-24 02:38:12    116D463D2F5DBF76F7E2F5C6D8B5D3BB    20480    ----a-w-    C:\Windows\System32\attrib.exe
2014-11-24 02:38:11    F960123933B14509504F77B2135585D1    25088    ----a-w-    C:\Windows\System32\ARP.EXE
2014-11-24 02:38:11    F71506D8E547847FB3633A64D331AC13    26624    ----a-w-    C:\Windows\System32\RdpSaUacHelper.exe
2014-11-24 02:38:11    C72F56AC33E9F1204528020CD0840A5A    29184    ----a-w-    C:\Windows\SysWOW64\syskey.exe
2014-11-24 02:38:11    C4FFB616FE5B81E61F70073732CBBB81    28160    ----a-w-    C:\Windows\System32\winrshost.exe
2014-11-24 02:38:11    BD954F1A95B1C1B0D68AC4AF5E427807    21504    ----a-w-    C:\Windows\SysWOW64\sdiagnhost.exe
2014-11-24 02:38:11    BBAF86173CC44141913278FE642D9D4C    44032    ----a-w-    C:\Windows\Speech\Common\sapisvr.exe
2014-11-24 02:38:11    AEA67119F129D7202ADCDBF84876825B    78336    ----a-w-    C:\Windows\System32\DFDWiz.exe
2014-11-24 02:38:11    AA94EA73C5BE0501E206EA2CAC601E02    29184    ----a-w-    C:\Windows\SysWOW64\BackgroundTransferHost.exe
2014-11-24 02:38:11    6FF99263B5C8C8E0311E881F5374A267    22016    ----a-w-    C:\Windows\SysWOW64\ARP.EXE
2014-11-24 02:38:11    61D010B5F1D2F8DA62727BEB35736859    44032    ----a-w-    C:\Windows\System32\rasphone.exe
2014-11-24 02:38:11    00AE7BF2B43EE8DF330D4D22B619E35A    24064    ----a-w-    C:\Windows\System32\wbem\mofcomp.exe
2014-11-24 02:38:10    FD6EEE9BDDD3B57C468D4C83984FD782    14848    ----a-w-    C:\Windows\SysWOW64\label.exe
2014-11-24 02:38:10    F7AE18CB50D367D54648B7D751FB98FB    18432    ----a-w-    C:\Windows\System32\doskey.exe
2014-11-24 02:38:10    F10FA7AF4936E660108A6C205B7EEAA5    22528    ----a-w-    C:\Windows\SysWOW64\RdpSaUacHelper.exe
2014-11-24 02:38:10    E457CB1C6A436873D5E1B5E3EDA71248    16384    ----a-w-    C:\Windows\SysWOW64\regsvr32.exe
2014-11-24 02:38:10    D5F797FC4D5434EB677A09C143962231    349184    ----a-w-    C:\Windows\System32\bcdedit.exe
2014-11-24 02:38:10    C6252D21A543F04AF3E7DAF358BE68A4    79360    ----a-w-    C:\Windows\SysWOW64\wbem\WinMgmt.exe
2014-11-24 02:38:10    B8540A2743C4A851AB5FEBB726A0A3AB    16896    ----a-w-    C:\Windows\System32\find.exe
2014-11-24 02:38:10    A57606D6112D59DFF3F43B7DDC1B2776    16384    ----a-w-    C:\Windows\SysWOW64\fixmapi.exe
2014-11-24 02:38:10    A11EC3DB282D9AA7E2961D2FF02C14C9    22528    ----a-w-    C:\Windows\SysWOW64\upnpcont.exe
2014-11-24 02:38:10    9418E17A38CB14E636C5E1DF1CDBC09B    14336    ----a-w-    C:\Windows\SysWOW64\print.exe
2014-11-24 02:38:10    69F653CDBB9CB41F0919462793307907    41472    ----a-w-    C:\Windows\SysWOW64\CertEnrollCtrl.exe
2014-11-24 02:38:10    491DC412719C612CF256403E918616CB    70656    ----a-w-    C:\Windows\System32\InputMethod\SHARED\ChxPropertyUI.exe
2014-11-24 02:38:10    44183864C5F649A076B6A008BE197DD7    397312    --sha-w-    C:\Program Files\Windows Mail\WinMail.exe
2014-11-24 02:38:10    42701691D2345A67A37E5899DD148285    24064    ----a-w-    C:\Windows\SysWOW64\at.exe
2014-11-24 02:38:10    39FB51FE7E5DD8F16F4C75237EDC57EA    21504    ----a-w-    C:\Windows\System32\fixmapi.exe
2014-11-24 02:38:10    2755F3F3ED0BCB4DC7D342AA64C7D33D    516608    ----a-w-    C:\Program Files\Windows Mail\wab.exe
2014-11-24 02:38:09    C9491C07ACAFF58B758947C5561FF60D    72192    ----a-w-    C:\Windows\System32\openfiles.exe
2014-11-24 02:38:09    7DDBE8917E4EBEED4EF27B28770F7695    25600    ----a-w-    C:\Windows\System32\oobe\setupsqm.exe
2014-11-24 02:38:09    518D6C4D2BE74587F0D8C2AA6733140A    80896    ----a-w-    C:\Windows\SysWOW64\eventvwr.exe
2014-11-24 02:38:08    F33B449DAF77F40ED41707EBFBC2DED7    15360    ----a-w-    C:\Windows\SysWOW64\ktmutil.exe
2014-11-24 02:38:08    EFA2C9F6F96E7C7DC4DA1442D34CFDA4    27136    ----a-w-    C:\Windows\System32\netiougc.exe
2014-11-24 02:38:08    EAF09472973F95F9ACCF10460FD40F7B    17408    ----a-w-    C:\Windows\SysWOW64\pcaui.exe
2014-11-24 02:38:08    BC639A4C18EEF9F23BE766DDDCE34D0E    19456    ----a-w-    C:\Windows\SysWOW64\ROUTE.EXE
2014-11-24 02:38:08    BAC624F5A2F5DF9A6E0378E56919A136    60416    ----a-w-    C:\Windows\System32\PnPUnattend.exe
2014-11-24 02:38:08    9F9EB0FF33E8D683C6BD84B0862E27D7    77312    ----a-w-    C:\Windows\System32\MuiUnattend.exe
2014-11-24 02:38:08    970AB61AF44555F83111968882B3B6A4    25600    ----a-w-    C:\Windows\System32\ReAgentc.exe
2014-11-24 02:38:08    7AFDBA07926BE8AB1770CF59A35FF0B7    68608    ----a-w-    C:\Windows\System32\sc.exe
2014-11-24 02:38:08    728F97CD4946C2A6D63A78759A2B5D5C    31232    ----a-w-    C:\Windows\System32\dnscacheugc.exe
2014-11-24 02:38:08    62F977CF0CCD1A99E91DE801341BB31E    16384    ----a-w-    C:\Windows\System32\print.exe
2014-11-24 02:38:08    60DD39FE21BF99A2F1549A8DDB23D962    18432    ----a-w-    C:\Windows\SysWOW64\PING.EXE
2014-11-24 02:38:08    4946EEFDBC08E0BAD98033137502FAA6    24576    ----a-w-    C:\Windows\System32\sdiagnhost.exe
2014-11-24 02:38:08    34F7657278609B8D222A65A1F39CF558    14336    ----a-w-    C:\Windows\SysWOW64\subst.exe
2014-11-24 02:38:08    33F95DAC839E89BB8684D2FC78034F9B    11776    ----a-w-    C:\Windows\SysWOW64\HOSTNAME.EXE
2014-11-24 02:38:08    2580B9632AC1042FD900C982D4920952    13312    ----a-w-    C:\Windows\SysWOW64\Com\comrepl.exe
2014-11-24 02:38:08    1784AAF6329CF4228553CF4B6A926BB8    13312    ----a-w-    C:\Windows\SysWOW64\finger.exe
2014-11-24 02:38:08    092579DC0605F9E0AFC60F24E7B7FAAE    81408    ----a-w-    C:\Windows\System32\wbem\WinMgmt.exe
2014-11-24 02:38:08    03624871AACA779A07E4DB0670DDCBE1    39424    ----a-w-    C:\Windows\System32\NETSTAT.EXE
2014-11-24 02:38:07    FA03DB4B4B00E597070590577E668571    468992    ----a-w-    C:\Windows\System32\nltest.exe
2014-11-24 02:38:07    EC95C22F5FE67A90B5BF5169612812F4    19456    ----a-w-    C:\Windows\System32\pcaui.exe
2014-11-24 02:38:07    BE989AFF77124F92A6DD5B67C672F2F5    26624    ----a-w-    C:\Windows\System32\dvdupgrd.exe
2014-11-24 02:38:07    A5EF3EE0E340D699BFA880B0E46BE4AE    84480    ----a-w-    C:\Windows\SysWOW64\mobsync.exe
2014-11-24 02:38:07    733B68BE10125275664761C421711334    87552    ----a-w-    C:\Windows\System32\bootcfg.exe
2014-11-24 02:38:07    4A1B27C7F905390DC6C428D6170D54DD    17920    ----a-w-    C:\Windows\SysWOW64\diskperf.exe
2014-11-24 02:38:07    2E84D939417DFEDB3E5DAB54CCE75EEB    16896    ----a-w-    C:\Windows\SysWOW64\grpconv.exe
2014-11-24 02:38:05    E43099308ADD8C0DB51CD6A21F7F7126    68096    ----a-w-    C:\Program Files\Windows Mail\wabmig.exe
2014-11-24 02:38:05    78A1800674AC11E52A1C5B57A6B0FAEE    18944    ----a-w-    C:\Windows\System32\grpconv.exe
2014-11-24 02:38:04    D3625290790CEBEE8E5900F56B5E8D6B    86528    ----a-w-    C:\Windows\System32\mobsync.exe
2014-11-24 02:38:04    B8FF6495BED1076B1A33EF76409DBA97    25600    ----a-w-    C:\Windows\System32\odbcconf.exe
2014-11-24 02:38:04    6C9660D8DD7CD2EFA84266829A986F52    29696    ----a-w-    C:\Windows\System32\RpcPing.exe
2014-11-24 02:38:04    3FC4729D8D54CC20D7E77A94C5E22ED0    15360    ----a-w-    C:\Windows\System32\Com\comrepl.exe
2014-11-24 02:38:03    C2C8A23455CCFD24D35CD4BB47DADD7C    15360    ----a-w-    C:\Windows\SysWOW64\mountvol.exe
2014-11-24 02:38:03    B4C763FA090D345EF24ACE7ADA0285CE    36352    ----a-w-    C:\Windows\System32\ksetup.exe
2014-11-24 02:38:03    70DC5E90F88E476FA769BB7D12F936F5    12288    ----a-w-    C:\Windows\SysWOW64\recover.exe
2014-11-24 02:38:03    67E6B2FEDFD021F858F7F6E27A7C1182    72704    ----a-w-    C:\Windows\SysWOW64\dpapimig.exe
2014-11-24 02:38:03    0AA80010E37F8F8546CDD6D725D79A28    34304    ----a-w-    C:\Windows\System32\shutdown.exe
2014-11-24 02:38:02    FB1AF011B37E18B3BA46B2FDB699930D    73216    ----a-w-    C:\Windows\SysWOW64\ndadmin.exe
2014-11-24 02:38:02    F74B09C54E47526BB0679F8F0967AD0E    114176    ----a-w-    C:\Windows\SysWOW64\control.exe
2014-11-24 02:38:02    EA2A473AE0C5601D6CC1EC8D8DD0BF2C    65536    ----a-w-    C:\Windows\System32\DevicePairingWizard.exe
2014-11-24 02:38:02    E84B49E0226ED4B1912FD136526BECBA    15872    ----a-w-    C:\Windows\SysWOW64\gpupdate.exe
2014-11-24 02:38:02    DA424925D5BDEF62C60333B2810D9D32    73728    ----a-w-    C:\Windows\SysWOW64\newdev.exe
2014-11-24 02:38:02    BF5B53548319349BFD8BF18D1E6A94BA    20480    ----a-w-    C:\Windows\SysWOW64\wbem\mofcomp.exe
2014-11-24 02:38:02    ACF69C7DE52EC9F985ECAC69CF9076EF    15360    ----a-w-    C:\Windows\SysWOW64\RmClient.exe
2014-11-24 02:38:02    A8D94E0B69D09A4C93B87EDEC8ECEBB9    11264    ----a-w-    C:\Windows\SysWOW64\verclsid.exe
2014-11-24 02:38:02    99F2485F0AA3BC7CFD417A63786CA234    14848    ----a-w-    C:\Windows\System32\Register-CimProvider.exe
2014-11-24 02:38:02    702D9B0C494D91FA4E5C2078294A99F3    15872    ----a-w-    C:\Windows\System32\subst.exe
2014-11-24 02:38:02    5C131534A3EA4A461A793FB507A8004F    26112    ----a-w-    C:\Windows\System32\userinit.exe
2014-11-24 02:38:02    119858E9514F113A7291D33E93B50D3D    41472    ----a-w-    C:\Windows\System32\hwrcomp.exe
2014-11-24 02:38:01    B021ED3CF7518BE1145ABB6392919972    18432    ----a-w-    C:\Windows\System32\PATHPING.EXE
2014-11-24 02:38:00    EFCD1B250FCF76563CA2DB15CDF9A9B6    13312    ----a-w-    C:\Windows\System32\verclsid.exe
2014-11-24 02:38:00    A758B9E1E91D3BD57228950602D2FF74    35328    ----a-w-    C:\Windows\System32\klist.exe
2014-11-24 02:38:00    66295F1AA15E326A530514C72E83A46E    15360    ----a-w-    C:\Windows\System32\pcwrun.exe
2014-11-24 02:38:00    5FD22B915C232378E567160D641CC9F2    29184    ----a-w-    C:\Windows\System32\at.exe
2014-11-24 02:38:00    4F1E63E8FF7108E04303DB1D7AD3E6E6    84992    ----a-w-    C:\Windows\System32\WSCollect.exe
2014-11-24 02:38:00    0BD87358269F247B705E0E56192EF0B3    16384    ----a-w-    C:\Windows\SysWOW64\rasautou.exe
2014-11-24 02:38:00    042AE3B5D7DDD4537EA37D29A815A30B    16384    ----a-w-    C:\Windows\System32\label.exe
2014-11-24 02:37:59    773212E7F2186BABE4027EAC8198F63E    14336    ----a-w-    C:\Windows\SysWOW64\tcmsetup.exe
2014-11-24 02:37:59    7659706ABE8CC14824F572234606A8D9    13312    ----a-w-    C:\Windows\SysWOW64\Register-CimProvider.exe
2014-11-24 02:37:58    E4B5828D71051B5EA3071E230AC9E4D2    86016    ----a-w-    C:\Windows\System32\nslookup.exe
2014-11-24 02:37:58    B4804CA5C860C8210FB894D882E7D33E    61440    ----a-w-    C:\Windows\System32\takeown.exe
2014-11-24 02:37:58    ACB5CD4528F33568475A55ABCD0C002B    63488    ----a-w-    C:\Windows\SysWOW64\DevicePairingWizard.exe
2014-11-24 02:37:58    A2164013FA6F9A12B9467DDBF807B44D    34816    ----a-w-    C:\Windows\SysWOW64\unlodctr.exe
2014-11-24 02:37:58    53BC366750428053AF6BCE174BE021A6    82944    ----a-w-    C:\Windows\System32\tabcal.exe
2014-11-24 02:37:58    387CA7E60013F085E17DA7C7C77CFA8B    24576    ----a-w-    C:\Windows\System32\upnpcont.exe
2014-11-24 02:37:58    1FBBFD446ABA011C16B37641B275426E    76288    ----a-w-    C:\Windows\System32\newdev.exe
2014-11-24 02:37:58    062DDCA8B2CC2B9EF0A4E27FAA0CCD32    54784    ----a-w-    C:\Windows\System32\setx.exe
2014-11-24 02:37:57    E14D17FB0C2E3EFA7E6825A530FD323D    16384    ----a-w-    C:\Windows\SysWOW64\rasdial.exe
2014-11-24 02:37:57    CFDE553A358ADA7F73A48421BD2BDBF4    25600    ----a-w-    C:\Windows\System32\DeviceEject.exe
2014-11-24 02:37:57    AADC9A8194CDEC4908A8DFD82FD75D9F    86016    ----a-w-    C:\Windows\System32\MdRes.exe
2014-11-24 02:37:57    A867F0F978EE64C87FADC3B100869EE4    41984    ----a-w-    C:\Windows\System32\UI0Detect.exe
2014-11-24 02:37:57    84A7CBB781FD1D02E8F1CC5E428BF321    20480    ----a-w-    C:\Windows\System32\nbtstat.exe
2014-11-24 02:37:57    70717A5421E7756874E3994D14B6FBB0    47616    ----a-w-    C:\Windows\System32\winrs.exe
2014-11-24 02:37:57    6D74A46161BCB5E3B3E321A7C0D9ABFF    62976    ----a-w-    C:\Windows\SysWOW64\hdwwiz.exe
2014-11-24 02:37:57    4D7DB9C2DCED9C634B8C27B87926F0FC    28160    ----a-w-    C:\Windows\System32\CheckNetIsolation.exe
2014-11-24 02:37:57    38862494CC64C61C3BD458D64410C01E    22016    ----a-w-    C:\Windows\SysWOW64\fltMC.exe
2014-11-24 02:37:57    1E66AE4CBB934C7EDF1CC4FB3E1EB084    36864    ----a-w-    C:\Windows\System32\icacls.exe
2014-11-24 02:37:57    046325408558B6EBF7EFDA3511C5289D    218112    ----a-w-    C:\Windows\SysWOW64\UserAccountControlSettings.exe
2014-11-24 02:37:56    ADCAA1A801398178EBFE38447D5A24E0    53248    ----a-w-    C:\Windows\System32\MultiDigiMon.exe
2014-11-24 02:37:56    7280EADB18D45F7066062A1388CBFF4B    18944    ----a-w-    C:\Windows\System32\rasautou.exe
2014-11-24 02:37:56    34D5E532C4FBE7CD03DAFA2B85A4E0B5    14336    ----a-w-    C:\Windows\SysWOW64\secinit.exe
2014-11-24 02:37:56    339EE07B58A000B4A5248C83EE4D6814    11776    ----a-w-    C:\Windows\SysWOW64\efsui.exe
2014-11-24 02:37:55    D3974592572C81D7DAB11FBAD00F7873    20480    ----a-w-    C:\Windows\System32\compact.exe
2014-11-24 02:37:55    D39675189C5972A42629A3A82A6DA7E9    74752    ----a-w-    C:\Windows\System32\ndadmin.exe
2014-11-24 02:37:55    CC82D3DE99D23F49B8264D7CF30FBA15    20992    ----a-w-    C:\Windows\SysWOW64\sort.exe
2014-11-24 02:37:55    C0CC9E1A8AA53A2E7BBEA3BEB0ED5281    13312    ----a-w-    C:\Windows\System32\recover.exe
2014-11-24 02:37:55    601679C218E707954A86A693DB9A5326    220160    ----a-w-    C:\Windows\System32\UserAccountControlSettings.exe
2014-11-24 02:37:55    377CC9DAE7227D875154579C7BAA6625    91648    ----a-w-    C:\Windows\System32\MdSched.exe
2014-11-24 02:37:55    2DE0C63DC47ECF87897799DC8E5C68FB    25088    ----a-w-    C:\Windows\System32\netbtugc.exe
2014-11-24 02:37:54    DE074ECCF61F37B1C3259AC2209A07EF    39424    ----a-w-    C:\Windows\System32\SecEdit.exe
2014-11-24 02:37:54    D3193FDF69267413CAD00712891C3D6E    17920    ----a-w-    C:\Windows\SysWOW64\runas.exe
2014-11-24 02:37:54    BF379376C124B19A7535CBA8EA179802    34816    ----a-w-    C:\Windows\System32\ipconfig.exe
2014-11-24 02:37:54    B56AB567F12B5B8F3513C3B6E29F806C    14848    ----a-w-    C:\Windows\SysWOW64\wowreg32.exe
2014-11-24 02:37:54    A0C2872067EDF862C598C92B38D5AF50    46592    ----a-w-    C:\Windows\System32\typeperf.exe
2014-11-24 02:37:54    725CF081FFF84BE7C95E0958E21338E2    55296    ----a-w-    C:\Windows\System32\CertEnrollCtrl.exe
2014-11-24 02:37:54    5B49CC654ADC1CE20F2756FB61C1E3A4    112128    ----a-w-    C:\Windows\System32\baaupdate.exe
2014-11-24 02:37:54    561A678EFA21BF3EDBEC07C057BF0302    21504    ----a-w-    C:\Windows\System32\wpnpinst.exe
2014-11-24 02:37:54    0277A8F8A620D608A89B6A5F4EBFC7D8    61952    ----a-w-    C:\Windows\SysWOW64\ntprint.exe
2014-11-24 02:37:53    E4B3425316E1B413523551E4CE50CF82    39936    ----a-w-    C:\Windows\System32\eventcreate.exe
2014-11-24 02:37:53    C729DEA1888B1B047F51844BA5BD875F    26624    ----a-w-    C:\Windows\System32\setspn.exe
2014-11-24 02:37:53    BFB758841FC3EBBB98D9AFF1F530487F    94720    ----a-w-    C:\Windows\SysWOW64\Narrator.exe
2014-11-24 02:37:53    B1B8991F131A144D9BA496C458F35468    184320    ----a-w-    C:\Windows\System32\hwrreg.exe
2014-11-24 02:37:53    AF0840C20E76B82F9F9E45750C831A43    16384    ----a-w-    C:\Windows\SysWOW64\PATHPING.EXE
2014-11-24 02:37:53    9E5EBDFB2950293759FD5607E2A8BA23    12800    ----a-w-    C:\Windows\System32\Eap3Host.exe
2014-11-24 02:37:53    9B8B5487536052919900017EF778A88B    110080    ----a-w-    C:\Windows\System32\fontview.exe
2014-11-24 02:37:53    5078D50A9D570C72E95D4CD689F28879    33792    ----a-w-    C:\Windows\System32\choice.exe
2014-11-24 02:37:53    4B605DF70C49B6B9D65652879ACAEE32    115712    ----a-w-    C:\Windows\System32\control.exe
2014-11-24 02:37:53    4207A7F5FED3ED59A8576AFFC214A9B8    13824    ----a-w-    C:\Windows\SysWOW64\MRINFO.EXE
2014-11-24 02:37:53    3286BDFBE32C205ABE62BC07DE4F7419    39424    ----a-w-    C:\Windows\System32\waitfor.exe
2014-11-24 02:37:53    31FEBAD8EACE62F58813BC640C07CE38    15360    ----a-w-    C:\Windows\System32\finger.exe
2014-11-24 02:37:53    1BBCF328F7FBB3158E672AAA8516C590    34304    ----a-w-    C:\Windows\System32\extrac32.exe
2014-11-24 02:37:53    177C1130949E620616BA63D9D27913FE    97792    ----a-w-    C:\Windows\SysWOW64\Fondue.exe
2014-11-24 02:37:53    14F02676427640AE5694A3E7FB739681    64512    ----a-w-    C:\Windows\System32\hdwwiz.exe
2014-11-24 02:37:53    126667322403F8EDBD911EE706506D56    39936    ----a-w-    C:\Windows\System32\where.exe
2014-11-24 02:37:52    DA66E801F6A77E5FD1EFDA4EFAB3660F    33280    ----a-w-    C:\Windows\System32\syskey.exe
2014-11-24 02:37:52    B58F08DF50F5553E249500CD325CAD7D    26112    ----a-w-    C:\Windows\SysWOW64\Netplwiz.exe
2014-11-24 02:37:52    A41659711F3B9B48AFBA65BCD5C8C4E2    20992    ----a-w-    C:\Windows\System32\PING.EXE
2014-11-24 02:37:52    A3F446F1E2B8C6ECE56F608FB32B8DC6    73216    ----a-w-    C:\Windows\System32\reg.exe
2014-11-24 02:37:52    9CEE8395B3EBC0CC33D0FA54DC65CC61    29696    ----a-w-    C:\Windows\System32\clip.exe
2014-11-24 02:37:52    97FE25D7BEF50046D84FDE5EF6D16245    10752    ----a-w-    C:\Windows\System32\regedt32.exe
2014-11-24 02:37:52    8BD41891EA45BA4653B3A3799784DA31    30208    ----a-w-    C:\Windows\System32\timeout.exe
2014-11-24 02:37:52    683011756F654AE316829A60ED57ECD9    14848    ----a-w-    C:\Windows\SysWOW64\TRACERT.EXE
2014-11-24 02:37:52    61B17B1719DC1E4496EC0596C6DC0143    24064    ----a-w-    C:\Windows\System32\sort.exe
2014-11-24 02:37:52    5EC06358941CB2D40FD7963A664BE507    10240    ----a-w-    C:\Windows\SysWOW64\InfDefaultInstall.exe
2014-11-24 02:37:52    5D4A7198D33C6F4DB594B75B253C977C    47104    ----a-w-    C:\Windows\SysWOW64\tzutil.exe
2014-11-24 02:37:52    4B9586A61E98A403DAE98D4E62860081    61952    ----a-w-    C:\Windows\SysWOW64\printui.exe
2014-11-24 02:37:52    43D69652F91822C4A0873884B829DD0A    217088    ----a-w-    C:\Windows\SysWOW64\SmartScreenSettings.exe
2014-11-24 02:37:52    235D6AE52DC93053D75492949382862D    18432    ----a-w-    C:\Windows\System32\gpupdate.exe
2014-11-24 02:37:52    00FE3FD06EC34B3A70BA782A95606454    49152    ----a-w-    C:\Windows\System32\forfiles.exe
2014-11-24 02:37:51    FE79F0387DFF3417FFDFAB25E103F8F3    256000    ----a-w-    C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe
2014-11-24 02:37:51    D742C17757BA63F0FB22715C3E0CFF68    28672    ----a-w-    C:\Windows\SysWOW64\cliconfg.exe
2014-11-24 02:37:51    C6052399A215658DD211A24780A4F122    18944    ----a-w-    C:\Windows\System32\FXSUNATD.exe
2014-11-24 02:37:51    B70D25AE45B525FBF318327DA3CAF615    18432    ----a-w-    C:\Windows\System32\mpnotify.exe
2014-11-24 02:37:51    AF04C20091C88572A67FF302822184C0    12288    ----a-w-    C:\Windows\System32\Com\MigRegDB.exe
2014-11-24 02:37:51    AE25F20E4A6669CE566E0F56E6632C34    17920    ----a-w-    C:\Windows\System32\appidcertstorecheck.exe
2014-11-24 02:37:51    9F82D4C1A2CAE60C4D6ECE19B9B1A3FF    58368    ----a-w-    C:\Windows\SysWOW64\RunLegacyCPLElevated.exe
2014-11-24 02:37:51    93C5704CDB20EEB121CE3BEEE796ABDC    79872    ----a-w-    C:\Windows\System32\WSReset.exe
2014-11-24 02:37:51    8E54DD444476E948448D1AC5CDF0AF88    72192    ----a-w-    C:\Windows\SysWOW64\odbcad32.exe
2014-11-24 02:37:51    85C3C5FD2356F50275C9337F5875C9FE    84992    ----a-w-    C:\Windows\SysWOW64\LocationNotifications.exe
2014-11-24 02:37:51    81B05E9BC8632CE42CA0DA7615F27B9F    10240    ----a-w-    C:\Windows\SysWOW64\regedt32.exe
2014-11-24 02:37:51    7F777F4DA64328EFF3220C96A10347C4    96256    ----a-w-    C:\Windows\System32\Narrator.exe
2014-11-24 02:37:51    6E6696E83DB3006D50E14A2FDFE70484    12288    ----a-w-    C:\Windows\SysWOW64\TapiUnattend.exe
2014-11-24 02:37:51    61045F4908AB5D9D69F0A8E6B7B67806    120320    ----a-w-    C:\Windows\SysWOW64\iscsicpl.exe
2014-11-24 02:37:51    579D1F6B52ADDDB09A75094382D3F6BC    256512    ----a-w-    C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exe
2014-11-24 02:37:51    39F635B39BBE56192EC28F70DD52B5B4    77312    ----a-w-    C:\Windows\SysWOW64\DpiScaling.exe
2014-11-24 02:37:51    3694D05B4A496A4ECB6B5A288B6612BE    12800    ----a-w-    C:\Windows\System32\SystemResetPlatform\SystemResetPlatform.exe
2014-11-24 02:37:51    2A4D44837372411478C3A06F6A1DE064    16896    ----a-w-    C:\Windows\System32\ktmutil.exe
2014-11-24 02:37:51    1EE7875E0D26B013CB6C421382E403DF    75264    ----a-w-    C:\Windows\System32\dpapimig.exe
2014-11-24 02:37:51    1A506E36A76AD897490E77313CD3259A    36352    ----a-w-    C:\Windows\SysWOW64\ComputerDefaults.exe
2014-11-24 02:37:51    0464030A3293F289612E6C24D173C11C    82944    ----a-w-    C:\Windows\System32\eventvwr.exe
2014-11-24 02:37:50    ED2E7B5224BA827838C012C26A561DDB    15872    ----a-w-    C:\Windows\SysWOW64\hh.exe
2014-11-24 02:37:50    DCEF208FB5CF6F04349BCAC2F2499B29    121856    ----a-w-    C:\Windows\System32\iscsicpl.exe
2014-11-24 02:37:50    D80FE2134C39963F5F39C97BA1A88748    16384    ----a-w-    C:\Windows\System32\fsavailux.exe
2014-11-24 02:37:50    CDF8D88B46FC4FA140B5F8B8B06192ED    62976    ----a-w-    C:\Windows\System32\printui.exe
2014-11-24 02:37:50    CA5A7FF55867711D17BECF7E711A9C1E    81920    ----a-w-    C:\Windows\SysWOW64\SystemPropertiesRemote.exe
2014-11-24 02:37:50    C263337C2301AAFC68243A9A2A006621    219136    ----a-w-    C:\Windows\System32\SmartScreenSettings.exe
2014-11-24 02:37:50    BE80808B5FE1D9C9351653EEC814A75A    9728    ----a-w-    C:\Windows\SysWOW64\ctfmon.exe
2014-11-24 02:37:50    B934411DFE7DEACFA95A1255A48133C9    17408    ----a-w-    C:\Windows\hh.exe
2014-11-24 02:37:50    B0231148BAA81C21A914185A8410AA14    10240    ----a-w-    C:\Windows\SysWOW64\dvdplay.exe
2014-11-24 02:37:50    AE604CF7BF5FC3309464397C58AFCD0B    77824    ----a-w-    C:\Windows\System32\DpiScaling.exe
2014-11-24 02:37:50    A95AF76C156AEECB1219517C297311B3    16384    ----a-w-    C:\Windows\System32\secinit.exe
2014-11-24 02:37:50    A48E0E6D99EC9E23DF4B448FEDD591A1    81920    ----a-w-    C:\Windows\SysWOW64\SystemPropertiesPerformance.exe
2014-11-24 02:37:50    A2133717386FB625D0F7FD40548E43BF    7168    ----a-w-    C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\pipanel.exe
2014-11-24 02:37:50    8A7383F370EAC47300D3E3BA136CFD50    81920    ----a-w-    C:\Windows\SysWOW64\SystemPropertiesDataExecutionPrevention.exe
2014-11-24 02:37:50    7D200761E7EECD04371977E8A5D263E2    18944    ----a-w-    C:\Windows\System32\rasdial.exe
2014-11-24 02:37:50    7851B04CB50EE7FEB48D592E1D42B105    56832    ----a-w-    C:\Windows\SysWOW64\winver.exe
2014-11-24 02:37:50    6EDCD8AB6F98032C9B03B2ACE8441AEC    103424    ----a-w-    C:\Program Files\Windows Media Player\wmpconfig.exe
2014-11-24 02:37:50    6AE3F2862A2967A2E3E3AE34621F5CB3    101888    ----a-w-    C:\Program Files (x86)\Windows Media Player\wmpconfig.exe
2014-11-24 02:37:50    675E9195D914813DAA426CDA5E1E7A5B    61440    ----a-w-    C:\Windows\System32\tzutil.exe
2014-11-24 02:37:50    606D8C7BDF86378F0E1C19B1AA479543    11776    ----a-w-    C:\Windows\System32\TCPSVCS.EXE
2014-11-24 02:37:50    4A331C224DCCE567C27F4CDDEBBB0476    81920    ----a-w-    C:\Windows\SysWOW64\SystemPropertiesComputerName.exe
2014-11-24 02:37:50    49E2F9FCD47FE8EA1E9062261ABEBF76    81920    ----a-w-    C:\Windows\SysWOW64\SystemPropertiesProtection.exe
2014-11-24 02:37:50    3FD537782456E540DFB29A7C03D0FC0F    62976    ----a-w-    C:\Windows\System32\ntprint.exe
2014-11-24 02:37:50    32B302F12E2ED9BA8DCCAB95AB5E7C78    108032    ----a-w-    C:\Windows\SysWOW64\msra.exe
2014-11-24 02:37:50    302A0CC93935FA8289A95413ED2F9510    81920    ----a-w-    C:\Windows\SysWOW64\SystemPropertiesHardware.exe
2014-11-24 02:37:50    2E3CC13FAFF5D67AF3BB953FFE488C60    16896    ----a-w-    C:\Windows\System32\wowreg32.exe
2014-11-24 02:37:50    2B507018D3511DB1EB9601C5B5D0F2E8    36864    ----a-w-    C:\Windows\System32\credwiz.exe
2014-11-24 02:37:50    20973E3D9606400230207EE9C9EC85B3    182784    ----a-w-    C:\Windows\SysWOW64\LaunchTM.exe
2014-11-24 02:37:50    2015EBDEABD2B3C4C7535290D1A34CFF    10240    ----a-w-    C:\Windows\System32\backgroundTaskHost.exe
2014-11-24 02:37:50    1A81668402876DBDE84C5E111C8D4A78    30208    ----a-w-    C:\Windows\System32\cliconfg.exe
2014-11-24 02:37:50    19D473BE1A8F268B34625333A57E638B    81920    ----a-w-    C:\Windows\SysWOW64\SystemPropertiesAdvanced.exe
2014-11-24 02:37:50    1837AFF2AACD137665FCE87E7BA40285    59904    ----a-w-    C:\Windows\System32\AxInstUI.exe
2014-11-24 02:37:50    0FB8985E4D0F7D37BC366CFD93B73A52    108032    ----a-w-    C:\Windows\SysWOW64\resmon.exe
2014-11-24 02:37:49    2F0F021AB3A8153FC6CB2AF4F82682F1    74240    ----a-w-    C:\Windows\System32\odbcad32.exe
2014-11-24 02:37:48    FCB04C83D9B0810CA08A63F72B59831B    73728    ----a-w-    C:\Windows\System32\sigverif.exe
2014-11-24 02:37:48    F739210482F186F229769DC74560579E    10240    ----a-w-    C:\Windows\SysWOW64\TCPSVCS.EXE
2014-11-24 02:37:48    DF5A15858040E96FC31A76D406A28633    99328    ----a-w-    C:\Windows\System32\OptionalFeatures.exe
2014-11-24 02:37:48    D2CDE111F1F7EF8BA469CF980A1A13BA    31744    ----a-w-    C:\Windows\System32\cacls.exe
2014-11-24 02:37:48    C18B586CA8F414A47D9CBA263361692B    37888    ----a-w-    C:\Windows\System32\ComputerDefaults.exe
2014-11-24 02:37:48    BD139D1EC36BFD525F62A52B547B3692    57856    ----a-w-    C:\Windows\System32\winver.exe
2014-11-24 02:37:48    9FEC2291F505591E72571E0323E4F152    36864    ----a-w-    C:\Windows\System32\dialer.exe
2014-11-24 02:37:48    87DBA4A4C0E38CBE75C305324DEF4106    39936    ----a-w-    C:\Windows\System32\rdrleakdiag.exe
2014-11-24 02:37:48    78CE8CDC02FFBA84FE890D48B10A7E49    27648    ----a-w-    C:\Windows\System32\Netplwiz.exe
2014-11-24 02:37:48    7169F450AC2EC08ED8DD16C00B28A585    8704    ----a-w-    C:\Windows\SysWOW64\systray.exe
2014-11-24 02:37:48    518F842EA8449A89448D6754A4AA8AD9    151552    ----a-w-    C:\Windows\System32\iscsicli.exe
2014-11-24 02:37:48    506659C0225E2D8C2513238424AF9ADF    99328    ----a-w-    C:\Windows\System32\Fondue.exe
2014-11-24 02:37:48    395075C20E663FC622981C9EE3DD5AC4    45568    ----a-w-    C:\Windows\System32\regini.exe
2014-11-24 02:37:48    335C38783B3F1B383ECAC17DB3705895    9728    ----a-w-    C:\Windows\winhlp32.exe
2014-11-24 02:37:48    252FA5FC4F7D26821C0CA80AD506FF06    10752    ----a-w-    C:\Windows\SysWOW64\Com\MigRegDB.exe
2014-11-24 02:37:48    1EFA647F97009893CC54BD677751A958    9728    ----a-w-    C:\Windows\SysWOW64\write.exe
2014-11-24 02:37:48    1B360B9D73831941D84302DF009742C0    37888    ----a-w-    C:\Windows\System32\bthudtask.exe
2014-11-24 02:37:48    1AFE32EA863BF62C266B6BC0718EE965    9728    ----a-w-    C:\Windows\System32\plasrv.exe
2014-11-24 02:37:48    0A606DBA8620A3F24240226798720CDD    86016    ----a-w-    C:\Windows\SysWOW64\colorcpl.exe
2014-11-24 02:37:48    0429264498AA64D342CA4B24ED9705B1    13312    ----a-w-    C:\Windows\System32\DsmUserTask.exe
2014-11-24 02:37:48    02D5DC3062BB3BCB213C72A0D0BB0D1E    24576    ----a-w-    C:\Windows\System32\sdbinst.exe
2014-11-24 02:37:47    FF6992748128289C840A403A5F6B9129    27136    ----a-w-    C:\Windows\System32\fltMC.exe
2014-11-24 02:37:47    FDC0DD1E4D8AD8189FC5227F15AA7C30    16384    ----a-w-    C:\Windows\System32\MRINFO.EXE
2014-11-24 02:37:47    F524DD2F93678DAD7B07461776210107    23040    ----a-w-    C:\Windows\System32\cofire.exe
2014-11-24 02:37:47    E848C527736B577F535C6750401AF2D5    24576    ----a-w-    C:\Windows\System32\quser.exe
2014-11-24 02:37:47    E0A90CC0420D0E4055AD1AA2409861AA    82944    ----a-w-    C:\Windows\System32\SystemPropertiesHardware.exe
2014-11-24 02:37:47    D311FB16E86E784643C63C6CDC152752    8704    ----a-w-    C:\Windows\SysWOW64\backgroundTaskHost.exe
2014-11-24 02:37:47    CA4A0211480D05369EFEBF85D94CCE6A    14848    ----a-w-    C:\Windows\SysWOW64\cmdkey.exe
2014-11-24 02:37:47    CA0473B448DDD32D95D5B157BB2C6CFA    91648    ----a-w-    C:\Windows\SysWOW64\DeviceProperties.exe
2014-11-24 02:37:47    C6198A7B68C3999E938076FE5515E732    82944    ----a-w-    C:\Windows\System32\SystemPropertiesPerformance.exe
2014-11-24 02:37:47    BA28994D2A6FD17473605CEA855001BF    41984    ----a-w-    C:\Windows\System32\unlodctr.exe
2014-11-24 02:37:47    AC40CEEC8AAE25F83B7836938AA9EFB9    21504    ----a-w-    C:\Windows\System32\chgusr.exe
2014-11-24 02:37:47    A737B433ABAF3F2DCB2BD7B4CC582B26    10240    ----a-w-    C:\Windows\System32\Locator.exe
2014-11-24 02:37:47    9D0D1BDA064C1376ABDA7FFFF213168F    10240    ----a-w-    C:\Windows\System32\WallpaperHost.exe
2014-11-24 02:37:47    9ACC1BEAE4D314964EFBEC910279D9CA    13824    ----a-w-    C:\Windows\System32\bootim.exe
2014-11-24 02:37:47    89D49A9488E418E7E982BDC7A0B83547    22016    ----a-w-    C:\Windows\System32\rwinsta.exe
2014-11-24 02:37:47    864379396733031C99B64550358CAEBD    32256    ----a-w-    C:\Windows\System32\proquota.exe
2014-11-24 02:37:47    81E8B19A3D44C4F2B0BFB615182E03B2    23552    ----a-w-    C:\Windows\System32\tskill.exe
2014-11-24 02:37:47    7D61FDA771B0ED6BCB75F270E34C605E    19968    ----a-w-    C:\Windows\System32\runas.exe
2014-11-24 02:37:47    79412A11FA4E7F16B7BEA6270941ABED    26112    ----a-w-    C:\Windows\System32\VaultCmd.exe
2014-11-24 02:37:47    73E19BE0E0ECD88616B5762F621B0226    11264    ----a-w-    C:\Windows\write.exe
2014-11-24 02:37:47    73E19BE0E0ECD88616B5762F621B0226    11264    ----a-w-    C:\Windows\System32\write.exe
2014-11-24 02:37:47    713D305CED2068A9CD1AB38F28348ADB    28672    ----a-w-    C:\Windows\System32\qwinsta.exe
2014-11-24 02:37:47    6D5428EAF349D43890CB88528FF29DEB    24064    ----a-w-    C:\Windows\System32\chgport.exe
2014-11-24 02:37:47    6C6E586C858BFE1DE453921F67AA9206    109568    ----a-w-    C:\Windows\System32\resmon.exe
2014-11-24 02:37:47    6B9CCB9388EDFD7FE8CC384772A1A977    183808    ----a-w-    C:\Windows\System32\LaunchTM.exe
2014-11-24 02:37:47    68F19DB5C6A27D3B52A3240877554E7D    93184    ----a-w-    C:\Windows\System32\DeviceProperties.exe
2014-11-24 02:37:47    6708EE1F564796A19B814CA9359FB20B    82944    ----a-w-    C:\Windows\System32\SystemPropertiesAdvanced.exe
2014-11-24 02:37:47    5220C126A3E9A7D225AF5E49DBD7C994    16896    ----a-w-    C:\Windows\System32\cmdkey.exe
2014-11-24 02:37:47    517D31BB7C8673F5F3F992656028FD48    60416    ----a-w-    C:\Windows\System32\RunLegacyCPLElevated.exe
2014-11-24 02:37:47    4FE4D9783A1CCFF8902D3A6FC82CF2FA    20992    ----a-w-    C:\Windows\System32\PnPutil.exe
2014-11-24 02:37:47    4ADC30525A7BA315E3A2B5386D61294E    25600    ----a-w-    C:\Windows\System32\msg.exe
2014-11-24 02:37:47    401DC1A773377617AF023215DBCBE78B    82944    ----a-w-    C:\Windows\System32\SystemPropertiesComputerName.exe
2014-11-24 02:37:47    381E3758C7687DA1A55DD4221E5B9E6C    82944    ----a-w-    C:\Windows\System32\SystemPropertiesRemote.exe
2014-11-24 02:37:47    368AD808891952AA58C8B4F31F38E76C    16896    ----a-w-    C:\Windows\System32\change.exe
2014-11-24 02:37:47    32A50A283BBB1E3A84007E4B22A56427    82944    ----a-w-    C:\Windows\System32\MSchedExe.exe
2014-11-24 02:37:47    2BAD78953FE53A8369D53289118CDFB0    16384    ----a-w-    C:\Windows\System32\query.exe
2014-11-24 02:37:47    1FCE45CF94DA9CD4D28B25FFFC1E684F    87040    ----a-w-    C:\Windows\System32\colorcpl.exe
2014-11-24 02:37:47    1BDAC8ED76F662E2A595D9F6685CC1D6    13312    ----a-w-    C:\Windows\System32\pcalua.exe
2014-11-24 02:37:47    1B38BD96F39130B8A3911035240011F4    82944    ----a-w-    C:\Windows\System32\SystemPropertiesDataExecutionPrevention.exe
2014-11-24 02:37:47    191CC72472C3246B81593D95543C67EF    50688    ----a-w-    C:\Windows\System32\lodctr.exe
2014-11-24 02:37:47    16E9483CD0C84D39E83C2645E51F598B    82944    ----a-w-    C:\Windows\System32\SystemPropertiesProtection.exe
2014-11-24 02:37:47    112B15C842E08391DF6D46C959E83F07    16896    ----a-w-    C:\Windows\System32\reset.exe
2014-11-24 02:37:47    074538506BFAE9C0087C246AB3C59218    22016    ----a-w-    C:\Windows\System32\tscon.exe
2014-11-24 02:37:47    0466E5B7B3734D2FFE0367D04878CF97    17408    ----a-w-    C:\Windows\System32\RmClient.exe
2014-11-24 02:37:46    EEFA48A56DD2D83440FDF47FEFD6FC1E    9728    ----a-w-    C:\Windows\SysWOW64\dcomcnfg.exe
2014-11-24 02:37:46    EC0B096A9297C03C9D4B3053B4351C48    17408    ----a-w-    C:\Windows\System32\mountvol.exe
2014-11-24 02:37:46    E45A23EFB7B187809372521D2C9FE1F7    9216    ----a-w-    C:\Windows\System32\dllhst3g.exe
2014-11-24 02:37:46    D0EB0DF8C603BBA084351A92732B1CBE    14848    ----a-w-    C:\Windows\System32\snmptrap.exe
2014-11-24 02:37:46    D0571F48B3365A6BF6F492A06E0AEF99    86528    ----a-w-    C:\Windows\System32\LocationNotifications.exe
2014-11-24 02:37:46    BA4B2A3082F972F1D42001774EE4BA04    9728    ----a-w-    C:\Windows\SysWOW64\help.exe
2014-11-24 02:37:46    9F4A6D072BF84183E96E8B4D6D536D73    101888    ----a-w-    C:\Windows\System32\BitLockerWizardElev.exe
2014-11-24 02:37:46    9F1D7D1689A3ED0B49E124CAA1C3FEA7    23040    ----a-w-    C:\Windows\System32\ROUTE.EXE
2014-11-24 02:37:46    9929D83891B1C86F4E12C0C90BD8632E    10240    ----a-w-    C:\Windows\System32\ctfmon.exe
2014-11-24 02:37:46    93FFBE46D87BFFC00F5384A6174697AC    13312    ----a-w-    C:\Windows\System32\HOSTNAME.EXE
2014-11-24 02:37:46    8B4E256F72C64974F37AB30328EDDBEB    22528    ----a-w-    C:\Windows\System32\tsdiscon.exe
2014-11-24 02:37:46    89218DF55881B8AEFF5BCD0C09B4A1AB    11776    ----a-w-    C:\Windows\System32\InfDefaultInstall.exe
2014-11-24 02:37:46    7C3C5FF1C2C0ECD92BDAC31E2FC9AA77    27136    ----a-w-    C:\Windows\System32\qprocess.exe
2014-11-24 02:37:46    712213259DF0ADDF74500DD49E4F5983    14336    ----a-w-    C:\Windows\System32\TapiUnattend.exe
2014-11-24 02:37:46    6B07C78F5310954DAF9A1962B5E49F6D    11776    ----a-w-    C:\Windows\System32\dvdplay.exe
2014-11-24 02:37:46    62780C7480B036D0F38CE3E1B94A5CE0    10752    ----a-w-    C:\Windows\System32\dcomcnfg.exe
2014-11-24 02:37:46    598BDA17AFB1663F3B3A5C13EC61405E    15872    ----a-w-    C:\Windows\System32\tcmsetup.exe
2014-11-24 02:37:46    50856FEA062AABFC1EC05A06CB94C9A0    11264    ----a-w-    C:\Windows\System32\help.exe
2014-11-24 02:37:46    4E1EB63343A6840FF60F744B26ABFB0C    35840    ----a-w-    C:\Windows\SysWOW64\bthudtask.exe
2014-11-24 02:37:46    3F4811D92D68006E636245486A8D92B9    101888    ----a-w-    C:\Windows\System32\BitLockerWizard.exe
2014-11-24 02:37:46    370662416C82F0380E19417148012B96    13312    ----a-w-    C:\Windows\System32\efsui.exe
2014-11-24 02:37:46    2F2FFD789E57A77E0869E5E321602D13    17408    ----a-w-    C:\Windows\System32\TRACERT.EXE
2014-11-24 02:37:46    267712E870F1CFD13BB4602BC0E53667    8704    ----a-w-    C:\Windows\SysWOW64\instnm.exe
2014-11-24 02:37:46    159AA669E388C20271A648B885D72735    10240    ----a-w-    C:\Windows\System32\systray.exe
2014-11-24 02:37:46    1112970566CA785571CBB0399E61CECB    19968    ----a-w-    C:\Windows\System32\diskperf.exe
2014-11-24 02:37:46    0CFB9E2EDFB29B3C9C71D7C703D09457    23552    ----a-w-    C:\Windows\System32\qappsrv.exe
2014-11-24 02:37:45    7A604B7D284C6B05B7E34A5AB90CE261    4096    ----a-w-    C:\Windows\SysWOW64\user.exe
2014-11-24 02:31:44    4FFC29DE21D11466619C2A3BA58193EC    46437456    ----a-w-    C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\39.0.2171.65\39.0.2171.65_chrome64_installer.exe
2014-11-24 02:31:38    F172AD4E906D97ED8F071896FC6789DC    107912    ----atw-    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
2014-11-24 02:31:38    EBD60B47CC1A0FE455A3E218392CAFD1    880784    ----a-w-    C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleUpdateSetup.exe
2014-11-24 02:31:38    5B4ED5734945619EE3BCDB9825D2F526    51080    ----atw-    C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleUpdateOnDemand.exe
2014-11-24 02:31:38    06036279056145E0F08FC095CB789E6A    51080    ----atw-    C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleUpdateBroker.exe
2014-11-24 02:31:37    F172AD4E906D97ED8F071896FC6789DC    107912    ----atw-    C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleUpdate.exe
2014-11-24 02:31:37    EDD3E562684CB4C50704B471BEAB1F86    114568    ----atw-    C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleUpdateComRegisterShell64.exe
2014-11-24 02:31:37    CB8C1CC4F46FBAC78150754D77460C73    230792    ----atw-    C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
2014-11-24 02:31:37    7161E8E31B7FD3B1CE083C2CA5FD5F44    285064    ----atw-    C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
2014-11-24 02:17:17    FD7C8FAC461BED1FEEB808E477D884D4    716800    ----a-w-    C:\Windows\System32\ie4uinit.exe
2014-11-24 02:17:16    5F1B1148C830C0F149A476A58CE0D09D    815248    ----a-w-    C:\Program Files (x86)\Internet Explorer\iexplore.exe
2014-11-24 02:17:15    5AC6DB399DE418E3955F0CA4567BDD37    813712    ----a-w-    C:\Program Files\Internet Explorer\iexplore.exe
2014-11-24 02:17:13    E40D3696BE4852956669C285038B37A6    114688    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2014-11-24 02:17:11    ED5A4451A1A2777C6C5DB4238FD09078    115712    ----a-w-    C:\Windows\SysWOW64\ieUnatt.exe
2014-11-24 02:17:11    A66A88FFE53BBB9DDAACE0110A8232EC    137728    ----a-w-    C:\Windows\SysWOW64\wextract.exe
2014-11-24 02:17:11    8D7C6EE90630126F79275BAC5FE16E51    468992    ----a-w-    C:\Program Files (x86)\Internet Explorer\ieinstal.exe
2014-11-24 02:17:11    8CFC152DF5D4FCFD621EF3E231999D03    484352    ----a-w-    C:\Program Files\Internet Explorer\ieinstal.exe
2014-11-24 02:17:11    1C3C54FA2D620DF3093F356A56EC5957    144384    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-11-24 02:17:11    159199095C9959BE75E61C0FF947708F    152064    ----a-w-    C:\Windows\SysWOW64\iexpress.exe
2014-11-24 02:17:10    CFB15ED916904B30D32DFDE29B67CDCC    25600    ----a-w-    C:\Program Files (x86)\Internet Explorer\ExtExport.exe
2014-11-24 02:17:10    CC5C5634FA72689449B4BF7960AC1AD5    222720    ----a-w-    C:\Program Files\Internet Explorer\ielowutil.exe
2014-11-24 02:17:10    CA2F3153EF3BCB0BD3A8984C933DF604    167424    ----a-w-    C:\Windows\System32\iexpress.exe
2014-11-24 02:17:10    A3871DED5ED88F59C0D1396761708F81    13824    ----a-w-    C:\Windows\System32\mshta.exe
2014-11-24 02:17:10    6A16741182E4C1E83636053C81CE344E    221184    ----a-w-    C:\Program Files (x86)\Internet Explorer\ielowutil.exe
2014-11-24 02:17:10    66585D645C4E23A0FD5124BD714AE020    12800    ----a-w-    C:\Windows\System32\msfeedssync.exe
2014-11-24 02:17:10    4B9C652BD0FD95A9E6123913C35519D6    143872    ----a-w-    C:\Windows\System32\wextract.exe
2014-11-24 02:17:10    3FA76B67F25D84B3C2A4E8A8C0919E6E    12800    ----a-w-    C:\Windows\SysWOW64\mshta.exe
2014-11-24 02:17:10    1BD4CD20A25B4A3A5F7BAAC25E9D9202    11264    ----a-w-    C:\Windows\SysWOW64\msfeedssync.exe
2014-11-24 02:16:58    C8EDE9D9CBD1D834F54ADADC2FB9F512    1394504    ----a-w-    C:\Windows\Camera\Camera.exe
2014-11-24 02:16:58    A9D94877A84A09094755163C193C8791    88064    ----a-w-    C:\Windows\System32\BulkOperationHost.exe
2014-11-24 02:16:58    6D5A2F8ADCDBDF8CA08F7B1AE3D76790    356312    ----a-w-    C:\Windows\FileManager\PhotosApp.exe
2014-11-24 02:16:58    4AA530F8F464D176D731F734A8CB1850    94464    ----a-w-    C:\Windows\FileManager\FileManager.exe
2014-11-24 02:16:58    0D9034D11AF1EA342FE46A331DAE7956    1154048    ----a-w-    C:\Windows\System32\SkyDrive.exe
2014-11-24 01:54:23    AC6346CC72CFB461F122A6CB7EE37DD6    997776    ----a-w-    C:\Program Files (x86)\Intel\Intel® Processor Graphics\uninstall\Setup.exe
2014-11-24 01:54:23    45304967A5F95E7972F8FC32A0D3DCE1    155536    ----a-w-    C:\Program Files (x86)\Intel\Intel® Processor Graphics\uninstall\x64\Drv64.exe


=== C: other files ==
2014-11-26 00:28:37    975F2CAA23B9CF4420EAB6439BE4D233    37624    ----a-w-    C:\Windows\System32\drivers\TrueSight.sys
2014-11-24 21:36:34    8E98D21EE06192492A5671A6144D092F    33240    -c--a-w-    C:\Windows\System32\DRVSTORE\GEARAspiWD_53DFBC3344EBC2614851E0BF38F60B616DF86778\x64\GEARAspiWDM.sys
2014-11-24 21:36:34    8E98D21EE06192492A5671A6144D092F    33240    ----a-w-    C:\Windows\System32\drivers\GEARAspiWDM.sys
2014-11-24 08:34:51    26C43960C99EE861A5D0EDC4DCF3B1C3    129752    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-11-24 08:34:43    D3311B31C470E7681B14D9B014CBF9ED    93400    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2014-11-24 08:34:43    D1F2D4DF0A5D3B700794E26356A55B44    64216    ----a-w-    C:\Windows\System32\drivers\mwac.sys
2014-11-24 08:34:43    5C3669B71657F22E67A1D4BD49D2CBE7    25816    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2014-11-24 06:43:00    A1B1BC6A14B437C82AC830116979E9F6    979699    ----a-w-    C:\Users\xtre\AppData\Roaming\Mozilla\Firefox\Profiles\uybytwoe.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
2014-11-24 04:45:11    D23399622ED6692BF6AA1D30322345FC    359128    ----a-w-    C:\Windows\System32\drivers\RtsPStor.sys
2014-11-24 04:45:11    D23399622ED6692BF6AA1D30322345FC    359128    ----a-w-    C:\Program Files (x86)\Realtek\Realtek Card Reader\RtsPStor.sys
2014-11-24 04:45:11    B0B2C5F4D0A41FAAE7F2DD51C889CC13    331992    ----a-w-    C:\Windows\System32\drivers\RtsUVStor.sys
2014-11-24 04:45:11    B0B2C5F4D0A41FAAE7F2DD51C889CC13    331992    ----a-w-    C:\Program Files (x86)\Realtek\Realtek Card Reader\RtsUVStor.sys
2014-11-24 04:45:11    A5A0BBC875A1E50E29ED02E21A8FA13E    313048    ----a-w-    C:\Windows\System32\drivers\RtsBaStor.sys
2014-11-24 04:45:11    A5A0BBC875A1E50E29ED02E21A8FA13E    313048    ----a-w-    C:\Program Files (x86)\Realtek\Realtek Card Reader\RtsBaStor.sys
2014-11-24 04:45:11    9E4206B7274B0A85527394643281C10D    465624    ----a-w-    C:\Windows\System32\drivers\RtsPer.sys
2014-11-24 04:45:11    9E4206B7274B0A85527394643281C10D    465624    ----a-w-    C:\Program Files (x86)\Realtek\Realtek Card Reader\RtsPer.sys
2014-11-24 04:45:11    6A940599A059C6C9D6E54D7A3EF356B8    291544    ----a-w-    C:\Windows\System32\drivers\RtsP2Stor.sys
2014-11-24 04:45:11    6A940599A059C6C9D6E54D7A3EF356B8    291544    ----a-w-    C:\Program Files (x86)\Realtek\Realtek Card Reader\RtsP2Stor.sys
2014-11-24 04:45:11    14182642967B8751F3717E94FC90DF48    271064    ----a-w-    C:\Windows\System32\drivers\RtsUStor.sys
2014-11-24 04:45:11    14182642967B8751F3717E94FC90DF48    271064    ----a-w-    C:\Program Files (x86)\Realtek\Realtek Card Reader\RtsUStor.sys
2014-11-24 04:15:50    D65DBBAD177325E3EE2B7BC8FE5EB1D0    247480    ----a-w-    C:\Windows\System32\drivers\klhk.sys
2014-11-24 03:56:03    A03F362C5557E238CBFA914689C77248    134144    ----a-w-    C:\Windows\System32\drivers\dfsc.sys
2014-11-24 03:55:58    179A41249055D5F039F1B6703F3B6D2B    376152    ----a-w-    C:\Windows\System32\drivers\clfs.sys
2014-11-24 03:55:56    ABB7341766902F5AAB45E15F34D19E15    111616    ----a-w-    C:\Windows\System32\drivers\hidclass.sys
2014-11-24 03:55:56    8DB8EAB9D0C6A5DF0BDCADEA239220B4    33280    ----a-w-    C:\Windows\System32\drivers\hidusb.sys
2014-11-24 03:55:56    41CF802064F72E55F50CA0A221FD36D4    49152    ----a-w-    C:\Windows\System32\drivers\tcpipreg.sys
2014-11-24 03:55:56    3E28B99198B514DFEB152EACF913025E    283648    ----a-w-    C:\Windows\System32\drivers\mrxsmb10.sys
2014-11-24 03:55:56    1D55DADC22D21883A2F80297F5A5AE48    140288    ----a-w-    C:\Windows\System32\drivers\mrxdav.sys
2014-11-24 03:55:45    DE8D12B4C3F55FA2C5E9774314F6C58A    258368    ----a-w-    C:\Windows\System32\drivers\WdFilter.sys
2014-11-24 03:55:45    4AD874CDC812EC156265E451B6B09DAB    114496    ----a-w-    C:\Windows\System32\drivers\WdNisDrv.sys
2014-11-24 03:55:45    0359607177E5E9F6041136CC0A5CB0B6    35320    ----a-w-    C:\Windows\System32\drivers\WdBoot.sys
2014-11-24 03:24:09    65ED7B9CFEA893DF7748D5FF692690DE    38912    ----a-w-    C:\Windows\System32\drivers\vwifimp.sys
2014-11-24 03:24:08    35BF5C5F5E3C9902C98978C7640574DA    71680    ----a-w-    C:\Windows\System32\drivers\vwififlt.sys
2014-11-24 03:18:21    CB136B267569A62EF63D798BC90ABD5A    144    ----a-w-    C:\Windows\System32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2014-11-24 02:54:57    9F45771914360A925252A1B7226EC7EC    451    ----a-w-    C:\Windows\System32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2014-11-24 02:41:15    008F7CED69FD5B30CBDE1E03C6F36A27    445440    ----a-w-    C:\Windows\System32\drivers\nwifi.sys
2014-11-24 02:41:14    D047CD668E6277FD80F0C613946F034C    246272    ----a-w-    C:\Windows\System32\drivers\srvnet.sys
2014-11-24 02:41:14    982B9495F70FEEA269C48F18E960EFDE    389952    ----a-w-    C:\Windows\System32\drivers\dxgmms1.sys
2014-11-24 02:41:13    FAA564A13576F9284546BF016D27B551    467776    ----a-w-    C:\Windows\System32\drivers\USBHUB3.SYS
2014-11-24 02:41:13    E1BB0B6F00F470B451AB45EA13EBA0B3    1552704    ----a-w-    C:\Windows\System32\drivers\dxgkrnl.sys
2014-11-24 02:41:13    D24B1945ED1F9C96DA786DBBF1E983CE    415040    ----a-w-    C:\Windows\System32\drivers\spaceport.sys
2014-11-24 02:41:13    BAB713B409258DB7B5D9F9693F802B0E    136512    ----a-w-    C:\Windows\System32\drivers\wfplwfs.sys
2014-11-24 02:41:13    65454187E0F8B6C0DCECB0287D06EC43    14144    ----a-w-    C:\Windows\System32\drivers\swenum.sys
2014-11-24 02:41:13    31233271EDE50D1BBB220F78AFA60486    405504    ----a-w-    C:\Windows\System32\drivers\mrxsmb.sys
2014-11-24 02:41:13    13EFD41E351F31E087283CF66C29A25E    373568    ----a-w-    C:\Windows\System32\drivers\storport.sys
2014-11-24 02:41:13    00D8AC8E3053290BDE6EA2FB6810D2FC    678400    ----a-w-    C:\Windows\System32\drivers\srv2.sys
2014-11-24 02:41:13    00C594D5A1DBD22AD8B2902B9F6EFF94    14528    ----a-w-    C:\Windows\System32\drivers\drmkaud.sys
2014-11-24 02:41:11    B31C4917EC5EADE24A90DDAF37EA00E0    4182016    ----a-w-    C:\Windows\System32\win32k.sys
2014-11-24 02:41:08    468273F7089A3A33D149955F0F203FA4    2485056    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2014-11-24 02:41:05    7F68063A5A0461E02BC860CE0E6BFDDC    2025792    ----a-w-    C:\Windows\System32\drivers\ntfs.sys
2014-11-24 02:40:04    CA3F19E4B0765135B0F3C99384C535B9    177472    ----a-w-    C:\Windows\System32\drivers\ksecpkg.sys
2014-11-24 02:40:04    114AAF528D3D87D306F3682E618E8091    563976    ----a-w-    C:\Windows\System32\drivers\cng.sys
2014-11-24 02:39:53    21FE65E2E67C4E31EE95CBD1F91C4B24    1114432    ----a-w-    C:\Windows\System32\drivers\ndis.sys
2014-11-24 02:39:48    6416E79A58A8FCC33A447A4DDDD3BF04    412160    ----a-w-    C:\Windows\System32\drivers\srv.sys
2014-11-24 02:39:46    E796AE43DDD1844281DB4D57294D17C0    533824    ----a-w-    C:\Windows\System32\drivers\acpi.sys
2014-11-24 02:39:46    E3FCE2A6B3533D99A3B498504DF9CC47    474432    ----a-w-    C:\Windows\System32\drivers\netio.sys
2014-11-24 02:39:45    6276AC2AA203CF47811F6EFBBD214FBF    202752    ----a-w-    C:\Windows\System32\drivers\mrxsmb20.sys
2014-11-24 02:39:35    FEF0BC107812B36849741C3211BA6B60    419648    ----a-w-    C:\Windows\System32\drivers\usbhub.sys
2014-11-24 02:39:33    C06E8481E068F170A258441639AC5792    551232    ----a-w-    C:\Windows\System32\drivers\vhdmp.sys
2014-11-24 02:39:33    A2468CC3509394A33C4C32F99563D845    54784    ----a-w-    C:\Windows\System32\drivers\wpcfltr.sys
2014-11-24 02:39:26    F152D55E497E12256290C43B31C7D0CE    589656    ----a-w-    C:\Windows\System32\drivers\fvevol.sys
2014-11-24 02:39:26    9DBC32A45CFA67074432D2AF6C2832B6    559104    ----a-w-    C:\Windows\System32\drivers\csc.sys
2014-11-24 02:39:24    FE0ADF5028EB8C1339B66B3AEDE3FEF9    440664    ----a-w-    C:\Windows\System32\drivers\usbport.sys
2014-11-24 02:39:21    2787A73C848128C950385CB3A63A6B91    337728    ----a-w-    C:\Windows\System32\drivers\Classpnp.sys
2014-11-24 02:39:19    374E27295F0A9DCAA8FC96370F9BEEA5    563200    ----a-w-    C:\Windows\System32\drivers\afd.sys
2014-11-24 02:39:16    C1FB505A73FA2E9019D32444AB33B75A    354112    ----a-w-    C:\Windows\System32\drivers\fltMgr.sys
2014-11-24 02:39:12    FF78D053A05E5A394F4E3C1816CC65A8    143680    ----a-w-    C:\Windows\System32\drivers\usbccgp.sys
2014-11-24 02:39:12    64CA2B4A49A8EAF495E435623ECCE7DB    310080    ----a-w-    C:\Windows\System32\drivers\volsnap.sys
2014-11-24 02:39:11    1DD05F4857C2188744B9E864658949DD    295424    ----a-w-    C:\Windows\System32\drivers\ks.sys
2014-11-24 02:39:04    D90AB68D0FAC9F357F663670FDBB511E    275800    ----a-w-    C:\Windows\System32\drivers\msiscsi.sys
2014-11-24 02:39:03    7B7C482CF48E6EE33664340D1A78E6FE    238912    ----a-w-    C:\Windows\System32\drivers\sdbus.sys
2014-11-24 02:38:57    D7B4859227B02BCC1055B279A63C937F    226304    ----a-w-    C:\Windows\System32\drivers\WUDFRd.sys
2014-11-24 02:38:55    C76097CA941FA7CAFEDB1E557969025C    272384    ----a-w-    C:\Windows\System32\drivers\portcls.sys
2014-11-24 02:38:52    D4B7ED39C7900384D9E5C1283F1E7926    76800    ----a-w-    C:\Windows\System32\drivers\hdaudbus.sys
2014-11-24 02:38:48    4E829B18D5BAEC29893792A3C671A847    100672    ----a-w-    C:\Windows\System32\drivers\ksecdd.sys
2014-11-24 02:38:47    B02118A776C368F7EE1A8CC81378D265    153920    ----a-w-    C:\Windows\System32\drivers\dumpsd.sys
2014-11-24 02:38:47    66732C13628BDB1AB0D6FD46027327C2    148800    ----a-w-    C:\Windows\System32\drivers\USBSTOR.SYS
2014-11-24 02:38:44    BAFF6122CFC9F95CA175AD8C348179A4    88896    ----a-w-    C:\Windows\System32\drivers\partmgr.sys
2014-11-24 02:38:43    E8FFD8BE3C50E7A71C5FBB87BDD1128E    96768    ----a-w-    C:\Windows\System32\drivers\agilevpn.sys
2014-11-24 02:38:42    48BA326A3DBA5B5BEB5F2777F4618696    89944    ----a-w-    C:\Windows\System32\drivers\usbehci.sys
2014-11-24 02:38:42    481286719402E4BAEFEA0604AB1B5113    113664    ----a-w-    C:\Windows\System32\drivers\WUDFPf.sys
2014-11-24 02:38:39    41F631007A158FEBB67F0E2AD1601BBA    93696    ----a-w-    C:\Windows\System32\drivers\rassstp.sys
2014-11-24 02:38:37    FC0141B4A5AD6D637D883C1A89FC45C5    151040    ----a-w-    C:\Windows\System32\drivers\pacer.sys
2014-11-24 02:38:37    D1D82F007A079A4D623DBD1F36EF30A1    102208    ----a-w-    C:\Windows\System32\drivers\mountmgr.sys
2014-11-24 02:38:36    F00B189ECA74DDF408AD934ADDC72477    89088    ----a-w-    C:\Windows\System32\drivers\drmk.sys
2014-11-24 02:38:36    91ED124E261EA8FAA1C0FFDF2A71B0C4    280384    ----a-w-    C:\Windows\System32\drivers\pci.sys
2014-11-24 02:38:35    A7C31B168F371E8E6796219F23E354DB    61248    ----a-w-    C:\Windows\System32\drivers\fsdepends.sys
2014-11-24 02:38:35    A1D4D34A56DF1D5122CDB265038A2E72    59712    ----a-w-    C:\Windows\System32\drivers\kbdclass.sys
2014-11-24 02:38:33    BF8205666BA2F9C2ABFA821DB8230C12    428864    ----a-w-    C:\Windows\System32\drivers\FWPKCLNT.SYS
2014-11-24 02:38:32    A53E798C06D729CCF8459968B4372F6E    89368    ----a-w-    C:\Windows\System32\drivers\vmbkmcl.sys
2014-11-24 02:38:32    064260B3A5868AC894A4943543BC7AB7    37376    ----a-w-    C:\Windows\System32\drivers\usbuhci.sys
2014-11-24 02:38:31    B783698AA88D5370E579A2D8EA671CAC    42496    ----a-w-    C:\Windows\SysWOW64\format.com
2014-11-24 02:38:30    6505C9E72910F91D4C317EECF22D1DE6    80896    ----a-w-    C:\Windows\System32\drivers\wanarp.sys
2014-11-24 02:38:29    615DFD97DEA56CE1C3A52185A3038FF8    921920    ----a-w-    C:\Windows\System32\drivers\refs.sys
2014-11-24 02:38:28    F3C060444777A59FC63D920719E43CCD    115712    ----a-w-    C:\Windows\System32\drivers\bridge.sys
2014-11-24 02:38:28    9C096BF5E10CA8BFA56F32522A89FAF1    79872    ----a-w-    C:\Windows\System32\drivers\IPMIDrv.sys
2014-11-24 02:38:24    269882812E9A68FFF1AFE1283D428322    126464    ----a-w-    C:\Windows\System32\drivers\NdisImPlatform.sys
2014-11-24 02:38:23    EF31713EE4C7CCFE4049F7E7F15645A2    69952    ----a-w-    C:\Windows\System32\drivers\vpci.sys
2014-11-24 02:38:23    8B9486B64E5FC17FB9CC04CA10B77A34    49944    ----a-w-    C:\Windows\System32\drivers\vmstorfl.sys
2014-11-24 02:38:23    511AD3FF957A0127E6BD336FF6F89C38    97048    ----a-w-    C:\Windows\System32\drivers\vmbus.sys
2014-11-24 02:38:23    10A78656BF6126245631705E45F9B9CF    61208    ----a-w-    C:\Windows\System32\drivers\winhv.sys
2014-11-24 02:38:22    D79920BE4E6683D3AB50F71457A4F6C6    27480    ----a-w-    C:\Windows\System32\drivers\usbd.sys
2014-11-24 02:38:22    A83AB46764678DF88B9E9A02EF6AFAC6    27136    ----a-w-    C:\Windows\SysWOW64\mode.com
2014-11-24 02:38:22    3CF25E594882DEBF96051808D38234DE    27648    ----a-w-    C:\Windows\System32\more.com
2014-11-24 02:38:21    A55899C6D23A2EFAB8F4E26584376AF3    23552    ----a-w-    C:\Windows\SysWOW64\more.com
2014-11-24 02:38:21    0C45B4D69992D1367B5A96A95C0F7BBD    35840    ----a-w-    C:\Windows\System32\format.com
2014-11-24 02:38:20    6FC047578785B0435F4E2660946D1ADC    74240    ----a-w-    C:\Windows\System32\drivers\mpsdrv.sys
2014-11-24 02:38:19    10AA54889BA8837A5AF2D0C060A7EA57    31232    ----a-w-    C:\Windows\System32\mode.com
2014-11-24 02:38:18    1A20F03700D2B2ED775E38D751EF2F63    324928    ----a-w-    C:\Windows\System32\drivers\USBXHCI.SYS
2014-11-24 02:38:16    807F8CF3E973305FC435C61CBBEE2A49    189248    ----a-w-    C:\Windows\System32\drivers\UCX01000.SYS
2014-11-24 02:38:16    38E8F07593B3B0DDFD9B2188E21B9CB2    17408    ----a-w-    C:\Windows\SysWOW64\tree.com
2014-11-24 02:38:16    24A8DFC07E4BAF29AEA26E383D4CC886    86336    ----a-w-    C:\Windows\System32\drivers\pdc.sys
2014-11-24 02:38:16    0E046FF5823B95326D10CF1B4AF23541    39424    ----a-w-    C:\Windows\System32\drivers\nsiproxy.sys
2014-11-24 02:38:15    C23FC129100AE299DA40341DE30C49A2    19968    ----a-w-    C:\Windows\System32\tree.com
2014-11-24 02:38:15    5F66B7BB330AA80067FC66149A692620    33600    ----a-w-    C:\Windows\System32\drivers\wimmount.sys
2014-11-24 02:38:15    2A2F8D5284E59815169A88F1FC9CEE28    51008    ----a-w-    C:\Windows\System32\drivers\mouclass.sys
2014-11-24 02:38:14    BC8A79C625568DDB7DCA49D0C2741A64    27456    ----a-w-    C:\Windows\System32\drivers\rdpvideominiport.sys
2014-11-24 02:38:14    A770340FC02B999EF0DE6C2A6BC8437C    39744    ----a-w-    C:\Windows\System32\drivers\intelpep.sys
2014-11-24 02:38:14    A57A897E3F87B8E9F30A627C42779A76    21824    ----a-w-    C:\Windows\System32\drivers\tbs.sys
2014-11-24 02:38:13    8DF1254093B5C354CE725EB6B9B0DE19    146752    ----a-w-    C:\Windows\System32\drivers\msgpioclx.sys
2014-11-24 02:38:11    E4D0966DFF3FE204B792AB37C1BBA4A8    15360    ----a-w-    C:\Windows\SysWOW64\diskcomp.com
2014-11-24 02:38:11    7FC5667DF73D4B04AA457CC3A4180E09    157016    ----a-w-    C:\Windows\System32\drivers\wof.sys
2014-11-24 02:38:11    1008D9BE138F31C9BB4D29CFDAA678DE    11264    ----a-w-    C:\Windows\SysWOW64\diskcopy.com
2014-11-24 02:38:10    BED2986F179D964734BE1888DE86F64C    15872    ----a-w-    C:\Windows\System32\diskcomp.com
2014-11-24 02:38:02    DDD7F92A83F74D1476B71FBA9530A8DC    72192    ----a-w-    C:\Windows\System32\drivers\ndproxy.sys
2014-11-24 02:37:57    C91D7A9A547CF426D2A28A7ADF8C2172    13824    ----a-w-    C:\Windows\System32\chcp.com
2014-11-24 02:37:57    AC6500BB0B2CCE3BE8E422D4A2FB84AB    12288    ----a-w-    C:\Windows\SysWOW64\chcp.com
2014-11-24 02:37:56    08A49D52123188E146F24DA67ABCE2A6    13312    ----a-w-    C:\Windows\System32\diskcopy.com
2014-11-24 02:37:54    D4DCE03870314D3354F3501F9DDD4123    87040    ----a-w-    C:\Windows\System32\drivers\netvsc63.sys
2014-11-24 02:37:54    415DD71628795197F7AFC176CBADC74E    82944    ----a-w-    C:\Windows\System32\drivers\appid.sys
2014-11-24 02:37:52    42FF4975D032CAE558AE4BB8448F6E5A    48128    ----a-w-    C:\Windows\System32\drivers\netbios.sys
2014-11-24 02:37:46    13BEA6C882D4D877A5A85CA149C86BC1    40960    ----a-w-    C:\Windows\System32\drivers\scfilter.sys
2014-11-24 02:37:45    D887446F3F6051C60C26F4FD1FC8D43F    107520    ----a-w-    C:\Windows\System32\drivers\i8042prt.sys
2014-11-24 02:37:45    D7A41959BB3A8510F1BAC36F5CEC1874    144384    ----a-w-    C:\Windows\System32\drivers\rmcast.sys
2014-11-24 02:37:45    B337B1F1E82A83E20A1743E008E25C0F    17408    ----a-w-    C:\Windows\System32\drivers\rasacd.sys
2014-11-24 02:37:45    9746BA79DE0CA5EB5104406A9ED62D01    11776    ----a-w-    C:\Windows\System32\drivers\rootmdm.sys
2014-11-24 02:37:45    96B01F117057FB4DAE0FF919ACB55770    26112    ----a-w-    C:\Windows\System32\drivers\sermouse.sys
2014-11-24 02:37:45    91223A2AE2955B3E0DA3DB79C3A897A6    30208    ----a-w-    C:\Windows\System32\drivers\mouhid.sys
2014-11-24 02:37:45    8CECC8DA55F3274181FD1EA28AD76664    43008    ----a-w-    C:\Windows\System32\drivers\ndiscap.sys
2014-11-24 02:37:45    83868EB2924E6BC21A54337C65D614D1    47104    ----a-w-    C:\Windows\System32\drivers\qwavedrv.sys
2014-11-24 02:37:45    82821F4EEC776B4CF11695A38F3ABA46    24576    ----a-w-    C:\Windows\System32\drivers\ndistapi.sys
2014-11-24 02:37:45    67343511D80BF3D6D9EEDB5BA8D0B06B    57856    ----a-w-    C:\Windows\System32\drivers\bthhfenum.sys
2014-11-24 02:37:45    51B3AC0560848CD6D65AC2033E293113    66560    ----a-w-    C:\Windows\System32\drivers\mslldp.sys
2014-11-24 02:37:45    4A34D7084B862A92F3ABC4969166B3D3    32256    ----a-w-    C:\Windows\System32\drivers\kbdhid.sys
2014-11-24 02:37:45    3083926D1CC5B56EA0786527B557DD1B    103424    ----a-w-    C:\Windows\System32\drivers\Ndu.sys
2014-11-24 02:37:45    20185BEB7512EDE4EFECDFA148AC9F99    29696    ----a-w-    C:\Windows\System32\drivers\TsUsbGD.sys
2014-11-24 02:37:45    0139248F6B95CF0D837B5B46A2722D40    98304    ----a-w-    C:\Windows\System32\drivers\usbcir.sys

======== System Restore Points ========

RP2: 11/23/2014 6:41:44 PM - Windows Update
RP3: 11/26/2014 10:11:40 AM - zoek.exe restore point

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-21-3634128532-4023606100-3738723690-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
"CyberGhost"="C:\Program Files\CyberGhost 5\CyberGhost.EXE /autostart"
"Akamai NetSession Interface"="C:\Users\xtre\AppData\Local\Akamai\netsession_win.exe"
"IDMan"="C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
"CyberGhost"="C:\Program Files\CyberGhost 5\CyberGhost.EXE /autostart"
"Akamai NetSession Interface"="C:\Users\xtre\AppData\Local\Akamai\netsession_win.exe"
"IDMan"="C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot"

==== Task Scheduler Jobs ======================

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a-------- [Undetermined Task]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [11/23/2014 06:31 PM]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{69EE5CCA-0F62-4D03-86E0-E1338AEF250C}" [C:\Windows\system32\msfeedssync.exe]

==== Folders in C:\PROGRA~3 0-6 Months Old ======================

2014-11-24 01:52:57    --------    d-----w-    C:\PROGRA~3\Skype
2014-11-24 04:15:56    --------    d-----w-    C:\PROGRA~3\Kaspersky Lab
2014-11-24 05:10:00    --------    d-----w-    C:\PROGRA~3\Microsoft Help
2014-11-24 08:34:43    --------    d-----w-    C:\PROGRA~3\Malwarebytes
2014-11-24 21:09:37    --------    d-----w-    C:\PROGRA~3\IDM
2014-11-24 21:35:36    --------    d-----w-    C:\PROGRA~3\Apple
2014-11-24 21:36:13    --------    d-----w-    C:\PROGRA~3\Apple Computer
2014-11-24 21:36:13    --------    d-----w-    C:\PROGRA~3\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-11-26 00:13:20    --------    d-----w-    C:\PROGRA~3\Malwarebytes' Anti-Malware (portable)
2014-11-26 00:28:36    --------    d-----w-    C:\PROGRA~3\RogueKiller


==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"online_banking_69A4E213815F42BD863D889007201D82@kaspersky.com"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com" [11/23/2014 09:28 PM]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"mozilla_cc@internetdownloadmanager.com"="C:\Users\xtre\AppData\Roaming\IDM\idmmzcc5" [11/24/2014 01:09 PM]

==== Firefox Extensions ======================

ProfilePath: C:\Users\xtre\AppData\Roaming\Mozilla\Firefox\Profiles\uybytwoe.default
- Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com
- Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com
- Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com
- IDM CC - C:\Users\xtre\AppData\Roaming\IDM\idmmzcc5
- Undetermined - content_blocker_6418E0D362104DADA084DC312DFA8ABC@kaspersky.com
- Undetermined - virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB@kaspersky.com
- Undetermined - online_banking_69A4E213815F42BD863D889007201D82@kaspersky.com
- Undetermined - mozilla_cc@internetdownloadmanager.com
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\xtre\AppData\Roaming\Mozilla\Firefox\Profiles\uybytwoe.default
67D325B5AEB28E381B84E8DE1A90C7A8    - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll -    Shockwave Flash


==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
jeaohhlajejodfjadcponpnjgkiikocn - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx[10/14/2014 10:47 PM]

Google Slides - xtre\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Google Docs - xtre\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - xtre\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
Google Voice Search Hotword (Beta) - xtre\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
WOT - xtre\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp
YouTube - xtre\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - xtre\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Sheets - xtre\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
IDM Integration Module - xtre\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn
Google Wallet - xtre\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - xtre\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== IE Start and Search Settings ======================

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"

==== Uninstall List x64 ======================

Adobe Flash Player 15 Plugin [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin]
Akamai NetSession Interface [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Akamai]
Apple Application Support [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}]
Apple Mobile Device Support [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}]
Apple Software Update [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}]
Bonjour  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}]
CyberGhost 5 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\CyberGhost 5_is1]
Google Chrome [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome]
Google Update Helper [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}]
iFunbox (v2.9.2421.748), iFunbox DevTeam [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\iFunbox_is1]
Intel® Processor Graphics [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}]
Internet Download Manager [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Internet Download Manager]
iTunes  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}]
Kaspersky Internet Security [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8ED07EBD-22AD-415A-B71E-C1AD86862C2E}]
Kaspersky Internet Security [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\InstallWIX_{8ED07EBD-22AD-415A-B71E-C1AD86862C2E}]
Malwarebytes Anti-Malware version 2.0.3.1025 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes Anti-Malware_is1]
Microsoft Office Professional Plus 2013 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Office15.PROPLUS]
Microsoft Silverlight [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}]
Mozilla Firefox 33.1.1 (x86 en-US) [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 33.1.1 (x86 en-US)]
Realtek Card Reader [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}]
SkypeT 6.22 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}]
TAP-Windows 9.9.2 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\TAP-Windows]
VLC media player [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\VLC media player]
WinRAR 5.20 beta 4 (64-bit) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\WinRAR archiver]

==== HijackThis Entries ======================

F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
O2 - BHO: ContentBlockerBrowserHelperObject - {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: VirtualKeyboardBrowserHelperObject - {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
O2 - BHO: Safe Money Plugin - {E3D96E85-529D-4269-AC6A-97CF9E2221E3} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [CyberGhost] "C:\Program Files\CyberGhost 5\CyberGhost.EXE" /autostart
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\xtre\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~1\Office15\ONBttnIE.dll/105
O9 - Extra button: Virtual Keyboard - {09A10376-994C-4BBF-9121-F50CF7BA237E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://download.windowsupdate.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{AD56FF1D-AD93-4B78-AA8A-3A296CB56AB7}: NameServer = 165.21.100.88,165.21.83.88
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus Service 15.0.1 (AVP15.0.1) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberGhost 5 Client Service (CGVPNCliService) - CyberGhost S.R.L - C:\Program Files\CyberGhost 5\Service.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel® HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\Windows\system32\igfxCUIService.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

==== C:\zoek_backup content ======================

C:\zoek_backup (files=0 folders=0 0 bytes)

==== EOF on Wed 11/26/2014 at 10:17:30.25 ======================
 


Sorry man huge log have to split into multiple



#7 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,896 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:36 AM

Posted 26 November 2014 - 08:27 AM

Please attach the whole log that it is easier to read for me.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#8 MrNobodyx

MrNobodyx
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:36 AM

Posted 27 November 2014 - 07:35 AM

Hi i can't attach the whole log file is too huge



#9 MrNobodyx

MrNobodyx
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:36 AM

Posted 27 November 2014 - 07:36 AM

I can only upload 64++ kb file is 580++kb



#10 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,896 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:36 AM

Posted 27 November 2014 - 10:27 AM

Upload it to Dropbox or any other legit file hoster and give me the download link.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#11 MrNobodyx

MrNobodyx
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:36 AM

Posted 27 November 2014 - 10:56 AM

https://www.dropbox.com/s/bjyywo2inti8bk6/zoek-results.log?dl=0



#12 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,896 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:36 AM

Posted 27 November 2014 - 11:00 AM

Step 1: Adwarecleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1

  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.

Note: The log can also be found in here: C:\AdwCleaner\

Step 2: Malwarebytes

Please download Malwarebytes Anti-Malware to your desktop Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings.JPG

Go back to the Dashboard and select Scan Now

MBAMScan.JPG

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot.JPG

MBAMLog.JPG

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Attach/Post that log

Step 3: Junkware Removal Tool

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step 4: ZOEK Scan

 

Take action to disable your antivirus and antispyware programs, as they may conflict with Zoek.exe
>> Info on how to disable your security applications > http://www.bleepingcomputer.com/forums/topic114351.html

Download 51a612a8b27e2-Zoek.pngzoek.exe to your desktop

  • If Internet Explorer, any other browser, or a security program issues a warning indicating the file is unsafe, please ignore, since it is a false warning.

Using Zoek.exe

  • On the Desktop, double-click Zoek.exe to start the tool.
    Windows Vista, 7 and 8 users right-click the file and select: Run as Administrator.
    Give the program a few seconds to appear.
  • Copy and paste the following script in the code box:
  • Note: This script is written for usage on this system only, do not use it on any other computer even if the problems are similar.
    standardsearch;
    torpigcheck;
    installedprogs;
    uninstall-list;
    srinfo;
  • Click the "Run script" button and wait patiently.
  • When finished the logfile will be opened in notepad.
  • If a reboot is needed the logfile will be opened after reboot.
  • The zoek-results.log can also be found on your systemdrive.
  • Please post the logfile for further review in your next comment.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#13 MrNobodyx

MrNobodyx
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:36 AM

Posted 27 November 2014 - 11:40 AM

https://www.dropbox.com/s/rbj77cyvnqo43xb/LOGS.zip?dl=0

 

How do i remove JRT.exe and RKill from my PC cleanly?



#14 MrNobodyx

MrNobodyx
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:36 AM

Posted 27 November 2014 - 11:55 AM

To remove Junkware Removal Tool and Rkill do i remove the following folders?

C:\Users\xtre\AppData\Local\Temp\jrt\erunt

C:\Windows\ERUNT\JRT

C:\Windows\Prefetch\JRT.EXE-90596A48.pf

C:\Users\xtre\Desktop\JRT.exe

C:\Windows\Prefetch\RKILL.EXE-03FC1546.pf

C:\Users\xtre\Desktop\Rkill.exe

 

What About THE Registry?



#15 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,896 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:36 AM

Posted 27 November 2014 - 12:15 PM

We will remove the tools at the end.

Please download FRST (by Farbar) from the link below and save it to your Desktop.

Download Mirror #1

If you are unsure whether you have 32-Bit or 64-Bit Windows, see here
  • Disable all anti-virus and anti-malware software to prevent them inhibiting FRST in any way. If you are unsure how to do this, see THIS.
  • Double-click FRST.exe/FRST64.exe (depending on which version you downloaded) to run it. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • When the disclaimer appears, click Yes.
  • Click Scan to start FRST.
  • When FRST finishes scanning, two logs, FRST.txt and Addition.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users