Inactive [A] Sirefef virus

[Icmc13]

My antivirus is flagging my services.exe file as a possible sirefef Trojan but "barely passes inspection". My antivirus software is Trend Micro Office Scan. I've already ran the frst scan and here's the results. Thanks for taking the time to help me, and I hope you're having a good night!

Scan result of Farbar Recovery Scan Tool Version: 11-07-2012
Ran by Ian at 11-07-2012 23:36:06
Running from E:\
Service Pack 1 (X64) OS Language: English(US)
Attention: Could not load system hive.ERROR: The process cannot access the file because it is being used by another process.

ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNTION PROPERLY.


============ One Month Created Files and Folders ==============

2012-07-11 23:30 - 2012-07-11 23:30 - 01434551 ____A (Farbar) C:\Users\Ian\Downloads\FRST64.exe
2012-07-11 12:34 - 2012-07-11 12:34 - 00002767 ____A C:\Users\Public\Desktop\SyncUP.lnk
2012-07-11 03:03 - 2012-06-11 23:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-11 03:00 - 2012-06-02 08:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-11 03:00 - 2012-06-02 08:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-11 03:00 - 2012-06-02 08:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-11 03:00 - 2012-06-02 08:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-11 03:00 - 2012-06-02 08:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-11 03:00 - 2012-06-02 08:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-11 03:00 - 2012-06-02 08:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-11 03:00 - 2012-06-02 08:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-11 03:00 - 2012-06-02 08:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-11 03:00 - 2012-06-02 08:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-11 03:00 - 2012-06-02 07:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-11 03:00 - 2012-06-02 07:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-11 03:00 - 2012-06-02 07:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-11 03:00 - 2012-06-02 07:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-11 03:00 - 2012-06-02 05:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-07-11 03:00 - 2012-06-02 04:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-07-11 03:00 - 2012-06-02 04:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-07-11 03:00 - 2012-06-02 04:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-07-11 03:00 - 2012-06-02 04:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-07-11 03:00 - 2012-06-02 04:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-07-11 03:00 - 2012-06-02 04:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-07-11 03:00 - 2012-06-02 04:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-07-11 03:00 - 2012-06-02 04:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-07-11 03:00 - 2012-06-02 04:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-07-11 03:00 - 2012-06-02 04:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-07-11 03:00 - 2012-06-02 04:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-07-11 03:00 - 2012-06-02 04:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-07-11 03:00 - 2012-06-02 04:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-07-10 18:00 - 2012-07-10 18:00 - 02013336 ____A C:\Users\Ian\Downloads\MapleStoryDownloader.exe
2012-07-10 16:37 - 2012-07-11 03:56 - 00129024 ____A C:\Windows\RegBootClean64.exe
2012-07-10 16:37 - 2012-07-11 03:56 - 00102400 ____A C:\Windows\RegBootClean.exe
2012-07-10 16:29 - 2012-06-06 02:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-10 16:29 - 2012-06-06 02:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-10 16:29 - 2012-06-06 01:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-07-10 16:29 - 2012-06-06 01:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-07-10 16:29 - 2010-06-25 23:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2012-07-10 16:29 - 2010-06-25 23:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2012-07-10 16:28 - 2012-06-09 01:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-10 16:28 - 2012-06-09 00:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-07-10 16:28 - 2012-06-02 01:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-07-10 16:28 - 2012-06-02 01:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-07-10 16:28 - 2012-06-02 01:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-10 16:28 - 2012-06-02 01:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-10 16:28 - 2012-06-02 01:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-10 16:28 - 2012-06-02 00:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-07-10 16:28 - 2012-06-02 00:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-07-10 16:28 - 2012-06-02 00:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-07-10 16:28 - 2012-06-02 00:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-07-10 16:17 - 2012-06-06 02:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-07-10 16:17 - 2012-06-06 01:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-07-10 16:13 - 2012-07-10 16:13 - 00000000 ____D C:\Program Files (x86)\Oracle
2012-07-10 16:13 - 2012-05-04 19:29 - 00227720 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-07-10 16:12 - 2012-07-10 16:12 - 00002954 ____A C:\Windows\SysWOW64\jupdate-1.7.0_05-b05.log
2012-07-10 16:12 - 2012-05-15 19:06 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-07-10 16:12 - 2012-05-15 19:06 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-07-10 16:06 - 2012-07-10 16:06 - 00002021 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2012-07-10 15:10 - 2012-07-10 15:10 - 00183660 ____A C:\Users\Ian\AppData\Local\census.cache
2012-07-10 15:10 - 2012-07-10 15:10 - 00093597 ____A C:\Users\Ian\AppData\Local\ars.cache
2012-07-10 14:57 - 2012-07-10 15:05 - 00000036 ____A C:\Users\Ian\AppData\Local\housecall.guid.cache
2012-07-05 22:50 - 2012-07-05 22:50 - 00000000 ____D C:\Users\Ian\Documents\Slender v0.9.1
2012-07-04 20:14 - 2012-07-04 20:14 - 00000000 ____A C:\Windows\System32\diagnostic.log
2012-07-04 20:11 - 2012-07-10 16:37 - 00000000 ____D C:\TMQuarantine
2012-07-04 20:11 - 2012-07-10 16:03 - 00017588 ____A C:\Windows\cfgall.ini
2012-07-04 00:30 - 2012-07-10 00:15 - 00000222 ____A C:\Users\Ian\Documents\Grad Schools.txt
2012-06-28 00:32 - 2012-06-28 00:32 - 00000000 ___RD C:\Users\Ian\Desktop\MySyncUPFiles
2012-06-28 00:05 - 2012-06-28 00:05 - 00000000 ____D C:\Program Files (x86)\Dell Digital Delivery
2012-06-28 00:04 - 2012-06-28 00:04 - 00000109 ____A C:\Windows\TMFilter.log
2012-06-27 16:28 - 2012-07-11 04:19 - 00110624 ____A C:\Windows\SysWOW64\TmInstall.log
2012-06-27 16:28 - 2012-07-11 04:19 - 00063530 ____A C:\Windows\System32\TmInstall.log
2012-06-27 16:28 - 2012-06-27 16:28 - 00000000 ____D C:\Windows\System32\log
2012-06-27 16:27 - 2012-06-27 16:27 - 00000000 ____D C:\Program Files (x86)\Trend Micro
2012-06-27 16:23 - 2012-06-27 16:27 - 00000047 ____A C:\Users\Ian\Downloads\OFCNTINST.LOG
2012-06-27 16:23 - 2012-06-27 16:23 - 00000000 ____D C:\Users\Ian\AppData\Local\Trend Micro
2012-06-25 00:51 - 2012-06-25 00:51 - 00000000 ____D C:\Users\Ian\AppData\Local\Nero_AG
2012-06-25 00:50 - 2012-07-11 23:26 - 00000000 ____D C:\Users\Ian\AppData\Local\Nero
2012-06-25 00:50 - 2012-06-25 00:50 - 00000000 ____D C:\Users\Ian\AppData\Roaming\Nero
2012-06-23 02:03 - 2012-06-23 02:03 - 00000000 ____D C:\Users\Ian\AppData\Local\Macromedia
2012-06-22 13:31 - 2012-06-22 13:31 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-21 10:53 - 2012-06-02 18:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-21 10:53 - 2012-06-02 18:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-21 10:53 - 2012-06-02 18:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-21 10:53 - 2012-06-02 18:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-21 10:53 - 2012-06-02 18:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-21 10:53 - 2012-06-02 18:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-21 10:53 - 2012-06-02 18:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-21 10:53 - 2012-06-02 15:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-21 10:53 - 2012-06-02 15:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-20 17:13 - 2012-06-20 17:13 - 00000000 ____D C:\Users\Ian\Documents\Wizards of the Coast
2012-06-20 17:11 - 2008-10-15 06:22 - 05631312 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_40.dll
2012-06-20 17:11 - 2008-10-15 06:22 - 02605920 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_40.dll
2012-06-20 17:11 - 2008-10-15 06:22 - 02036576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2012-06-20 16:26 - 2012-06-20 16:26 - 00000221 ____A C:\Users\Ian\Desktop\Magic The Gathering - Duels of the Planeswalkers 2013 Demo.url
2012-06-20 16:22 - 2012-07-11 04:21 - 00000000 ____D C:\Program Files (x86)\Steam
2012-06-20 15:42 - 2012-06-20 15:42 - 00006188 ____A C:\Users\Ian\Desktop\pso2launcher - Shortcut.lnk
2012-06-20 01:47 - 2012-06-26 18:48 - 00000000 ____D C:\Users\Ian\AppData\Local\Microsoft Games
2012-06-16 11:04 - 2012-06-16 11:04 - 00000000 ____D C:\Users\Ian\AppData\Roaming\Leadertech
2012-06-16 11:03 - 2012-06-16 11:03 - 00000000 ____D C:\Program Files\Common Files\EPSON
2012-06-16 11:03 - 2007-09-07 17:33 - 00135168 ____A (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\EEBAPI.dll
2012-06-16 11:03 - 2007-03-28 18:26 - 00065536 ____A (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\EEBUtil.dll
2012-06-16 11:03 - 2006-12-19 18:31 - 00110592 ____A (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\EEBDSCVR.dll
2012-06-16 11:03 - 2006-12-19 18:20 - 00077824 ____A (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\EBAPI.dll
2012-06-16 11:03 - 2003-12-17 01:01 - 00055808 ____A (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\EEBSDKIF.dll
2012-06-16 10:59 - 2012-06-27 23:56 - 00000000 ____D C:\Users\Ian\AppData\Roaming\Epson
2012-06-16 10:59 - 2009-08-20 01:00 - 00000119 ____A C:\Windows\SysWOW64\epson.sep
2012-06-16 10:58 - 2012-06-16 10:58 - 00000000 ____D C:\Program Files\EpsonNet
2012-06-16 10:58 - 2012-06-16 10:58 - 00000000 ____D C:\Program Files (x86)\EpsonNet
2012-06-16 10:58 - 2010-09-13 15:01 - 00538112 ____A (SEIKO EPSON CORPORATION) C:\Windows\System32\ensppui.dll
2012-06-16 10:58 - 2010-09-13 15:01 - 00538112 ____A (SEIKO EPSON CORPORATION) C:\Windows\System32\enppui.dll
2012-06-16 10:58 - 2010-09-13 15:00 - 00558592 ____A (SEIKO EPSON CORPORATION) C:\Windows\System32\ensppmon.dll
2012-06-16 10:58 - 2010-09-13 15:00 - 00558592 ____A (SEIKO EPSON CORPORATION) C:\Windows\System32\enppmon.dll
2012-06-16 10:58 - 2008-06-18 11:49 - 00250880 ____A (SEIKO EPSON CORPORATION) C:\Windows\System32\enspres.dll
2012-06-16 10:58 - 2008-06-18 11:49 - 00250880 ____A (SEIKO EPSON CORPORATION) C:\Windows\System32\enpres.dll
2012-06-16 10:57 - 2012-06-16 11:03 - 00000000 ____D C:\Users\All Users\EPSON
2012-06-16 10:57 - 2012-06-16 10:57 - 00000000 ____D C:\Users\Ian\AppData\Roaming\InstallShield
2012-06-16 10:57 - 2009-09-30 17:01 - 00088064 ____A (SEIKO EPSON CORPORATION) C:\Windows\System32\E_IBCBGIA.DLL
2012-06-16 10:57 - 2008-11-11 15:00 - 00118784 ____A (SEIKO EPSON CORPORATION) C:\Windows\System32\E_ILMGIA.DLL
2012-06-16 10:57 - 2006-10-31 00:10 - 00051360 ____A (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\EpPicPrt.dll
2012-06-16 10:57 - 2006-10-31 00:10 - 00051360 ____A (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\EpPicMgr.dll
2012-06-16 10:57 - 2006-10-31 00:10 - 00000097 ____A C:\Windows\SysWOW64\PICSDK.ini
2012-06-16 10:57 - 2006-10-20 00:10 - 00501912 ____A (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\PICSDK2.dll
2012-06-16 10:57 - 2006-10-20 00:10 - 00108704 ____A (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\PICEntry.dll
2012-06-16 10:57 - 2006-10-20 00:10 - 00080024 ____A (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\PICSDK.dll
2012-06-16 10:57 - 2004-03-03 06:10 - 00073220 ____A C:\Windows\SysWOW64\EPPICPrinterDB.dat
2012-06-16 10:57 - 2004-03-03 06:10 - 00031053 ____A C:\Windows\SysWOW64\EPPICPattern131.dat
2012-06-16 10:57 - 2004-03-03 06:10 - 00029114 ____A C:\Windows\SysWOW64\EPPICPattern1.dat
2012-06-16 10:57 - 2004-03-03 06:10 - 00027417 ____A C:\Windows\SysWOW64\EPPICPattern121.dat
2012-06-16 10:57 - 2004-03-03 06:10 - 00021021 ____A C:\Windows\SysWOW64\EPPICPattern3.dat
2012-06-16 10:57 - 2004-03-03 06:10 - 00015670 ____A C:\Windows\SysWOW64\EPPICPattern5.dat
2012-06-16 10:57 - 2004-03-03 06:10 - 00013280 ____A C:\Windows\SysWOW64\EPPICPattern2.dat
2012-06-16 10:57 - 2004-03-03 06:10 - 00012669 ____A C:\Windows\SysWOW64\EPPICLocal_EN.cfg
2012-06-16 10:57 - 2004-03-03 06:10 - 00010673 ____A C:\Windows\SysWOW64\EPPICPattern4.dat
2012-06-16 10:57 - 2004-03-03 06:10 - 00006478 ____A C:\Windows\SysWOW64\EPPICLocal_PT.cfg
2012-06-16 10:57 - 2004-03-03 06:10 - 00006478 ____A C:\Windows\SysWOW64\EPPICLocal_BP.cfg
2012-06-16 10:57 - 2004-03-03 06:10 - 00006366 ____A C:\Windows\SysWOW64\EPPICLocal_FR.cfg
2012-06-16 10:57 - 2004-03-03 06:10 - 00006366 ____A C:\Windows\SysWOW64\EPPICLocal_CF.cfg
2012-06-16 10:57 - 2004-03-03 06:10 - 00006226 ____A C:\Windows\SysWOW64\EPPICLocal_ES.cfg
2012-06-16 10:57 - 2004-03-03 06:10 - 00004943 ____A C:\Windows\SysWOW64\EPPICPattern6.dat
2012-06-16 10:57 - 2004-03-03 06:10 - 00001140 ____A C:\Windows\SysWOW64\EPPICPresetData_PT.dat
2012-06-16 10:57 - 2004-03-03 06:10 - 00001140 ____A C:\Windows\SysWOW64\EPPICPresetData_BP.dat
2012-06-16 10:57 - 2004-03-03 06:10 - 00001137 ____A C:\Windows\SysWOW64\EPPICPresetData_ES.dat
2012-06-16 10:57 - 2004-03-03 06:10 - 00001130 ____A C:\Windows\SysWOW64\EPPICPresetData_FR.dat
2012-06-16 10:57 - 2004-03-03 06:10 - 00001130 ____A C:\Windows\SysWOW64\EPPICPresetData_CF.dat
2012-06-16 10:57 - 2004-03-03 06:10 - 00001104 ____A C:\Windows\SysWOW64\EPPICPresetData_EN.dat
2012-06-16 10:56 - 2012-06-16 10:59 - 00000000 ____D C:\Program Files (x86)\Epson Software
2012-06-16 10:55 - 2012-06-16 11:04 - 00000000 ____D C:\Program Files (x86)\epson
2012-06-16 10:55 - 2009-11-20 00:00 - 00464384 ____A (Seiko Epson Corporation) C:\Windows\System32\esxw2ud.dll
2012-06-16 10:55 - 2009-05-01 00:00 - 00128392 ____A (Seiko Epson Corporation) C:\Windows\System32\esdevapp.exe
2012-06-16 10:55 - 2009-05-01 00:00 - 00017408 ____A (SEIKO EPSON CORP.) C:\Windows\System32\esxcdev.dll
2012-06-16 10:51 - 2012-06-16 11:04 - 00000089 ____A C:\Windows\EWF520.ini
2012-06-16 09:52 - 2012-06-16 09:52 - 00000000 ____D C:\Program Files\Common Files\INCA Shared
2012-06-16 09:52 - 2012-04-09 16:34 - 03957088 ____A (INCA Internet Co., Ltd.) C:\Windows\SysWOW64\GameMon.des
2012-06-16 09:42 - 2012-06-16 09:42 - 00000000 ____D C:\Users\Ian\Documents\pso2openbetaclient
2012-06-16 09:40 - 2012-06-16 09:41 - 00000000 ____D C:\Users\Ian\AppData\Roaming\WinRAR
2012-06-16 09:40 - 2012-06-16 09:40 - 00000000 ____D C:\Program Files (x86)\WinRAR
2012-06-15 20:31 - 2012-06-16 06:29 - 572685077 ____A C:\Users\Ian\Downloads\pso2openbetaclient.rar
2012-06-15 03:26 - 2012-06-15 03:26 - 00000000 ____D C:\Users\Ian\AppData\Roaming\SEGA
2012-06-12 16:20 - 2012-05-04 07:06 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-06-12 16:20 - 2012-05-04 06:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-06-12 16:20 - 2012-05-04 06:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-06-12 16:20 - 2012-05-01 01:40 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-06-12 16:20 - 2012-04-26 01:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-06-12 16:20 - 2012-04-26 01:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-06-12 16:20 - 2012-04-26 01:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-06-12 16:19 - 2012-04-27 23:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-12 16:19 - 2012-04-24 01:37 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-06-12 16:19 - 2012-04-24 01:37 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-06-12 16:19 - 2012-04-24 01:37 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-06-12 16:19 - 2012-04-24 00:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-06-12 16:19 - 2012-04-24 00:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-06-12 16:19 - 2012-04-24 00:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-06-12 16:19 - 2012-04-07 08:31 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-06-12 16:19 - 2012-04-07 07:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll


============ 3 Months Modified Files ========================

2012-07-11 23:34 - 2012-04-27 13:57 - 01477129 ____A C:\Windows\WindowsUpdate.log
2012-07-11 23:30 - 2012-07-11 23:30 - 01434551 ____A (Farbar) C:\Users\Ian\Downloads\FRST64.exe
2012-07-11 23:29 - 2009-07-14 01:13 - 00811256 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-11 23:26 - 2009-07-14 00:51 - 00038678 ____A C:\Windows\setupact.log
2012-07-11 23:13 - 2012-05-29 22:02 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1321412489-1100581043-3427248746-1000UA.job
2012-07-11 22:56 - 2012-04-27 14:00 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-11 18:56 - 2012-04-27 14:00 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-11 18:56 - 2012-04-27 14:00 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-11 12:39 - 2012-06-01 15:02 - 00000506 ____A C:\Windows\Tasks\SystemToolsDailyTest.job
2012-07-11 12:34 - 2012-07-11 12:34 - 00002767 ____A C:\Users\Public\Desktop\SyncUP.lnk
2012-07-11 12:22 - 2009-07-14 00:45 - 00021296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-11 12:22 - 2009-07-14 00:45 - 00021296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-11 04:19 - 2012-06-27 16:28 - 00110624 ____A C:\Windows\SysWOW64\TmInstall.log
2012-07-11 04:19 - 2012-06-27 16:28 - 00063530 ____A C:\Windows\System32\TmInstall.log
2012-07-11 04:19 - 2009-07-14 01:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-11 04:19 - 2009-07-14 00:45 - 00273200 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-11 04:18 - 2010-11-20 23:47 - 00017278 ____A C:\Windows\PFRO.log
2012-07-11 03:56 - 2012-07-10 16:37 - 00129024 ____A C:\Windows\RegBootClean64.exe
2012-07-11 03:56 - 2012-07-10 16:37 - 00102400 ____A C:\Windows\RegBootClean.exe
2012-07-11 03:01 - 2012-04-27 15:03 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-11 02:13 - 2012-05-29 22:02 - 00000848 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1321412489-1100581043-3427248746-1000Core.job
2012-07-10 19:32 - 2012-05-24 02:54 - 00000204 ____A C:\Users\Public\Desktop\MapleStory.url
2012-07-10 18:00 - 2012-07-10 18:00 - 02013336 ____A C:\Users\Ian\Downloads\MapleStoryDownloader.exe
2012-07-10 16:12 - 2012-07-10 16:12 - 00002954 ____A C:\Windows\SysWOW64\jupdate-1.7.0_05-b05.log
2012-07-10 16:06 - 2012-07-10 16:06 - 00002021 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2012-07-10 16:03 - 2012-07-04 20:11 - 00017588 ____A C:\Windows\cfgall.ini
2012-07-10 15:10 - 2012-07-10 15:10 - 00183660 ____A C:\Users\Ian\AppData\Local\census.cache
2012-07-10 15:10 - 2012-07-10 15:10 - 00093597 ____A C:\Users\Ian\AppData\Local\ars.cache
2012-07-10 15:05 - 2012-07-10 14:57 - 00000036 ____A C:\Users\Ian\AppData\Local\housecall.guid.cache
2012-07-10 00:15 - 2012-07-04 00:30 - 00000222 ____A C:\Users\Ian\Documents\Grad Schools.txt
2012-07-04 20:14 - 2012-07-04 20:14 - 00000000 ____A C:\Windows\System32\diagnostic.log
2012-06-28 00:12 - 2009-07-14 01:08 - 00008896 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-06-28 00:04 - 2012-06-28 00:04 - 00000109 ____A C:\Windows\TMFilter.log
2012-06-27 23:53 - 2012-06-01 15:02 - 00000564 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2012-06-27 16:27 - 2012-06-27 16:23 - 00000047 ____A C:\Users\Ian\Downloads\OFCNTINST.LOG
2012-06-27 16:26 - 2012-04-27 16:12 - 00001945 ____A C:\Windows\epplauncher.mif
2012-06-20 17:11 - 2012-04-27 14:23 - 00027395 ____A C:\Windows\DirectX.log
2012-06-20 16:26 - 2012-06-20 16:26 - 00000221 ____A C:\Users\Ian\Desktop\Magic The Gathering - Duels of the Planeswalkers 2013 Demo.url
2012-06-20 15:42 - 2012-06-20 15:42 - 00006188 ____A C:\Users\Ian\Desktop\pso2launcher - Shortcut.lnk
2012-06-16 11:04 - 2012-06-16 10:51 - 00000089 ____A C:\Windows\EWF520.ini
2012-06-16 06:29 - 2012-06-15 20:31 - 572685077 ____A C:\Users\Ian\Downloads\pso2openbetaclient.rar
2012-06-11 23:08 - 2012-07-11 03:03 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-09 01:43 - 2012-07-10 16:28 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-09 00:41 - 2012-07-10 16:28 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-06 02:06 - 2012-07-10 16:29 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-06 02:06 - 2012-07-10 16:29 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-06 02:02 - 2012-07-10 16:17 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-06 01:05 - 2012-07-10 16:29 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-06 01:05 - 2012-07-10 16:29 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-06 01:03 - 2012-07-10 16:17 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-06-02 18:19 - 2012-06-21 10:53 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 18:19 - 2012-06-21 10:53 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 18:19 - 2012-06-21 10:53 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 18:19 - 2012-06-21 10:53 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 18:19 - 2012-06-21 10:53 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 18:15 - 2012-06-21 10:53 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 18:15 - 2012-06-21 10:53 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 15:19 - 2012-06-21 10:53 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 15:15 - 2012-06-21 10:53 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 08:49 - 2012-07-11 03:00 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 08:17 - 2012-07-11 03:00 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 08:12 - 2012-07-11 03:00 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 08:05 - 2012-07-11 03:00 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 08:05 - 2012-07-11 03:00 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 08:04 - 2012-07-11 03:00 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 08:04 - 2012-07-11 03:00 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 08:03 - 2012-07-11 03:00 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 08:01 - 2012-07-11 03:00 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 08:00 - 2012-07-11 03:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 07:59 - 2012-07-11 03:00 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 07:57 - 2012-07-11 03:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 07:57 - 2012-07-11 03:00 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 07:54 - 2012-07-11 03:00 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-02 05:07 - 2012-07-11 03:00 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-02 04:43 - 2012-07-11 03:00 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-02 04:33 - 2012-07-11 03:00 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-02 04:26 - 2012-07-11 03:00 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-02 04:25 - 2012-07-11 03:00 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-02 04:25 - 2012-07-11 03:00 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-02 04:23 - 2012-07-11 03:00 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-02 04:21 - 2012-07-11 03:00 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-02 04:20 - 2012-07-11 03:00 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-02 04:19 - 2012-07-11 03:00 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-02 04:19 - 2012-07-11 03:00 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-02 04:17 - 2012-07-11 03:00 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-02 04:16 - 2012-07-11 03:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-02 04:14 - 2012-07-11 03:00 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-02 01:50 - 2012-07-10 16:28 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-02 01:48 - 2012-07-10 16:28 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-02 01:48 - 2012-07-10 16:28 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-02 01:45 - 2012-07-10 16:28 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-02 01:44 - 2012-07-10 16:28 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-02 00:40 - 2012-07-10 16:28 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-02 00:40 - 2012-07-10 16:28 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-02 00:39 - 2012-07-10 16:28 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-02 00:34 - 2012-07-10 16:28 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-06-01 20:56 - 2012-06-01 20:56 - 00001571 ____A C:\Users\Ian\Desktop\PHANTASY STAR ONLINE 2 ??????????????.lnk
2012-06-01 03:00 - 2011-02-10 12:10 - 00799920 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-05-29 22:02 - 2012-05-29 22:01 - 00739832 ____A (Google Inc.) C:\Users\Ian\Downloads\GoogleVoiceAndVideoSetup.exe
2012-05-23 02:16 - 2012-05-18 13:57 - 00002096 ____A C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2012-05-22 00:41 - 2012-05-22 00:41 - 00001043 ____A C:\Users\Ian\Desktop\online - Shortcut.lnk
2012-05-20 19:12 - 2012-05-20 19:12 - 00892360 ____A (Oracle Corporation) C:\Users\Ian\Downloads\jxpiinstall.exe
2012-05-20 19:11 - 2012-05-20 19:11 - 00278561 ____A C:\Users\Ian\Downloads\Minecraft.exe
2012-05-19 02:10 - 2012-05-19 02:10 - 14723352 ____A (AOL Inc.) C:\Users\Ian\Downloads\AIM_Install.exe

 

[Icmc13]

2012-05-19 02:10 - 2012-05-19 02:10 - 00001032 ____A C:\Users\Ian\Desktop\AIM.lnk
2012-05-18 14:44 - 2012-05-18 14:28 - 352689452 ____A C:\Users\Ian\Downloads\shpsobb-newinclient-1.25.10-rel4.exe
2012-05-18 13:54 - 2012-05-18 13:54 - 00001136 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-05-15 19:06 - 2012-07-10 16:12 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-05-15 19:06 - 2012-07-10 16:12 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-05-04 19:29 - 2012-07-10 16:13 - 00227720 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-05-04 19:29 - 2012-05-20 19:14 - 00772504 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2012-05-04 19:29 - 2012-05-20 19:14 - 00687504 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2012-05-04 07:06 - 2012-06-12 16:20 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 06:03 - 2012-06-12 16:20 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 06:03 - 2012-06-12 16:20 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-01 01:40 - 2012-06-12 16:20 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-27 23:55 - 2012-06-12 16:19 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-27 16:09 - 2012-04-27 16:09 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2012-04-27 15:54 - 2011-02-10 12:03 - 00003652 ____A C:\Windows\TSSysprep.log
2012-04-27 15:53 - 2012-04-27 15:53 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_Apfiltr_01009.Wdf
2012-04-27 15:34 - 2012-04-27 15:34 - 00000215 ____A C:\Users\Public\Desktop\My Identity Protection.url
2012-04-27 15:04 - 2009-07-14 01:01 - 00108227 ____A C:\Windows\SysWOW64\license.rtf
2012-04-27 15:04 - 2009-07-14 01:01 - 00108227 ____A C:\Windows\System32\license.rtf
2012-04-27 14:46 - 2009-07-14 00:46 - 00004059 ____A C:\Windows\DtcInstall.log
2012-04-27 14:28 - 2009-07-13 22:34 - 00000435 ____A C:\Windows\win.ini
2012-04-27 14:20 - 2012-04-27 14:20 - 00000546 ____A C:\Windows\NLSDownlevelMapping.log
2012-04-27 14:14 - 2012-04-27 14:14 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_iwdbus_01009.Wdf
2012-04-27 14:13 - 2012-04-27 14:13 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_iBtFltCoex_01009.Wdf
2012-04-27 14:13 - 2012-04-27 14:13 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_btmaux_01009.Wdf
2012-04-27 14:13 - 2012-04-27 14:12 - 00009126 ____A C:\Windows\DPINST.LOG
2012-04-27 14:12 - 2012-04-27 14:12 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_AMPPAL_01009.Wdf
2012-04-27 14:10 - 2012-04-27 14:15 - 29475354 ____A C:\Windows\RPSETUP.EXE.LOG
2012-04-27 14:05 - 2012-04-27 14:05 - 00058824 ____A C:\Users\Ian\AppData\Local\GDIPFONTCACHEV1.DAT
2012-04-27 14:04 - 2012-04-27 14:04 - 00000020 ___SH C:\Users\Ian\ntuser.ini
2012-04-26 14:26 - 2012-04-26 14:26 - 00031985 __RAH C:\dell.sdr
2012-04-26 14:26 - 2012-04-26 14:26 - 00000012 ____A C:\Windows\csup.txt
2012-04-26 14:22 - 2012-04-26 14:22 - 02871808 ____A (Microsoft Corporation) C:\Windows\explorer.exe
2012-04-26 14:22 - 2012-04-26 14:22 - 02616320 ____A (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2012-04-26 14:22 - 2012-04-26 14:22 - 02565632 ____A (Microsoft Corporation) C:\Windows\System32\esent.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 02315776 ____A (Microsoft Corporation) C:\Windows\System32\tquery.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 02223616 ____A (Microsoft Corporation) C:\Windows\System32\mssrch.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 01731920 ____A (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 01699328 ____A (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 01659776 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2012-04-26 14:22 - 2012-04-26 14:22 - 01572864 ____A (Microsoft Corporation) C:\Windows\System32\quartz.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 01549312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 01447936 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 01401344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 01395712 ____A (Microsoft Corporation) C:\Windows\System32\mfc42.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 01359872 ____A (Microsoft Corporation) C:\Windows\System32\mfc42u.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 01328128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 01292080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 01164288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfc42u.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 01162752 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 01139200 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 01137664 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfc42.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 01118720 ____A (Microsoft Corporation) C:\Windows\System32\sbe.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00976896 ____A (Microsoft Corporation) C:\Windows\System32\inetcomm.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00961024 ____A (Microsoft Corporation) C:\Windows\System32\CPFilters.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00951680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2012-04-26 14:22 - 2012-04-26 14:22 - 00902656 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00861696 ____A (Microsoft Corporation) C:\Windows\System32\oleaut32.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00850944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sbe.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00800256 ____A (Microsoft Corporation) C:\Windows\System32\usp10.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00778752 ____A (Microsoft Corporation) C:\Windows\System32\mssvp.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00741376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00739840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00723456 ____A (Microsoft Corporation) C:\Windows\System32\EncDec.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00666624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00642944 ____A (Microsoft Corporation) C:\Windows\System32\winload.efi
2012-04-26 14:22 - 2012-04-26 14:22 - 00642048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00634880 ____A (Microsoft Corporation) C:\Windows\System32\msvcrt.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00626176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00613888 ____A (Microsoft Corporation) C:\Windows\System32\psisdecd.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00605552 ____A (Microsoft Corporation) C:\Windows\System32\winload.exe
2012-04-26 14:22 - 2012-04-26 14:22 - 00591872 ____A (Microsoft Corporation) C:\Windows\System32\SearchIndexer.exe
2012-04-26 14:22 - 2012-04-26 14:22 - 00571904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00566208 ____A (Microsoft Corporation) C:\Windows\System32\winresume.efi
2012-04-26 14:22 - 2012-04-26 14:22 - 00552960 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bthport.sys
2012-04-26 14:22 - 2012-04-26 14:22 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00534528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00518672 ____A (Microsoft Corporation) C:\Windows\System32\winresume.exe
2012-04-26 14:22 - 2012-04-26 14:22 - 00515584 ____A (Microsoft Corporation) C:\Windows\System32\timedate.cpl
2012-04-26 14:22 - 2012-04-26 14:22 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00509952 ____A (Microsoft Corporation) C:\Windows\System32\ntshrui.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00498688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2012-04-26 14:22 - 2012-04-26 14:22 - 00491520 ____A (Microsoft Corporation) C:\Windows\System32\mssph.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00478720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl
2012-04-26 14:22 - 2012-04-26 14:22 - 00476160 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00467456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srv.sys
2012-04-26 14:22 - 2012-04-26 14:22 - 00465408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\psisdecd.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00442880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00427520 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2012-04-26 14:22 - 2012-04-26 14:22 - 00421888 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00419744 ____A C:\Windows\SysWOW64\locale.nls
2012-04-26 14:22 - 2012-04-26 14:22 - 00419744 ____A C:\Windows\System32\locale.nls
2012-04-26 14:22 - 2012-04-26 14:22 - 00410496 ____A (Intel Corporation) C:\Windows\System32\Drivers\iaStorV.sys
2012-04-26 14:22 - 2012-04-26 14:22 - 00410112 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srv2.sys
2012-04-26 14:22 - 2012-04-26 14:22 - 00404480 ____A (Microsoft Corporation) C:\Windows\System32\umpnpmgr.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00395776 ____A (Microsoft Corporation) C:\Windows\System32\webio.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00357888 ____A (Microsoft Corporation) C:\Windows\System32\dnsapi.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00343040 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbhub.sys
2012-04-26 14:22 - 2012-04-26 14:22 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2012-04-26 14:22 - 2012-04-26 14:22 - 00337408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00331776 ____A (Microsoft Corporation) C:\Windows\System32\oleacc.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00325120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbport.sys
2012-04-26 14:22 - 2012-04-26 14:22 - 00319488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbcjt32.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00314880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00294912 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00288768 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb10.sys
2012-04-26 14:22 - 2012-04-26 14:22 - 00288256 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00288256 ____A (Microsoft Corporation) C:\Windows\System32\mssphtb.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00272384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00270336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00267776 ____A (Microsoft Corporation) C:\Windows\System32\FXSCOVER.exe
2012-04-26 14:22 - 2012-04-26 14:22 - 00259072 ____A (Microsoft Corporation) C:\Windows\System32\mpg2splt.ax
2012-04-26 14:22 - 2012-04-26 14:22 - 00257024 ____A (Microsoft Corporation) C:\Windows\System32\mfreadwrite.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00252928 ____A (Microsoft Corporation) C:\Windows\SysWOW64\drvinst.exe
2012-04-26 14:22 - 2012-04-26 14:22 - 00249856 ____A (Microsoft Corporation) C:\Windows\System32\SearchProtocolHost.exe
2012-04-26 14:22 - 2012-04-26 14:22 - 00246784 ____A (Microsoft Corporation) C:\Windows\System32\input.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00233472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\oleacc.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00214528 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00212992 ____A (Microsoft Corporation) C:\Windows\System32\odbctrac.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00202240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\input.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00199680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mpg2splt.ax
2012-04-26 14:22 - 2012-04-26 14:22 - 00199680 ____A (Microsoft Corporation) C:\Windows\System32\xmllite.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00197120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00196608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00189824 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\storport.sys
2012-04-26 14:22 - 2012-04-26 14:22 - 00183296 ____A (Microsoft Corporation) C:\Windows\System32\dnsrslvr.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xmllite.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00168448 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srvnet.sys
2012-04-26 14:22 - 2012-04-26 14:22 - 00166272 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvstor.sys
2012-04-26 14:22 - 2012-04-26 14:22 - 00164352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2012-04-26 14:22 - 2012-04-26 14:22 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbctrac.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\umpo.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\odbccp32.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00158208 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb.sys
2012-04-26 14:22 - 2012-04-26 14:22 - 00148352 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvraid.sys
2012-04-26 14:22 - 2012-04-26 14:22 - 00145920 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cfgmgr32.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00128000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb20.sys
2012-04-26 14:22 - 2012-04-26 14:22 - 00122880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbccp32.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00113664 ____A (Microsoft Corporation) C:\Windows\System32\SearchFilterHost.exe
2012-04-26 14:22 - 2012-04-26 14:22 - 00108032 ____A (Microsoft Corporation) C:\Windows\System32\psisrndr.ax
2012-04-26 14:22 - 2012-04-26 14:22 - 00107904 ____A (Advanced Micro Devices) C:\Windows\System32\Drivers\amdsata.sys
2012-04-26 14:22 - 2012-04-26 14:22 - 00106496 ____A (Microsoft Corporation) C:\Windows\System32\odbccu32.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00106496 ____A (Microsoft Corporation) C:\Windows\System32\odbccr32.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00100864 ____A (Microsoft Corporation) C:\Windows\System32\fontsub.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00099328 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbccgp.sys
2012-04-26 14:22 - 2012-04-26 14:22 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\fsutil.exe
2012-04-26 14:22 - 2012-04-26 14:22 - 00091648 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\USBSTOR.SYS
2012-04-26 14:22 - 2012-04-26 14:22 - 00086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2012-04-26 14:22 - 2012-04-26 14:22 - 00086016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbccu32.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00081920 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbccr32.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00080384 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\BTHUSB.SYS
2012-04-26 14:22 - 2012-04-26 14:22 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\packager.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00075776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\psisrndr.ax
2012-04-26 14:22 - 2012-04-26 14:22 - 00075264 ____A (Microsoft Corporation) C:\Windows\System32\msscntrs.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\fsutil.exe
2012-04-26 14:22 - 2012-04-26 14:22 - 00070656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00067072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00064512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\devobj.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00059392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00052736 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbehci.sys
2012-04-26 14:22 - 2012-04-26 14:22 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00044544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\devrtl.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00031232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\prevhost.exe
2012-04-26 14:22 - 2012-04-26 14:22 - 00031232 ____A (Microsoft Corporation) C:\Windows\System32\prevhost.exe
2012-04-26 14:22 - 2012-04-26 14:22 - 00031232 ____A (Microsoft Corporation) C:\Windows\System32\lsass.exe
2012-04-26 14:22 - 2012-04-26 14:22 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbuhci.sys
2012-04-26 14:22 - 2012-04-26 14:22 - 00030208 ____A (Microsoft Corporation) C:\Windows\System32\dnscacheugc.exe
2012-04-26 14:22 - 2012-04-26 14:22 - 00029184 ____A (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00028672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dnscacheugc.exe
2012-04-26 14:22 - 2012-04-26 14:22 - 00028160 ____A (Microsoft Corporation) C:\Windows\System32\secur32.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00027520 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Diskdump.sys
2012-04-26 14:22 - 2012-04-26 14:22 - 00027008 ____A (Advanced Micro Devices) C:\Windows\System32\Drivers\amdxata.sys
2012-04-26 14:22 - 2012-04-26 14:22 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2012-04-26 14:22 - 2012-04-26 14:22 - 00025600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbohci.sys
2012-04-26 14:22 - 2012-04-26 14:22 - 00020352 ____A (Microsoft Corporation) C:\Windows\System32\kdusb.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00019328 ____A (Microsoft Corporation) C:\Windows\System32\kd1394.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00017792 ____A (Microsoft Corporation) C:\Windows\System32\kdcom.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00007936 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbd.sys
2012-04-26 14:22 - 2012-04-26 14:22 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2012-04-26 14:22 - 2012-04-26 14:22 - 00007680 ____A (Microsoft Corporation) C:\Windows\System32\KBDINTAM.DLL
2012-04-26 14:22 - 2012-04-26 14:22 - 00007680 ____A (Microsoft Corporation) C:\Windows\System32\KBDINMAL.DLL
2012-04-26 14:22 - 2012-04-26 14:22 - 00007680 ____A (Microsoft Corporation) C:\Windows\System32\KBDINDEV.DLL
2012-04-26 14:22 - 2012-04-26 14:22 - 00007680 ____A (Microsoft Corporation) C:\Windows\System32\KBDINBEN.DLL
2012-04-26 14:22 - 2012-04-26 14:22 - 00007168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDINTAM.DLL
2012-04-26 14:22 - 2012-04-26 14:22 - 00007168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDINORI.DLL
2012-04-26 14:22 - 2012-04-26 14:22 - 00007168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDINMAR.DLL
2012-04-26 14:22 - 2012-04-26 14:22 - 00007168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDINMAL.DLL
2012-04-26 14:22 - 2012-04-26 14:22 - 00007168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDINKAN.DLL
2012-04-26 14:22 - 2012-04-26 14:22 - 00007168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDINHIN.DLL
2012-04-26 14:22 - 2012-04-26 14:22 - 00007168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDINDEV.DLL
2012-04-26 14:22 - 2012-04-26 14:22 - 00007168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDINBEN.DLL
2012-04-26 14:22 - 2012-04-26 14:22 - 00007168 ____A (Microsoft Corporation) C:\Windows\System32\KBDINTEL.DLL
2012-04-26 14:22 - 2012-04-26 14:22 - 00007168 ____A (Microsoft Corporation) C:\Windows\System32\KBDINPUN.DLL
2012-04-26 14:22 - 2012-04-26 14:22 - 00007168 ____A (Microsoft Corporation) C:\Windows\System32\KBDINORI.DLL
2012-04-26 14:22 - 2012-04-26 14:22 - 00007168 ____A (Microsoft Corporation) C:\Windows\System32\KBDINMAR.DLL
2012-04-26 14:22 - 2012-04-26 14:22 - 00007168 ____A (Microsoft Corporation) C:\Windows\System32\KBDINKAN.DLL
2012-04-26 14:22 - 2012-04-26 14:22 - 00007168 ____A (Microsoft Corporation) C:\Windows\System32\KBDINHIN.DLL
2012-04-26 14:22 - 2012-04-26 14:22 - 00007168 ____A (Microsoft Corporation) C:\Windows\System32\KBDINGUJ.DLL
2012-04-26 14:22 - 2012-04-26 14:22 - 00007168 ____A (Microsoft Corporation) C:\Windows\System32\KBDINEN.DLL
2012-04-26 14:22 - 2012-04-26 14:22 - 00007168 ____A (Microsoft Corporation) C:\Windows\System32\KBDINBE2.DLL
2012-04-26 14:22 - 2012-04-26 14:22 - 00007168 ____A (Microsoft Corporation) C:\Windows\System32\KBDINBE1.DLL
2012-04-26 14:22 - 2012-04-26 14:22 - 00007168 ____A (Microsoft Corporation) C:\Windows\System32\KBDINASA.DLL
2012-04-26 14:22 - 2012-04-26 14:22 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDINTEL.DLL
2012-04-26 14:22 - 2012-04-26 14:22 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDINPUN.DLL
2012-04-26 14:22 - 2012-04-26 14:22 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDINGUJ.DLL
2012-04-26 14:22 - 2012-04-26 14:22 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDINBE2.DLL
2012-04-26 14:22 - 2012-04-26 14:22 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDINBE1.DLL
2012-04-26 14:22 - 2012-04-26 14:22 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDINASA.DLL
2012-04-26 14:22 - 2012-04-26 14:22 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2012-04-26 14:22 - 2012-04-26 14:22 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-04-26 14:22 - 2012-04-26 14:22 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-04-26 14:11 - 2012-04-26 14:11 - 00005241 ____A C:\Windows\SysWOW64\Drivers\1028_Dell_INS_N5110.mrk
2012-04-26 14:11 - 2012-04-26 14:11 - 00005241 ____A C:\Windows\System32\Drivers\1028_Dell_INS_N5110.mrk
2012-04-26 14:10 - 2012-04-26 14:10 - 03695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2012-04-26 14:10 - 2012-04-26 14:10 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-04-26 14:10 - 2012-04-26 14:10 - 00697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-04-26 14:10 - 2012-04-26 14:10 - 00603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-04-26 14:10 - 2012-04-26 14:10 - 00580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-04-26 14:10 - 2012-04-26 14:10 - 00534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-04-26 14:10 - 2012-04-26 14:10 - 00452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-04-26 14:10 - 2012-04-26 14:10 - 00448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-04-26 14:10 - 2012-04-26 14:10 - 00434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2012-04-26 14:10 - 2012-04-26 14:10 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-04-26 14:10 - 2012-04-26 14:10 - 00403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-04-26 14:10 - 2012-04-26 14:10 - 00367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-04-26 14:10 - 2012-04-26 14:10 - 00353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2012-04-26 14:10 - 2012-04-26 14:10 - 00353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-04-26 14:10 - 2012-04-26 14:10 - 00282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-04-26 14:10 - 2012-04-26 14:10 - 00267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-04-26 14:10 - 2012-04-26 14:10 - 00249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-04-26 14:10 - 2012-04-26 14:10 - 00227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2012-04-26 14:10 - 2012-04-26 14:10 - 00223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2012-04-26 14:10 - 2012-04-26 14:10 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-04-26 14:10 - 2012-04-26 14:10 - 00203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2012-04-26 14:10 - 2012-04-26 14:10 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-04-26 14:10 - 2012-04-26 14:10 - 00165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-04-26 14:10 - 2012-04-26 14:10 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2012-04-26 14:10 - 2012-04-26 14:10 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-04-26 14:10 - 2012-04-26 14:10 - 00162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2012-04-26 14:10 - 2012-04-26 14:10 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2012-04-26 14:10 - 2012-04-26 14:10 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-04-26 14:10 - 2012-04-26 14:10 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-04-26 14:10 - 2012-04-26 14:10 - 00152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2012-04-26 14:10 - 2012-04-26 14:10 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2012-04-26 14:10 - 2012-04-26 14:10 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-04-26 14:10 - 2012-04-26 14:10 - 00145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-04-26 14:10 - 2012-04-26 14:10 - 00135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-04-26 14:10 - 2012-04-26 14:10 - 00130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2012-04-26 14:10 - 2012-04-26 14:10 - 00123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2012-04-26 14:10 - 2012-04-26 14:10 - 00118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-04-26 14:10 - 2012-04-26 14:10 - 00114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-04-26 14:10 - 2012-04-26 14:10 - 00111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-04-26 14:10 - 2012-04-26 14:10 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2012-04-26 14:10 - 2012-04-26 14:10 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-04-26 14:10 - 2012-04-26 14:10 - 00101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2012-04-26 14:10 - 2012-04-26 14:10 - 00091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-04-26 14:10 - 2012-04-26 14:10 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-04-26 14:10 - 2012-04-26 14:10 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-04-26 14:10 - 2012-04-26 14:10 - 00086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2012-04-26 14:10 - 2012-04-26 14:10 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-04-26 14:10 - 2012-04-26 14:10 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-04-26 14:10 - 2012-04-26 14:10 - 00078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2012-04-26 14:10 - 2012-04-26 14:10 - 00076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2012-04-26 14:10 - 2012-04-26 14:10 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-04-26 14:10 - 2012-04-26 14:10 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2012-04-26 14:10 - 2012-04-26 14:10 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2012-04-26 14:10 - 2012-04-26 14:10 - 00074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2012-04-26 14:10 - 2012-04-26 14:10 - 00066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2012-04-26 14:10 - 2012-04-26 14:10 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-04-26 14:10 - 2012-04-26 14:10 - 00063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2012-04-26 14:10 - 2012-04-26 14:10 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-04-26 14:10 - 2012-04-26 14:10 - 00054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2012-04-26 14:10 - 2012-04-26 14:10 - 00049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-04-26 14:10 - 2012-04-26 14:10 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2012-04-26 14:10 - 2012-04-26 14:10 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-04-26 14:10 - 2012-04-26 14:10 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-04-26 14:10 - 2012-04-26 14:10 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-04-26 14:10 - 2012-04-26 14:10 - 00035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2012-04-26 14:10 - 2012-04-26 14:10 - 00031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2012-04-26 14:10 - 2012-04-26 14:10 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-04-26 14:10 - 2012-04-26 14:10 - 00023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-04-26 14:10 - 2012-04-26 14:10 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-04-26 14:10 - 2012-04-26 14:10 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2012-04-26 14:10 - 2012-04-26 14:10 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-04-26 14:10 - 2012-04-26 14:10 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-04-26 14:08 - 2009-07-14 01:38 - 00025600 __ASH C:\Windows\System32\config\BCD-Template.LOG
2012-04-26 14:08 - 2009-07-14 01:32 - 00028672 ____A C:\Windows\System32\config\BCD-Template
2012-04-26 01:41 - 2012-06-12 16:20 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-26 01:41 - 2012-06-12 16:20 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-26 01:34 - 2012-06-12 16:20 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-24 01:37 - 2012-06-12 16:19 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-24 01:37 - 2012-06-12 16:19 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-24 01:37 - 2012-06-12 16:19 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-24 00:36 - 2012-06-12 16:19 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-04-24 00:36 - 2012-06-12 16:19 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-04-24 00:36 - 2012-06-12 16:19 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll

========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 21%
Total physical RAM: 6051.18 MB
Available physical RAM: 4720.34 MB
Total Pagefile: 12100.55 MB
Available Pagefile: 10777.26 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:911.66 GB) (Free:846.41 GB) NTFS
3 Drive e: (KINGSTON) (Removable) (Total:3.72 GB) (Free:1.3 GB) FAT32

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 0 B
Disk 1 Online 3822 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 19 GB 40 MB
Partition 3 Primary 911 GB 19 GB

==================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

There is no volume associated with this partition.

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 RECOVERY NTFS Partition 19 GB Healthy System (partition with boot components)

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 911 GB Healthy Boot

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3818 MB 4032 KB

==================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E KINGSTON FAT32 Removable 3818 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-06-19 14:52

======================= End Of Log ==========================

 

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

============================================

In Vista or Windows 7: Boot to System Recovery Options and run FRST.
In Windows XP: Please boot to UBCD and run FRST.
Type the following in the edit box after "Search:".

services.exe

Click Search button and post the log (Search.txt) it makes to your reply.

 

[Icmc13]

Computer is still running fine, here's the search.txt file

Farbar Recovery Scan Tool Version: 11-07-2012
Ran by SYSTEM at 2012-07-12 01:03:46
Running from E:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

====== End Of Search ======

 

[Broni]

I just noticed that you ran the original scan from within Windows.
That won't work.

For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
• Use the arrow keys to select the Repair your computer menu item.
• Select US as the keyboard language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

• Insert the installation disc.
• Restart your computer.
• If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
• Click Repair your computer.
• Select US as the keyboard language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

• • 
    Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt
• Select Command Prompt
• In the command window type in notepad and press Enter.
• The notepad opens. Under File menu select Open.
• Select "Computer" and find your flash drive letter and close the notepad.
• In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
  Note: Replace letter e with the drive letter of your flash drive.
• The tool will start to run.
• When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

 

[Icmc13]

Huh, I thought I did the scan within the flash drive, guess not, I'll do it again, hold on!

 

[Icmc13]

Alright so lets try this one out

Scan result of Farbar Recovery Scan Tool Version: 11-07-2012
Ran by SYSTEM at 12-07-2012 01:38:56
Running from E:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [609144 2011-04-12] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-24] (IDT, Inc.)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [168216 2011-04-19] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [392472 2011-04-19] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [416024 2011-04-19] (Intel Corporation)
HKLM\...\Run: [QuickSet] c:\Program Files\Dell\QuickSet\QuickSet.exe [3668336 2011-03-24] (Dell Inc.)
HKLM\...\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" [4526 2010-11-29] ()
HKLM\...\Run: [IntelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray [1935120 2011-07-27] (Intel(R) Corporation)
HKLM\...\Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp [10365952 2011-05-18] (Intel Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [497648 2010-07-28] (Adobe Systems Incorporated)
HKLM\...\Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup [483424 2012-02-01] ()
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-05] (Intel Corporation)
HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [503942 2011-04-13] (Creative Technology Ltd)
HKLM-x32\...\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [35736 2012-04-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900 [66872 2012-02-06] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup [2835443 2012-02-01] ()
HKLM-x32\...\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" [976320 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [847872 2009-12-02] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [OfficeScanNT Monitor] "C:\Program Files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow [1836592 2011-08-29] (Trend Micro Inc.)
HKU\Ian\...\Run: [AIM] "C:\Users\Ian\AppData\Local\AOL\AIM\aim.exe" [1263448 2012-02-10] (AOL Inc.)
HKU\Ian\...\Run: [Google Update] "C:\Users\Ian\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-05-29] (Google Inc.)
HKU\Ian\...\Run: [WorkForce 520(Network)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGIA.EXE /FU "C:\Windows\TEMP\E_S7427.tmp" /EF "HKCU" [224768 2009-09-13] (SEIKO EPSON CORPORATION)
HKU\Ian\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [17344176 2012-06-05] (Skype Technologies S.A.)
HKU\Ian\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1242448 2012-06-20] (Valve Corporation)
HKU\Ian\...\Run: [0i763f66bz] C:\Users\Ian\0i763f66bz.exe [x]
HKU\Ian\...\Run: [Regedit32] C:\Windows\system32\regedit.exe [x]
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Startup: C:\Users\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Ian\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk
ShortcutTarget: Epson all-in-one Registration.lnk -> (No File)
Startup: C:\Users\Ian\Start Menu\Programs\Startup\Intel(R) Turbo Boost Technology Monitor 2.0.lnk
ShortcutTarget: Intel(R) Turbo Boost Technology Monitor 2.0.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation)

==================== Services (Whitelisted) ======

2 Bluetooth Device Monitor; "C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe" [921664 2011-05-18] (Intel Corporation)
3 Bluetooth Media Service; "C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe" [1335360 2011-05-18] (Intel Corporation)
2 Bluetooth OBEX Service; "C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe" [995392 2011-05-18] (Intel Corporation)
2 BTHSSecurityMgr; "C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe" [134928 2011-06-03] (Intel(R) Corporation)
2 DellDigitalDelivery; "C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe" [173056 2012-06-19] (Dell Products, LP.)
3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe" [237008 2011-06-17] (McAfee, Inc.)
3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-07-27] ()
2 ntrtscan; "C:\Program Files (x86)\Trend Micro\OfficeScan Client\ntrtscan.exe" [2771856 2011-08-25] (Trend Micro Inc.)
2 tmlisten; "C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmlisten.exe" [2772096 2011-08-25] (Trend Micro Inc.)
3 TmProxy; "C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmProxy.exe" [918032 2011-04-15] (Trend Micro Inc.)

========================== Drivers (Whitelisted) =============

3 iBtFltCoex; C:\Windows\System32\Drivers\iBtFltCoex.sys [60416 2011-12-09] (Intel Corporation)
2 TmFilter; \??\C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmXPFlt.sys [342288 2011-07-12] (Trend Micro Inc.)
2 TmPreFilter; \??\C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmPreFlt.sys [42768 2011-07-12] (Trend Micro Inc.)
1 tmtdi; C:\Windows\System32\Drivers\tmtdi.sys [108624 2010-12-07] (Trend Micro Inc.)
2 VSApiNt; \??\C:\Program Files (x86)\Trend Micro\OfficeScan Client\VSApiNt.sys [2077456 2011-07-12] (Trend Micro Inc.)
3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-11 19:36 - 2012-07-11 19:36 - 00000000 ____D C:\FRST
2012-07-11 19:30 - 2012-07-11 19:30 - 01434551 ____A (Farbar) C:\Users\Ian\Downloads\FRST64.exe
2012-07-11 08:34 - 2012-07-11 08:34 - 00002767 ____A C:\Users\Public\Desktop\SyncUP.lnk
2012-07-11 08:34 - 2012-07-11 08:34 - 00002767 ____A C:\Users\All Users\Desktop\SyncUP.lnk
2012-07-10 23:03 - 2012-06-11 19:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-10 23:00 - 2012-06-02 04:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-10 23:00 - 2012-06-02 04:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-10 23:00 - 2012-06-02 04:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-10 23:00 - 2012-06-02 04:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-10 23:00 - 2012-06-02 04:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-10 23:00 - 2012-06-02 04:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-10 23:00 - 2012-06-02 04:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-10 23:00 - 2012-06-02 04:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-10 23:00 - 2012-06-02 04:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-10 23:00 - 2012-06-02 04:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-10 23:00 - 2012-06-02 03:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-10 23:00 - 2012-06-02 03:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-10 23:00 - 2012-06-02 03:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-10 23:00 - 2012-06-02 03:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-10 23:00 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-07-10 23:00 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-07-10 23:00 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-07-10 23:00 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-07-10 23:00 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-07-10 23:00 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-07-10 23:00 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-07-10 23:00 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-07-10 23:00 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-07-10 23:00 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-07-10 23:00 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-07-10 23:00 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-07-10 23:00 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-07-10 23:00 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-07-10 14:00 - 2012-07-10 14:00 - 02013336 ____A C:\Users\Ian\Downloads\MapleStoryDownloader.exe
2012-07-10 12:37 - 2012-07-10 23:56 - 00129024 ____A C:\Windows\RegBootClean64.exe
2012-07-10 12:37 - 2012-07-10 23:56 - 00102400 ____A C:\Windows\RegBootClean.exe
2012-07-10 12:29 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-10 12:29 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-10 12:29 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-07-10 12:29 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-07-10 12:29 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2012-07-10 12:29 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2012-07-10 12:28 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-10 12:28 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-07-10 12:28 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-07-10 12:28 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-07-10 12:28 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-10 12:28 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-10 12:28 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-10 12:28 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-07-10 12:28 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-07-10 12:28 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-07-10 12:28 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-07-10 12:17 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-07-10 12:17 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-07-10 12:13 - 2012-07-10 12:13 - 00000000 ____D C:\Program Files (x86)\Oracle
2012-07-10 12:13 - 2012-05-04 15:29 - 00227720 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-07-10 12:12 - 2012-07-10 12:12 - 00002954 ____A C:\Windows\SysWOW64\jupdate-1.7.0_05-b05.log
2012-07-10 12:12 - 2012-05-15 15:06 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-07-10 12:12 - 2012-05-15 15:06 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-07-10 12:06 - 2012-07-10 12:06 - 00002021 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2012-07-10 12:06 - 2012-07-10 12:06 - 00002021 ____A C:\Users\All Users\Desktop\Adobe Reader X.lnk
2012-07-10 11:10 - 2012-07-10 11:10 - 00183660 ____A C:\Users\Ian\Local Settings\census.cache
2012-07-10 11:10 - 2012-07-10 11:10 - 00183660 ____A C:\Users\Ian\Local Settings\Application Data\census.cache
2012-07-10 11:10 - 2012-07-10 11:10 - 00183660 ____A C:\Users\Ian\AppData\Local\census.cache
2012-07-10 11:10 - 2012-07-10 11:10 - 00093597 ____A C:\Users\Ian\Local Settings\ars.cache
2012-07-10 11:10 - 2012-07-10 11:10 - 00093597 ____A C:\Users\Ian\Local Settings\Application Data\ars.cache
2012-07-10 11:10 - 2012-07-10 11:10 - 00093597 ____A C:\Users\Ian\AppData\Local\ars.cache
2012-07-10 10:57 - 2012-07-10 11:05 - 00000036 ____A C:\Users\Ian\Local Settings\housecall.guid.cache
2012-07-10 10:57 - 2012-07-10 11:05 - 00000036 ____A C:\Users\Ian\Local Settings\Application Data\housecall.guid.cache
2012-07-10 10:57 - 2012-07-10 11:05 - 00000036 ____A C:\Users\Ian\AppData\Local\housecall.guid.cache
2012-07-05 18:50 - 2012-07-05 18:50 - 00000000 ____D C:\Users\Ian\My Documents\Slender v0.9.1
2012-07-05 18:50 - 2012-07-05 18:50 - 00000000 ____D C:\Users\Ian\Documents\Slender v0.9.1
2012-07-04 16:14 - 2012-07-04 16:14 - 00000000 ____A C:\Windows\System32\diagnostic.log
2012-07-04 16:11 - 2012-07-10 12:37 - 00000000 ____D C:\TMQuarantine
2012-07-04 16:11 - 2012-07-10 12:03 - 00017588 ____A C:\Windows\cfgall.ini
2012-07-03 20:30 - 2012-07-09 20:15 - 00000222 ____A C:\Users\Ian\My Documents\Grad Schools.txt
2012-07-03 20:30 - 2012-07-09 20:15 - 00000222 ____A C:\Users\Ian\Documents\Grad Schools.txt
2012-06-27 20:32 - 2012-06-27 20:32 - 00000000 ___RD C:\Users\Ian\Desktop\MySyncUPFiles
2012-06-27 20:05 - 2012-06-27 20:05 - 00000000 ____D C:\Program Files (x86)\Dell Digital Delivery
2012-06-27 20:04 - 2012-06-27 20:04 - 00000109 ____A C:\Windows\TMFilter.log
2012-06-27 12:28 - 2012-07-11 21:06 - 00136772 ____A C:\Windows\SysWOW64\TmInstall.log
2012-06-27 12:28 - 2012-07-11 21:06 - 00078242 ____A C:\Windows\System32\TmInstall.log
2012-06-27 12:28 - 2012-06-27 12:28 - 00000000 ____D C:\Windows\System32\log
2012-06-27 12:27 - 2012-06-27 12:27 - 00000000 ____D C:\Program Files (x86)\Trend Micro
2012-06-27 12:23 - 2012-06-27 12:27 - 00000047 ____A C:\Users\Ian\Downloads\OFCNTINST.LOG
2012-06-27 12:23 - 2012-06-27 12:23 - 00000000 ____D C:\Users\Ian\Local Settings\Trend Micro
2012-06-27 12:23 - 2012-06-27 12:23 - 00000000 ____D C:\Users\Ian\Local Settings\Application Data\Trend Micro
2012-06-27 12:23 - 2012-06-27 12:23 - 00000000 ____D C:\Users\Ian\AppData\Local\Trend Micro
2012-06-24 20:51 - 2012-06-24 20:51 - 00000000 ____D C:\Users\Ian\Local Settings\Nero_AG
2012-06-24 20:51 - 2012-06-24 20:51 - 00000000 ____D C:\Users\Ian\Local Settings\Application Data\Nero_AG
2012-06-24 20:51 - 2012-06-24 20:51 - 00000000 ____D C:\Users\Ian\AppData\Local\Nero_AG
2012-06-24 20:50 - 2012-07-11 21:20 - 00000000 ____D C:\Users\Ian\Local Settings\Nero
2012-06-24 20:50 - 2012-07-11 21:20 - 00000000 ____D C:\Users\Ian\Local Settings\Application Data\Nero
2012-06-24 20:50 - 2012-07-11 21:20 - 00000000 ____D C:\Users\Ian\AppData\Local\Nero
2012-06-24 20:50 - 2012-06-24 20:50 - 00000000 ____D C:\Users\Ian\Application Data\Nero
2012-06-24 20:50 - 2012-06-24 20:50 - 00000000 ____D C:\Users\Ian\AppData\Roaming\Nero
2012-06-22 22:03 - 2012-06-22 22:03 - 00000000 ____D C:\Users\Ian\Local Settings\Macromedia
2012-06-22 22:03 - 2012-06-22 22:03 - 00000000 ____D C:\Users\Ian\Local Settings\Application Data\Macromedia
2012-06-22 22:03 - 2012-06-22 22:03 - 00000000 ____D C:\Users\Ian\AppData\Local\Macromedia
2012-06-22 09:31 - 2012-06-22 09:31 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-06-21 06:53 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-21 06:53 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-21 06:53 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-21 06:53 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-21 06:53 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-21 06:53 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-21 06:53 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-21 06:53 - 2012-06-02 11:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-21 06:53 - 2012-06-02 11:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-20 13:13 - 2012-06-20 13:13 - 00000000 ____D C:\Users\Ian\My Documents\Wizards of the Coast
2012-06-20 13:13 - 2012-06-20 13:13 - 00000000 ____D C:\Users\Ian\Documents\Wizards of the Coast
2012-06-20 13:11 - 2008-10-15 02:22 - 05631312 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_40.dll
2012-06-20 13:11 - 2008-10-15 02:22 - 02605920 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_40.dll
2012-06-20 13:11 - 2008-10-15 02:22 - 02036576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2012-06-20 12:26 - 2012-06-20 12:26 - 00000221 ____A C:\Users\Ian\Desktop\Magic The Gathering - Duels of the Planeswalkers 2013 Demo.url
2012-06-20 12:22 - 2012-07-11 21:06 - 00000000 ____D C:\Program Files (x86)\Steam
2012-06-20 11:42 - 2012-06-20 11:42 - 00006188 ____A C:\Users\Ian\Desktop\pso2launcher - Shortcut.lnk
2012-06-19 21:47 - 2012-06-26 14:48 - 00000000 ____D C:\Users\Ian\Local Settings\Microsoft Games
2012-06-19 21:47 - 2012-06-26 14:48 - 00000000 ____D C:\Users\Ian\Local Settings\Application Data\Microsoft Games
2012-06-19 21:47 - 2012-06-26 14:48 - 00000000 ____D C:\Users\Ian\AppData\Local\Microsoft Games
2012-06-16 07:04 - 2012-06-16 07:04 - 00000000 ____D C:\Users\Ian\Application Data\Leadertech
2012-06-16 07:04 - 2012-06-16 07:04 - 00000000 ____D C:\Users\Ian\AppData\Roaming\Leadertech
2012-06-16 07:03 - 2012-06-16 07:03 - 00000000 ____D C:\Program Files\Common Files\EPSON
2012-06-16 07:03 - 2007-09-07 13:33 - 00135168 ____A (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\EEBAPI.dll
2012-06-16 07:03 - 2007-03-28 14:26 - 00065536 ____A (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\EEBUtil.dll
2012-06-16 07:03 - 2006-12-19 14:31 - 00110592 ____A (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\EEBDSCVR.dll
2012-06-16 07:03 - 2006-12-19 14:20 - 00077824 ____A (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\EBAPI.dll
2012-06-16 07:03 - 2003-12-16 21:01 - 00055808 ____A (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\EEBSDKIF.dll
2012-06-16 06:59 - 2012-06-27 19:56 - 00000000 ____D C:\Users\Ian\Application Data\Epson
2012-06-16 06:59 - 2012-06-27 19:56 - 00000000 ____D C:\Users\Ian\AppData\Roaming\Epson
2012-06-16 06:59 - 2009-08-19 21:00 - 00000119 ____A C:\Windows\SysWOW64\epson.sep
2012-06-16 06:58 - 2012-06-16 06:58 - 00000000 ____D C:\Program Files\EpsonNet
2012-06-16 06:58 - 2012-06-16 06:58 - 00000000 ____D C:\Program Files (x86)\EpsonNet
2012-06-16 06:58 - 2010-09-13 11:01 - 00538112 ____A (SEIKO EPSON CORPORATION) C:\Windows\System32\ensppui.dll
2012-06-16 06:58 - 2010-09-13 11:01 - 00538112 ____A (SEIKO EPSON CORPORATION) C:\Windows\System32\enppui.dll
2012-06-16 06:58 - 2010-09-13 11:00 - 00558592 ____A (SEIKO EPSON CORPORATION) C:\Windows\System32\ensppmon.dll
2012-06-16 06:58 - 2010-09-13 11:00 - 00558592 ____A (SEIKO EPSON CORPORATION) C:\Windows\System32\enppmon.dll
2012-06-16 06:58 - 2008-06-18 07:49 - 00250880 ____A (SEIKO EPSON CORPORATION) C:\Windows\System32\enspres.dll
2012-06-16 06:58 - 2008-06-18 07:49 - 00250880 ____A (SEIKO EPSON CORPORATION) C:\Windows\System32\enpres.dll
2012-06-16 06:57 - 2012-06-16 07:03 - 00000000 ____D C:\Users\All Users\EPSON
2012-06-16 06:57 - 2012-06-16 07:03 - 00000000 ____D C:\Users\All Users\Application Data\EPSON
2012-06-16 06:57 - 2012-06-16 06:57 - 00000000 ____D C:\Users\Ian\Application Data\InstallShield
2012-06-16 06:57 - 2012-06-16 06:57 - 00000000 ____D C:\Users\Ian\AppData\Roaming\InstallShield
2012-06-16 06:57 - 2009-09-30 13:01 - 00088064 ____A (SEIKO EPSON CORPORATION) C:\Windows\System32\E_IBCBGIA.DLL
2012-06-16 06:57 - 2008-11-11 11:00 - 00118784 ____A (SEIKO EPSON CORPORATION) C:\Windows\System32\E_ILMGIA.DLL
2012-06-16 06:57 - 2006-10-30 20:10 - 00051360 ____A (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\EpPicPrt.dll
2012-06-16 06:57 - 2006-10-30 20:10 - 00051360 ____A (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\EpPicMgr.dll
2012-06-16 06:57 - 2006-10-30 20:10 - 00000097 ____A C:\Windows\SysWOW64\PICSDK.ini
2012-06-16 06:57 - 2006-10-19 20:10 - 00501912 ____A (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\PICSDK2.dll
2012-06-16 06:57 - 2006-10-19 20:10 - 00108704 ____A (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\PICEntry.dll
2012-06-16 06:57 - 2006-10-19 20:10 - 00080024 ____A (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\PICSDK.dll
2012-06-16 06:57 - 2004-03-03 02:10 - 00073220 ____A C:\Windows\SysWOW64\EPPICPrinterDB.dat
2012-06-16 06:57 - 2004-03-03 02:10 - 00031053 ____A C:\Windows\SysWOW64\EPPICPattern131.dat
2012-06-16 06:57 - 2004-03-03 02:10 - 00029114 ____A C:\Windows\SysWOW64\EPPICPattern1.dat
2012-06-16 06:57 - 2004-03-03 02:10 - 00027417 ____A C:\Windows\SysWOW64\EPPICPattern121.dat
2012-06-16 06:57 - 2004-03-03 02:10 - 00021021 ____A C:\Windows\SysWOW64\EPPICPattern3.dat
2012-06-16 06:57 - 2004-03-03 02:10 - 00015670 ____A C:\Windows\SysWOW64\EPPICPattern5.dat
2012-06-16 06:57 - 2004-03-03 02:10 - 00013280 ____A C:\Windows\SysWOW64\EPPICPattern2.dat
2012-06-16 06:57 - 2004-03-03 02:10 - 00012669 ____A C:\Windows\SysWOW64\EPPICLocal_EN.cfg
2012-06-16 06:57 - 2004-03-03 02:10 - 00010673 ____A C:\Windows\SysWOW64\EPPICPattern4.dat
2012-06-16 06:57 - 2004-03-03 02:10 - 00006478 ____A C:\Windows\SysWOW64\EPPICLocal_PT.cfg
2012-06-16 06:57 - 2004-03-03 02:10 - 00006478 ____A C:\Windows\SysWOW64\EPPICLocal_BP.cfg
2012-06-16 06:57 - 2004-03-03 02:10 - 00006366 ____A C:\Windows\SysWOW64\EPPICLocal_FR.cfg
2012-06-16 06:57 - 2004-03-03 02:10 - 00006366 ____A C:\Windows\SysWOW64\EPPICLocal_CF.cfg
2012-06-16 06:57 - 2004-03-03 02:10 - 00006226 ____A C:\Windows\SysWOW64\EPPICLocal_ES.cfg
2012-06-16 06:57 - 2004-03-03 02:10 - 00004943 ____A C:\Windows\SysWOW64\EPPICPattern6.dat
2012-06-16 06:57 - 2004-03-03 02:10 - 00001140 ____A C:\Windows\SysWOW64\EPPICPresetData_PT.dat
2012-06-16 06:57 - 2004-03-03 02:10 - 00001140 ____A C:\Windows\SysWOW64\EPPICPresetData_BP.dat
2012-06-16 06:57 - 2004-03-03 02:10 - 00001137 ____A C:\Windows\SysWOW64\EPPICPresetData_ES.dat
2012-06-16 06:57 - 2004-03-03 02:10 - 00001130 ____A C:\Windows\SysWOW64\EPPICPresetData_FR.dat
2012-06-16 06:57 - 2004-03-03 02:10 - 00001130 ____A C:\Windows\SysWOW64\EPPICPresetData_CF.dat
2012-06-16 06:57 - 2004-03-03 02:10 - 00001104 ____A C:\Windows\SysWOW64\EPPICPresetData_EN.dat
2012-06-16 06:56 - 2012-06-16 06:59 - 00000000 ____D C:\Program Files (x86)\Epson Software
2012-06-16 06:55 - 2012-06-16 07:04 - 00000000 ____D C:\Program Files (x86)\epson
2012-06-16 06:55 - 2009-11-19 20:00 - 00464384 ____A (Seiko Epson Corporation) C:\Windows\System32\esxw2ud.dll
2012-06-16 06:55 - 2009-04-30 20:00 - 00128392 ____A (Seiko Epson Corporation) C:\Windows\System32\esdevapp.exe
2012-06-16 06:55 - 2009-04-30 20:00 - 00017408 ____A (SEIKO EPSON CORP.) C:\Windows\System32\esxcdev.dll
2012-06-16 06:51 - 2012-06-16 07:04 - 00000089 ____A C:\Windows\EWF520.ini
2012-06-16 05:52 - 2012-06-16 05:52 - 00000000 ____D C:\Program Files\Common Files\INCA Shared
2012-06-16 05:52 - 2012-04-09 12:34 - 03957088 ____A (INCA Internet Co., Ltd.) C:\Windows\SysWOW64\GameMon.des
2012-06-16 05:42 - 2012-06-16 05:42 - 00000000 ____D C:\Users\Ian\My Documents\pso2openbetaclient
2012-06-16 05:42 - 2012-06-16 05:42 - 00000000 ____D C:\Users\Ian\Documents\pso2openbetaclient
2012-06-16 05:40 - 2012-06-16 05:41 - 00000000 ____D C:\Users\Ian\Application Data\WinRAR
2012-06-16 05:40 - 2012-06-16 05:41 - 00000000 ____D C:\Users\Ian\AppData\Roaming\WinRAR
2012-06-16 05:40 - 2012-06-16 05:40 - 00000000 ____D C:\Program Files (x86)\WinRAR
2012-06-15 16:31 - 2012-06-16 02:29 - 572685077 ____A C:\Users\Ian\Downloads\pso2openbetaclient.rar
2012-06-14 23:26 - 2012-06-14 23:26 - 00000000 ____D C:\Users\Ian\Application Data\SEGA
2012-06-14 23:26 - 2012-06-14 23:26 - 00000000 ____D C:\Users\Ian\AppData\Roaming\SEGA
2012-06-12 12:20 - 2012-05-04 03:06 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-06-12 12:20 - 2012-05-04 02:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-06-12 12:20 - 2012-05-04 02:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-06-12 12:20 - 2012-04-30 21:40 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-06-12 12:20 - 2012-04-25 21:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-06-12 12:20 - 2012-04-25 21:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-06-12 12:20 - 2012-04-25 21:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-06-12 12:19 - 2012-04-27 19:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-12 12:19 - 2012-04-23 21:37 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-06-12 12:19 - 2012-04-23 21:37 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-06-12 12:19 - 2012-04-23 21:37 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-06-12 12:19 - 2012-04-23 20:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-06-12 12:19 - 2012-04-23 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-06-12 12:19 - 2012-04-23 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-06-12 12:19 - 2012-04-07 04:31 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-06-12 12:19 - 2012-04-07 03:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll

============ 3 Months Modified Files ========================

2012-07-11 21:37 - 2012-04-27 09:57 - 01489710 ____A C:\Windows\WindowsUpdate.log
2012-07-11 21:13 - 2012-05-29 18:02 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1321412489-1100581043-3427248746-1000UA.job
2012-07-11 21:13 - 2009-07-13 20:45 - 00021296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-11 21:13 - 2009-07-13 20:45 - 00021296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-11 21:11 - 2009-07-13 21:13 - 00811256 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-11 21:06 - 2012-06-27 12:28 - 00136772 ____A C:\Windows\SysWOW64\TmInstall.log
2012-07-11 21:06 - 2012-06-27 12:28 - 00078242 ____A C:\Windows\System32\TmInstall.log
2012-07-11 21:05 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-11 21:05 - 2009-07-13 20:51 - 00038902 ____A C:\Windows\setupact.log
2012-07-11 20:56 - 2012-04-27 10:00 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-11 19:38 - 2012-06-01 11:02 - 00000506 ____A C:\Windows\Tasks\SystemToolsDailyTest.job
2012-07-11 19:30 - 2012-07-11 19:30 - 01434551 ____A (Farbar) C:\Users\Ian\Downloads\FRST64.exe
2012-07-11 14:56 - 2012-04-27 10:00 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-11 14:56 - 2012-04-27 10:00 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-11 08:34 - 2012-07-11 08:34 - 00002767 ____A C:\Users\Public\Desktop\SyncUP.lnk
2012-07-11 08:34 - 2012-07-11 08:34 - 00002767 ____A C:\Users\All Users\Desktop\SyncUP.lnk
2012-07-11 00:19 - 2009-07-13 20:45 - 00273200 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-11 00:18 - 2010-11-20 19:47 - 00017278 ____A C:\Windows\PFRO.log
2012-07-10 23:56 - 2012-07-10 12:37 - 00129024 ____A C:\Windows\RegBootClean64.exe
2012-07-10 23:56 - 2012-07-10 12:37 - 00102400 ____A C:\Windows\RegBootClean.exe
2012-07-10 23:01 - 2012-04-27 11:03 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-10 22:13 - 2012-05-29 18:02 - 00000848 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1321412489-1100581043-3427248746-1000Core.job
2012-07-10 15:32 - 2012-05-23 22:54 - 00000204 ____A C:\Users\Public\Desktop\MapleStory.url
2012-07-10 15:32 - 2012-05-23 22:54 - 00000204 ____A C:\Users\All Users\Desktop\MapleStory.url
2012-07-10 14:00 - 2012-07-10 14:00 - 02013336 ____A C:\Users\Ian\Downloads\MapleStoryDownloader.exe
2012-07-10 12:12 - 2012-07-10 12:12 - 00002954 ____A C:\Windows\SysWOW64\jupdate-1.7.0_05-b05.log
2012-07-10 12:06 - 2012-07-10 12:06 - 00002021 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
2012-07-10 12:06 - 2012-07-10 12:06 - 00002021 ____A C:\Users\All Users\Desktop\Adobe Reader X.lnk
2012-07-10 12:03 - 2012-07-04 16:11 - 00017588 ____A C:\Windows\cfgall.ini
2012-07-10 11:10 - 2012-07-10 11:10 - 00183660 ____A C:\Users\Ian\Local Settings\census.cache
2012-07-10 11:10 - 2012-07-10 11:10 - 00183660 ____A C:\Users\Ian\Local Settings\Application Data\census.cache
2012-07-10 11:10 - 2012-07-10 11:10 - 00183660 ____A C:\Users\Ian\AppData\Local\census.cache
2012-07-10 11:10 - 2012-07-10 11:10 - 00093597 ____A C:\Users\Ian\Local Settings\ars.cache
2012-07-10 11:10 - 2012-07-10 11:10 - 00093597 ____A C:\Users\Ian\Local Settings\Application Data\ars.cache
2012-07-10 11:10 - 2012-07-10 11:10 - 00093597 ____A C:\Users\Ian\AppData\Local\ars.cache
2012-07-10 11:05 - 2012-07-10 10:57 - 00000036 ____A C:\Users\Ian\Local Settings\housecall.guid.cache
2012-07-10 11:05 - 2012-07-10 10:57 - 00000036 ____A C:\Users\Ian\Local Settings\Application Data\housecall.guid.cache
2012-07-10 11:05 - 2012-07-10 10:57 - 00000036 ____A C:\Users\Ian\AppData\Local\housecall.guid.cache
2012-07-09 20:15 - 2012-07-03 20:30 - 00000222 ____A C:\Users\Ian\My Documents\Grad Schools.txt
2012-07-09 20:15 - 2012-07-03 20:30 - 00000222 ____A C:\Users\Ian\Documents\Grad Schools.txt
2012-07-04 16:14 - 2012-07-04 16:14 - 00000000 ____A C:\Windows\System32\diagnostic.log
2012-06-27 20:12 - 2009-07-13 21:08 - 00009902 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-06-27 20:04 - 2012-06-27 20:04 - 00000109 ____A C:\Windows\TMFilter.log
2012-06-27 19:53 - 2012-06-01 11:02 - 00000564 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2012-06-27 12:27 - 2012-06-27 12:23 - 00000047 ____A C:\Users\Ian\Downloads\OFCNTINST.LOG
2012-06-27 12:26 - 2012-04-27 12:12 - 00001945 ____A C:\Windows\epplauncher.mif
2012-06-20 13:11 - 2012-04-27 10:23 - 00027395 ____A C:\Windows\DirectX.log
2012-06-20 12:26 - 2012-06-20 12:26 - 00000221 ____A C:\Users\Ian\Desktop\Magic The Gathering - Duels of the Planeswalkers 2013 Demo.url
2012-06-20 11:42 - 2012-06-20 11:42 - 00006188 ____A C:\Users\Ian\Desktop\pso2launcher - Shortcut.lnk
2012-06-16 07:04 - 2012-06-16 06:51 - 00000089 ____A C:\Windows\EWF520.ini
2012-06-16 02:29 - 2012-06-15 16:31 - 572685077 ____A C:\Users\Ian\Downloads\pso2openbetaclient.rar
2012-06-11 19:08 - 2012-07-10 23:03 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-08 21:43 - 2012-07-10 12:28 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 20:41 - 2012-07-10 12:28 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-05 22:06 - 2012-07-10 12:29 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 22:06 - 2012-07-10 12:29 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 22:02 - 2012-07-10 12:17 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-05 21:05 - 2012-07-10 12:29 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 21:05 - 2012-07-10 12:29 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-05 21:03 - 2012-07-10 12:17 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-06-02 14:19 - 2012-06-21 06:53 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-21 06:53 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-21 06:53 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-21 06:53 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-21 06:53 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-21 06:53 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-21 06:53 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 11:19 - 2012-06-21 06:53 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 11:15 - 2012-06-21 06:53 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 04:49 - 2012-07-10 23:00 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 04:17 - 2012-07-10 23:00 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 04:12 - 2012-07-10 23:00 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 04:05 - 2012-07-10 23:00 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 04:05 - 2012-07-10 23:00 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 04:04 - 2012-07-10 23:00 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 04:04 - 2012-07-10 23:00 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 04:03 - 2012-07-10 23:00 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 04:01 - 2012-07-10 23:00 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 04:00 - 2012-07-10 23:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 03:59 - 2012-07-10 23:00 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 03:57 - 2012-07-10 23:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 03:57 - 2012-07-10 23:00 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 03:54 - 2012-07-10 23:00 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-02 01:07 - 2012-07-10 23:00 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-02 00:43 - 2012-07-10 23:00 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-02 00:33 - 2012-07-10 23:00 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-02 00:26 - 2012-07-10 23:00 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-02 00:25 - 2012-07-10 23:00 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-02 00:25 - 2012-07-10 23:00 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-02 00:23 - 2012-07-10 23:00 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-02 00:21 - 2012-07-10 23:00 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-02 00:20 - 2012-07-10 23:00 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-02 00:19 - 2012-07-10 23:00 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-02 00:19 - 2012-07-10 23:00 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-02 00:17 - 2012-07-10 23:00 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-02 00:16 - 2012-07-10 23:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-02 00:14 - 2012-07-10 23:00 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-01 21:50 - 2012-07-10 12:28 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 21:48 - 2012-07-10 12:28 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 21:48 - 2012-07-10 12:28 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 21:45 - 2012-07-10 12:28 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 21:44 - 2012-07-10 12:28 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 20:40 - 2012-07-10 12:28 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 20:40 - 2012-07-10 12:28 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 20:39 - 2012-07-10 12:28 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-01 20:34 - 2012-07-10 12:28 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-06-01 16:56 - 2012-06-01 16:56 - 00001571 ____A C:\Users\Ian\Desktop\PHANTASY STAR ONLINE 2 ??????????????.lnk
2012-05-31 23:00 - 2011-02-10 08:10 - 00799920 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-05-29 18:02 - 2012-05-29 18:01 - 00739832 ____A (Google Inc.) C:\Users\Ian\Downloads\GoogleVoiceAndVideoSetup.exe
2012-05-22 22:16 - 2012-05-18 09:57 - 00002096 ____A C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2012-05-22 22:16 - 2012-05-18 09:57 - 00002096 ____A C:\Users\All Users\Desktop\McAfee Security Scan Plus.lnk
2012-05-21 20:41 - 2012-05-21 20:41 - 00001043 ____A C:\Users\Ian\Desktop\online - Shortcut.lnk
2012-05-20 15:12 - 2012-05-20 15:12 - 00892360 ____A (Oracle Corporation) C:\Users\Ian\Downloads\jxpiinstall.exe
2012-05-20 15:11 - 2012-05-20 15:11 - 00278561 ____A C:\Users\Ian\Downloads\Minecraft.exe
2012-05-18 22:10 - 2012-05-18 22:10 - 14723352 ____A (AOL Inc.) C:\Users\Ian\Downloads\AIM_Install.exe
2012-05-18 22:10 - 2012-05-18 22:10 - 00001032 ____A C:\Users\Ian\Desktop\AIM.lnk
2012-05-18 10:44 - 2012-05-18 10:28 - 352689452 ____A C:\Users\Ian\Downloads\shpsobb-newinclient-1.25.10-rel4.exe
2012-05-18 09:54 - 2012-05-18 09:54 - 00001136 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-05-18 09:54 - 2012-05-18 09:54 - 00001136 ____A C:\Users\All Users\Desktop\Mozilla Firefox.lnk
2012-05-15 15:06 - 2012-07-10 12:12 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-05-15 15:06 - 2012-07-10 12:12 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-05-04 15:29 - 2012-07-10 12:13 - 00227720 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-05-04 15:29 - 2012-05-20 15:14 - 00772504 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2012-05-04 15:29 - 2012-05-20 15:14 - 00687504 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2012-05-04 03:06 - 2012-06-12 12:20 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 02:03 - 2012-06-12 12:20 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 02:03 - 2012-06-12 12:20 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-04-30 21:40 - 2012-06-12 12:20 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-27 19:55 - 2012-06-12 12:19 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-27 12:09 - 2012-04-27 12:09 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2012-04-27 11:54 - 2011-02-10 08:03 - 00003652 ____A C:\Windows\TSSysprep.log
2012-04-27 11:53 - 2012-04-27 11:53 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_Apfiltr_01009.Wdf
2012-04-27 11:34 - 2012-04-27 11:34 - 00000215 ____A C:\Users\Public\Desktop\My Identity Protection.url
2012-04-27 11:34 - 2012-04-27 11:34 - 00000215 ____A C:\Users\All Users\Desktop\My Identity Protection.url
2012-04-27 11:04 - 2009-07-13 21:01 - 00108227 ____A C:\Windows\SysWOW64\license.rtf
2012-04-27 11:04 - 2009-07-13 21:01 - 00108227 ____A C:\Windows\System32\license.rtf
2012-04-27 10:46 - 2009-07-13 20:46 - 00004059 ____A C:\Windows\DtcInstall.log
2012-04-27 10:28 - 2009-07-13 18:34 - 00000435 ____A C:\Windows\win.ini
2012-04-27 10:20 - 2012-04-27 10:20 - 00000546 ____A C:\Windows\NLSDownlevelMapping.log
2012-04-27 10:14 - 2012-04-27 10:14 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_iwdbus_01009.Wdf
2012-04-27 10:13 - 2012-04-27 10:13 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_iBtFltCoex_01009.Wdf
2012-04-27 10:13 - 2012-04-27 10:13 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_btmaux_01009.Wdf
2012-04-27 10:13 - 2012-04-27 10:12 - 00009126 ____A C:\Windows\DPINST.LOG
2012-04-27 10:12 - 2012-04-27 10:12 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_AMPPAL_01009.Wdf
2012-04-27 10:10 - 2012-04-27 10:15 - 29475354 ____A C:\Windows\RPSETUP.EXE.LOG
2012-04-27 10:05 - 2012-04-27 10:05 - 00058824 ____A C:\Users\Ian\Local Settings\GDIPFONTCACHEV1.DAT
2012-04-27 10:05 - 2012-04-27 10:05 - 00058824 ____A C:\Users\Ian\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2012-04-27 10:05 - 2012-04-27 10:05 - 00058824 ____A C:\Users\Ian\AppData\Local\GDIPFONTCACHEV1.DAT
2012-04-27 10:04 - 2012-04-27 10:04 - 00000020 ___SH C:\Users\Ian\ntuser.ini
2012-04-26 10:26 - 2012-04-26 10:26 - 00031985 __RAH C:\dell.sdr
2012-04-26 10:26 - 2012-04-26 10:26 - 00000012 ____A C:\Windows\csup.txt
2012-04-26 10:22 - 2012-04-26 10:22 - 02871808 ____A (Microsoft Corporation) C:\Windows\explorer.exe
2012-04-26 10:22 - 2012-04-26 10:22 - 02616320 ____A (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2012-04-26 10:22 - 2012-04-26 10:22 - 02565632 ____A (Microsoft Corporation) C:\Windows\System32\esent.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 02315776 ____A (Microsoft Corporation) C:\Windows\System32\tquery.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 02223616 ____A (Microsoft Corporation) C:\Windows\System32\mssrch.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 01731920 ____A (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 01699328 ____A (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 01659776 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2012-04-26 10:22 - 2012-04-26 10:22 - 01572864 ____A (Microsoft Corporation) C:\Windows\System32\quartz.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 01549312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 01447936 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 01401344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 01395712 ____A (Microsoft Corporation) C:\Windows\System32\mfc42.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 01359872 ____A (Microsoft Corporation) C:\Windows\System32\mfc42u.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 01328128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 01292080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 01164288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfc42u.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 01162752 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 01139200 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 01137664 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfc42.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 01118720 ____A (Microsoft Corporation) C:\Windows\System32\sbe.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00976896 ____A (Microsoft Corporation) C:\Windows\System32\inetcomm.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00961024 ____A (Microsoft Corporation) C:\Windows\System32\CPFilters.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00951680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys

 

[Icmc13]

2012-04-26 10:22 - 2012-04-26 10:22 - 00902656 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00861696 ____A (Microsoft Corporation) C:\Windows\System32\oleaut32.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00850944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sbe.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00800256 ____A (Microsoft Corporation) C:\Windows\System32\usp10.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00778752 ____A (Microsoft Corporation) C:\Windows\System32\mssvp.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00741376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00739840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00723456 ____A (Microsoft Corporation) C:\Windows\System32\EncDec.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00666624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00642944 ____A (Microsoft Corporation) C:\Windows\System32\winload.efi
2012-04-26 10:22 - 2012-04-26 10:22 - 00642048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00634880 ____A (Microsoft Corporation) C:\Windows\System32\msvcrt.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00626176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00613888 ____A (Microsoft Corporation) C:\Windows\System32\psisdecd.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00605552 ____A (Microsoft Corporation) C:\Windows\System32\winload.exe
2012-04-26 10:22 - 2012-04-26 10:22 - 00591872 ____A (Microsoft Corporation) C:\Windows\System32\SearchIndexer.exe
2012-04-26 10:22 - 2012-04-26 10:22 - 00571904 ____A (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00566208 ____A (Microsoft Corporation) C:\Windows\System32\winresume.efi
2012-04-26 10:22 - 2012-04-26 10:22 - 00552960 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bthport.sys
2012-04-26 10:22 - 2012-04-26 10:22 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00534528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00518672 ____A (Microsoft Corporation) C:\Windows\System32\winresume.exe
2012-04-26 10:22 - 2012-04-26 10:22 - 00515584 ____A (Microsoft Corporation) C:\Windows\System32\timedate.cpl
2012-04-26 10:22 - 2012-04-26 10:22 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00509952 ____A (Microsoft Corporation) C:\Windows\System32\ntshrui.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00498688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2012-04-26 10:22 - 2012-04-26 10:22 - 00491520 ____A (Microsoft Corporation) C:\Windows\System32\mssph.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00478720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl
2012-04-26 10:22 - 2012-04-26 10:22 - 00476160 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00467456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srv.sys
2012-04-26 10:22 - 2012-04-26 10:22 - 00465408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\psisdecd.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00442880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00427520 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2012-04-26 10:22 - 2012-04-26 10:22 - 00421888 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00419744 ____A C:\Windows\SysWOW64\locale.nls
2012-04-26 10:22 - 2012-04-26 10:22 - 00419744 ____A C:\Windows\System32\locale.nls
2012-04-26 10:22 - 2012-04-26 10:22 - 00410496 ____A (Intel Corporation) C:\Windows\System32\Drivers\iaStorV.sys
2012-04-26 10:22 - 2012-04-26 10:22 - 00410112 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srv2.sys
2012-04-26 10:22 - 2012-04-26 10:22 - 00404480 ____A (Microsoft Corporation) C:\Windows\System32\umpnpmgr.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00395776 ____A (Microsoft Corporation) C:\Windows\System32\webio.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00357888 ____A (Microsoft Corporation) C:\Windows\System32\dnsapi.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00343040 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbhub.sys
2012-04-26 10:22 - 2012-04-26 10:22 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2012-04-26 10:22 - 2012-04-26 10:22 - 00337408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00331776 ____A (Microsoft Corporation) C:\Windows\System32\oleacc.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00325120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbport.sys
2012-04-26 10:22 - 2012-04-26 10:22 - 00319488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbcjt32.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00314880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00294912 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00288768 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb10.sys
2012-04-26 10:22 - 2012-04-26 10:22 - 00288256 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00288256 ____A (Microsoft Corporation) C:\Windows\System32\mssphtb.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00272384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00270336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00267776 ____A (Microsoft Corporation) C:\Windows\System32\FXSCOVER.exe
2012-04-26 10:22 - 2012-04-26 10:22 - 00259072 ____A (Microsoft Corporation) C:\Windows\System32\mpg2splt.ax
2012-04-26 10:22 - 2012-04-26 10:22 - 00257024 ____A (Microsoft Corporation) C:\Windows\System32\mfreadwrite.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00252928 ____A (Microsoft Corporation) C:\Windows\SysWOW64\drvinst.exe
2012-04-26 10:22 - 2012-04-26 10:22 - 00249856 ____A (Microsoft Corporation) C:\Windows\System32\SearchProtocolHost.exe
2012-04-26 10:22 - 2012-04-26 10:22 - 00246784 ____A (Microsoft Corporation) C:\Windows\System32\input.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00233472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\oleacc.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00214528 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00212992 ____A (Microsoft Corporation) C:\Windows\System32\odbctrac.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00202240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\input.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00199680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mpg2splt.ax
2012-04-26 10:22 - 2012-04-26 10:22 - 00199680 ____A (Microsoft Corporation) C:\Windows\System32\xmllite.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00197120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00196608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00189824 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\storport.sys
2012-04-26 10:22 - 2012-04-26 10:22 - 00183296 ____A (Microsoft Corporation) C:\Windows\System32\dnsrslvr.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xmllite.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00168448 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\srvnet.sys
2012-04-26 10:22 - 2012-04-26 10:22 - 00166272 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvstor.sys
2012-04-26 10:22 - 2012-04-26 10:22 - 00164352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2012-04-26 10:22 - 2012-04-26 10:22 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbctrac.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\umpo.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\odbccp32.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00158208 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb.sys
2012-04-26 10:22 - 2012-04-26 10:22 - 00148352 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvraid.sys
2012-04-26 10:22 - 2012-04-26 10:22 - 00145920 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cfgmgr32.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00128000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb20.sys
2012-04-26 10:22 - 2012-04-26 10:22 - 00122880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbccp32.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00113664 ____A (Microsoft Corporation) C:\Windows\System32\SearchFilterHost.exe
2012-04-26 10:22 - 2012-04-26 10:22 - 00108032 ____A (Microsoft Corporation) C:\Windows\System32\psisrndr.ax
2012-04-26 10:22 - 2012-04-26 10:22 - 00107904 ____A (Advanced Micro Devices) C:\Windows\System32\Drivers\amdsata.sys
2012-04-26 10:22 - 2012-04-26 10:22 - 00106496 ____A (Microsoft Corporation) C:\Windows\System32\odbccu32.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00106496 ____A (Microsoft Corporation) C:\Windows\System32\odbccr32.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00100864 ____A (Microsoft Corporation) C:\Windows\System32\fontsub.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00099328 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbccgp.sys
2012-04-26 10:22 - 2012-04-26 10:22 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\fsutil.exe
2012-04-26 10:22 - 2012-04-26 10:22 - 00091648 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\USBSTOR.SYS
2012-04-26 10:22 - 2012-04-26 10:22 - 00086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2012-04-26 10:22 - 2012-04-26 10:22 - 00086016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbccu32.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00081920 ____A (Microsoft Corporation) C:\Windows\SysWOW64\odbccr32.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00080384 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\BTHUSB.SYS
2012-04-26 10:22 - 2012-04-26 10:22 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\packager.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00075776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\psisrndr.ax
2012-04-26 10:22 - 2012-04-26 10:22 - 00075264 ____A (Microsoft Corporation) C:\Windows\System32\msscntrs.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\fsutil.exe
2012-04-26 10:22 - 2012-04-26 10:22 - 00070656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00067072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00064512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\devobj.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00059392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00052736 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbehci.sys
2012-04-26 10:22 - 2012-04-26 10:22 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00044544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\devrtl.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00031232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\prevhost.exe
2012-04-26 10:22 - 2012-04-26 10:22 - 00031232 ____A (Microsoft Corporation) C:\Windows\System32\prevhost.exe
2012-04-26 10:22 - 2012-04-26 10:22 - 00031232 ____A (Microsoft Corporation) C:\Windows\System32\lsass.exe
2012-04-26 10:22 - 2012-04-26 10:22 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbuhci.sys
2012-04-26 10:22 - 2012-04-26 10:22 - 00030208 ____A (Microsoft Corporation) C:\Windows\System32\dnscacheugc.exe
2012-04-26 10:22 - 2012-04-26 10:22 - 00029184 ____A (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00028672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dnscacheugc.exe
2012-04-26 10:22 - 2012-04-26 10:22 - 00028160 ____A (Microsoft Corporation) C:\Windows\System32\secur32.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00027520 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Diskdump.sys
2012-04-26 10:22 - 2012-04-26 10:22 - 00027008 ____A (Advanced Micro Devices) C:\Windows\System32\Drivers\amdxata.sys
2012-04-26 10:22 - 2012-04-26 10:22 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2012-04-26 10:22 - 2012-04-26 10:22 - 00025600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbohci.sys
2012-04-26 10:22 - 2012-04-26 10:22 - 00020352 ____A (Microsoft Corporation) C:\Windows\System32\kdusb.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00019328 ____A (Microsoft Corporation) C:\Windows\System32\kd1394.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00017792 ____A (Microsoft Corporation) C:\Windows\System32\kdcom.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00007936 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usbd.sys
2012-04-26 10:22 - 2012-04-26 10:22 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2012-04-26 10:22 - 2012-04-26 10:22 - 00007680 ____A (Microsoft Corporation) C:\Windows\System32\KBDINTAM.DLL
2012-04-26 10:22 - 2012-04-26 10:22 - 00007680 ____A (Microsoft Corporation) C:\Windows\System32\KBDINMAL.DLL
2012-04-26 10:22 - 2012-04-26 10:22 - 00007680 ____A (Microsoft Corporation) C:\Windows\System32\KBDINDEV.DLL
2012-04-26 10:22 - 2012-04-26 10:22 - 00007680 ____A (Microsoft Corporation) C:\Windows\System32\KBDINBEN.DLL
2012-04-26 10:22 - 2012-04-26 10:22 - 00007168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDINTAM.DLL
2012-04-26 10:22 - 2012-04-26 10:22 - 00007168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDINORI.DLL
2012-04-26 10:22 - 2012-04-26 10:22 - 00007168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDINMAR.DLL
2012-04-26 10:22 - 2012-04-26 10:22 - 00007168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDINMAL.DLL
2012-04-26 10:22 - 2012-04-26 10:22 - 00007168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDINKAN.DLL
2012-04-26 10:22 - 2012-04-26 10:22 - 00007168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDINHIN.DLL
2012-04-26 10:22 - 2012-04-26 10:22 - 00007168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDINDEV.DLL
2012-04-26 10:22 - 2012-04-26 10:22 - 00007168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDINBEN.DLL
2012-04-26 10:22 - 2012-04-26 10:22 - 00007168 ____A (Microsoft Corporation) C:\Windows\System32\KBDINTEL.DLL
2012-04-26 10:22 - 2012-04-26 10:22 - 00007168 ____A (Microsoft Corporation) C:\Windows\System32\KBDINPUN.DLL
2012-04-26 10:22 - 2012-04-26 10:22 - 00007168 ____A (Microsoft Corporation) C:\Windows\System32\KBDINORI.DLL
2012-04-26 10:22 - 2012-04-26 10:22 - 00007168 ____A (Microsoft Corporation) C:\Windows\System32\KBDINMAR.DLL
2012-04-26 10:22 - 2012-04-26 10:22 - 00007168 ____A (Microsoft Corporation) C:\Windows\System32\KBDINKAN.DLL
2012-04-26 10:22 - 2012-04-26 10:22 - 00007168 ____A (Microsoft Corporation) C:\Windows\System32\KBDINHIN.DLL
2012-04-26 10:22 - 2012-04-26 10:22 - 00007168 ____A (Microsoft Corporation) C:\Windows\System32\KBDINGUJ.DLL
2012-04-26 10:22 - 2012-04-26 10:22 - 00007168 ____A (Microsoft Corporation) C:\Windows\System32\KBDINEN.DLL
2012-04-26 10:22 - 2012-04-26 10:22 - 00007168 ____A (Microsoft Corporation) C:\Windows\System32\KBDINBE2.DLL
2012-04-26 10:22 - 2012-04-26 10:22 - 00007168 ____A (Microsoft Corporation) C:\Windows\System32\KBDINBE1.DLL
2012-04-26 10:22 - 2012-04-26 10:22 - 00007168 ____A (Microsoft Corporation) C:\Windows\System32\KBDINASA.DLL
2012-04-26 10:22 - 2012-04-26 10:22 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDINTEL.DLL
2012-04-26 10:22 - 2012-04-26 10:22 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDINPUN.DLL
2012-04-26 10:22 - 2012-04-26 10:22 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDINGUJ.DLL
2012-04-26 10:22 - 2012-04-26 10:22 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDINBE2.DLL
2012-04-26 10:22 - 2012-04-26 10:22 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDINBE1.DLL
2012-04-26 10:22 - 2012-04-26 10:22 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KBDINASA.DLL
2012-04-26 10:22 - 2012-04-26 10:22 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2012-04-26 10:22 - 2012-04-26 10:22 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-04-26 10:22 - 2012-04-26 10:22 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-04-26 10:11 - 2012-04-26 10:11 - 00005241 ____A C:\Windows\SysWOW64\Drivers\1028_Dell_INS_N5110.mrk
2012-04-26 10:11 - 2012-04-26 10:11 - 00005241 ____A C:\Windows\System32\Drivers\1028_Dell_INS_N5110.mrk
2012-04-26 10:10 - 2012-04-26 10:10 - 03695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2012-04-26 10:10 - 2012-04-26 10:10 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-04-26 10:10 - 2012-04-26 10:10 - 00697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-04-26 10:10 - 2012-04-26 10:10 - 00603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-04-26 10:10 - 2012-04-26 10:10 - 00580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-04-26 10:10 - 2012-04-26 10:10 - 00534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-04-26 10:10 - 2012-04-26 10:10 - 00452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-04-26 10:10 - 2012-04-26 10:10 - 00448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-04-26 10:10 - 2012-04-26 10:10 - 00434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2012-04-26 10:10 - 2012-04-26 10:10 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-04-26 10:10 - 2012-04-26 10:10 - 00403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-04-26 10:10 - 2012-04-26 10:10 - 00367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-04-26 10:10 - 2012-04-26 10:10 - 00353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2012-04-26 10:10 - 2012-04-26 10:10 - 00353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-04-26 10:10 - 2012-04-26 10:10 - 00282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-04-26 10:10 - 2012-04-26 10:10 - 00267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-04-26 10:10 - 2012-04-26 10:10 - 00249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-04-26 10:10 - 2012-04-26 10:10 - 00227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2012-04-26 10:10 - 2012-04-26 10:10 - 00223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2012-04-26 10:10 - 2012-04-26 10:10 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-04-26 10:10 - 2012-04-26 10:10 - 00203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2012-04-26 10:10 - 2012-04-26 10:10 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-04-26 10:10 - 2012-04-26 10:10 - 00165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-04-26 10:10 - 2012-04-26 10:10 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2012-04-26 10:10 - 2012-04-26 10:10 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-04-26 10:10 - 2012-04-26 10:10 - 00162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2012-04-26 10:10 - 2012-04-26 10:10 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2012-04-26 10:10 - 2012-04-26 10:10 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-04-26 10:10 - 2012-04-26 10:10 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-04-26 10:10 - 2012-04-26 10:10 - 00152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2012-04-26 10:10 - 2012-04-26 10:10 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2012-04-26 10:10 - 2012-04-26 10:10 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-04-26 10:10 - 2012-04-26 10:10 - 00145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-04-26 10:10 - 2012-04-26 10:10 - 00135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-04-26 10:10 - 2012-04-26 10:10 - 00130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2012-04-26 10:10 - 2012-04-26 10:10 - 00123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2012-04-26 10:10 - 2012-04-26 10:10 - 00118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-04-26 10:10 - 2012-04-26 10:10 - 00114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-04-26 10:10 - 2012-04-26 10:10 - 00111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-04-26 10:10 - 2012-04-26 10:10 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2012-04-26 10:10 - 2012-04-26 10:10 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-04-26 10:10 - 2012-04-26 10:10 - 00101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2012-04-26 10:10 - 2012-04-26 10:10 - 00091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-04-26 10:10 - 2012-04-26 10:10 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-04-26 10:10 - 2012-04-26 10:10 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-04-26 10:10 - 2012-04-26 10:10 - 00086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2012-04-26 10:10 - 2012-04-26 10:10 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-04-26 10:10 - 2012-04-26 10:10 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-04-26 10:10 - 2012-04-26 10:10 - 00078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2012-04-26 10:10 - 2012-04-26 10:10 - 00076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2012-04-26 10:10 - 2012-04-26 10:10 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-04-26 10:10 - 2012-04-26 10:10 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2012-04-26 10:10 - 2012-04-26 10:10 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2012-04-26 10:10 - 2012-04-26 10:10 - 00074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2012-04-26 10:10 - 2012-04-26 10:10 - 00066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2012-04-26 10:10 - 2012-04-26 10:10 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-04-26 10:10 - 2012-04-26 10:10 - 00063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2012-04-26 10:10 - 2012-04-26 10:10 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-04-26 10:10 - 2012-04-26 10:10 - 00054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2012-04-26 10:10 - 2012-04-26 10:10 - 00049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-04-26 10:10 - 2012-04-26 10:10 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2012-04-26 10:10 - 2012-04-26 10:10 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-04-26 10:10 - 2012-04-26 10:10 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-04-26 10:10 - 2012-04-26 10:10 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-04-26 10:10 - 2012-04-26 10:10 - 00035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2012-04-26 10:10 - 2012-04-26 10:10 - 00031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2012-04-26 10:10 - 2012-04-26 10:10 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-04-26 10:10 - 2012-04-26 10:10 - 00023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-04-26 10:10 - 2012-04-26 10:10 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-04-26 10:10 - 2012-04-26 10:10 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2012-04-26 10:10 - 2012-04-26 10:10 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-04-26 10:10 - 2012-04-26 10:10 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-04-26 10:08 - 2009-07-13 21:38 - 00025600 __ASH C:\Windows\System32\config\BCD-Template.LOG
2012-04-26 10:08 - 2009-07-13 21:32 - 00028672 ____A C:\Windows\System32\config\BCD-Template
2012-04-25 21:41 - 2012-06-12 12:20 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 21:41 - 2012-06-12 12:20 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 21:34 - 2012-06-12 12:20 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-23 21:37 - 2012-06-12 12:19 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-23 21:37 - 2012-06-12 12:19 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 21:37 - 2012-06-12 12:19 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-23 20:36 - 2012-06-12 12:19 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-04-23 20:36 - 2012-06-12 12:19 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-04-23 20:36 - 2012-06-12 12:19 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 11%
Total physical RAM: 6051.18 MB
Available physical RAM: 5357.96 MB
Total Pagefile: 6049.38 MB
Available Pagefile: 5348.76 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:911.66 GB) (Free:846.26 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:19.81 GB) (Free:7.61 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive e: (KINGSTON) (Removable) (Total:3.72 GB) (Free:1.3 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 0 B
Disk 1 Online 3822 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 19 GB 40 MB
Partition 3 Primary 911 GB 19 GB

==================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 FAT Partition 39 MB Healthy Hidden

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 D RECOVERY NTFS Partition 19 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 911 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3818 MB 4032 KB

==================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E KINGSTON FAT32 Removable 3818 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-06-19 10:52

======================= End Of Log ==========================

 

[Broni]

Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Next....

Restart normally.

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Never rename Combofix unless instructed.
• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
• Double click on combofix.exe & follow the prompts.

• 
  NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe

• Double-click on the Rkill icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

 

[Icmc13]

SubSystems: [Windows] ==> ZeroAccess
C:\Windows\System32\consrv.dll
HKU\Ian\...\Run: [0i763f66bz] C:\Users\Ian\0i763f66bz.exe [x]
HKU\Ian\...\Run: [Regedit32] C:\Windows\system32\regedit.exe [x]
Replace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\Windows\System32\services.exe


I have a question before I run combofix, how do I disable my anti-malware and anti-spyware programs? As mentioned before I have Trend Micro Office scan, in addition it seems I have McAfee as well. I also looked to shut off the windows firewall, and that kept giving me errors and not allowing me to the page where I can toggle it on and off

 

[Icmc13]

Sorry, I found the link in your post. I ran combofix and here's the txt file! The only problem I had with it was that it said that Microsoft Security Essentials was running. But I don't even think I have it on this computer anymore, when it first popped up I tried looking for the program to disable it but all my searches found nothing when looking for the program. I even manually searched my program files for it with no luck.

ComboFix 12-07-12.02 - Ian 07/12/2012 14:56:34.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6051.3889 [GMT -4:00]
Running from: c:\users\Ian\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\5907\Downloads\246b20c1-8ea9-4148-a34e-d03c8a1d5a76.dll
c:\programdata\PCDr\5907\Downloads\27e5bc9a-105f-4d7f-8352-e6ef1c8933dd.dll
c:\programdata\Roaming
.
.
((((((((((((((((((((((((( Files Created from 2012-06-12 to 2012-07-12 )))))))))))))))))))))))))))))))
.
.
2012-07-12 03:36 . 2012-07-12 03:36 -------- d-----w- C:\FRST
2012-07-11 07:03 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-10 20:37 . 2012-07-11 07:56 129024 ----a-w- c:\windows\RegBootClean64.exe
2012-07-10 20:37 . 2012-07-11 07:56 102400 ----a-w- c:\windows\RegBootClean.exe
2012-07-10 20:29 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-10 20:29 . 2012-06-06 06:06 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-07-10 20:29 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-07-10 20:29 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-07-10 20:29 . 2010-06-26 03:55 2048 ----a-w- c:\windows\system32\msxml3r.dll
2012-07-10 20:29 . 2010-06-26 03:24 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2012-07-10 20:28 . 2012-06-02 05:50 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-07-10 20:28 . 2012-06-02 05:48 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-10 20:28 . 2012-06-02 05:48 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-07-10 20:28 . 2012-06-02 05:45 340992 ----a-w- c:\windows\system32\schannel.dll
2012-07-10 20:28 . 2012-06-02 05:44 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-10 20:28 . 2012-06-02 04:40 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-07-10 20:28 . 2012-06-02 04:40 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-07-10 20:28 . 2012-06-02 04:39 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-07-10 20:28 . 2012-06-02 04:34 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-07-10 20:13 . 2012-07-10 20:13 -------- d-----w- c:\program files (x86)\Oracle
2012-07-05 00:11 . 2012-07-10 20:37 -------- d-----w- C:\TMQuarantine
2012-06-28 04:05 . 2012-06-28 04:05 -------- d-----w- c:\program files (x86)\Dell Digital Delivery
2012-06-27 20:28 . 2012-06-27 20:28 -------- d-----w- c:\windows\system32\log
2012-06-27 20:27 . 2012-06-27 20:27 -------- d-----w- c:\program files (x86)\Trend Micro
2012-06-27 20:23 . 2012-06-27 20:23 -------- d-----w- c:\users\Ian\AppData\Local\Trend Micro
2012-06-25 04:50 . 2012-07-12 16:35 -------- d-----w- c:\users\Ian\AppData\Local\Nero
2012-06-25 04:50 . 2012-06-25 04:50 -------- d-----w- c:\users\Ian\AppData\Roaming\Nero
2012-06-23 06:03 . 2012-06-23 06:03 -------- d-----w- c:\users\Ian\AppData\Local\Macromedia
2012-06-22 17:31 . 2012-06-22 17:31 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-06-21 14:53 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 14:53 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 14:53 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 14:53 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 14:53 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 14:53 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 14:53 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 14:53 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 14:53 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-20 21:11 . 2008-10-15 10:22 2605920 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2012-06-20 21:11 . 2008-10-15 10:22 2036576 ----a-w- c:\windows\SysWow64\D3DCompiler_40.dll
2012-06-20 21:11 . 2008-10-15 10:22 5631312 ----a-w- c:\windows\system32\D3DX9_40.dll
2012-06-20 20:22 . 2012-06-28 03:57 -------- d-----w- c:\program files (x86)\Common Files\Steam
2012-06-20 20:22 . 2012-07-12 16:20 -------- d-----w- c:\program files (x86)\Steam
2012-06-20 05:47 . 2012-06-26 22:48 -------- d-----w- c:\users\Ian\AppData\Local\Microsoft Games
2012-06-19 21:35 . 2012-06-19 21:35 4967624 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2012-06-16 21:54 . 2012-06-16 21:54 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-06-16 15:04 . 2012-06-16 15:04 -------- d-----w- c:\users\Ian\AppData\Roaming\Leadertech
2012-06-16 15:03 . 2007-09-07 21:33 135168 ----a-w- c:\windows\SysWow64\EEBAPI.dll
2012-06-16 15:03 . 2007-03-28 22:26 65536 ----a-w- c:\windows\SysWow64\EEBUtil.dll
2012-06-16 15:03 . 2006-12-19 22:31 110592 ----a-w- c:\windows\SysWow64\EEBDSCVR.dll
2012-06-16 14:57 . 2006-10-31 04:10 51360 ----a-w- c:\windows\SysWow64\EpPicPrt.dll
2012-06-16 14:57 . 2006-10-31 04:10 51360 ----a-w- c:\windows\SysWow64\EpPicMgr.dll
2012-06-16 14:57 . 2006-10-20 04:10 80024 ----a-w- c:\windows\SysWow64\PICSDK.dll
2012-06-16 14:57 . 2006-10-20 04:10 501912 ----a-w- c:\windows\SysWow64\PICSDK2.dll
2012-06-16 14:57 . 2006-10-20 04:10 108704 ----a-w- c:\windows\SysWow64\PICEntry.dll
2012-06-16 14:57 . 2012-06-16 14:57 -------- d-----w- c:\users\Ian\AppData\Roaming\InstallShield
2012-06-16 14:57 . 2008-11-11 19:00 118784 ----a-w- c:\windows\system32\E_ILMGIA.DLL
2012-06-16 14:57 . 2009-09-30 21:01 88064 ----a-w- c:\windows\system32\E_IBCBGIA.DLL
2012-06-16 14:57 . 2012-06-16 15:03 -------- d-----w- c:\programdata\EPSON
2012-06-16 14:56 . 2012-06-16 14:59 -------- d-----w- c:\program files (x86)\Epson Software
2012-06-16 14:55 . 2012-06-16 15:04 -------- d-----w- c:\program files (x86)\epson
2012-06-16 14:55 . 2009-11-20 04:00 464384 ----a-w- c:\windows\system32\esxw2ud.dll
2012-06-16 14:55 . 2009-05-01 04:00 17408 ----a-w- c:\windows\system32\esxcdev.dll
2012-06-16 14:55 . 2009-05-01 04:00 128392 ----a-w- c:\windows\system32\esdevapp.exe
2012-06-16 13:52 . 2012-04-09 20:34 3957088 ----a-w- c:\windows\SysWow64\GameMon.des
2012-06-16 13:52 . 2012-06-16 13:52 -------- d-----w- c:\program files\Common Files\INCA Shared
2012-06-15 07:26 . 2012-06-15 07:26 -------- d-----w- c:\users\Ian\AppData\Roaming\SEGA
2012-06-13 20:31 . 2012-06-13 20:31 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-13 20:31 . 2012-06-13 20:31 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-12 20:20 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-12 20:20 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-12 20:20 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-12 20:20 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-06-12 20:20 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-12 20:20 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-12 20:20 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-12 20:19 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-12 20:19 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-06-12 20:19 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-12 20:19 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-06-12 20:19 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-12 20:19 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-12 20:19 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-12 20:19 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-12 20:19 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-11 22:56 . 2012-04-27 18:00 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 22:56 . 2012-04-27 18:00 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-04 23:29 . 2012-05-20 23:14 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-05-04 23:29 . 2012-05-20 23:14 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-27 18:41 . 2010-06-24 16:33 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-04-26 18:22 . 2012-04-26 18:22 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
2012-04-26 18:22 . 2012-04-26 18:22 31232 ----a-w- c:\windows\system32\prevhost.exe
2012-04-26 18:22 . 2012-04-26 18:22 86528 ----a-w- c:\windows\SysWow64\SearchFilterHost.exe
2012-04-26 18:22 . 2012-04-26 18:22 778752 ----a-w- c:\windows\system32\mssvp.dll
2012-04-26 18:22 . 2012-04-26 18:22 75264 ----a-w- c:\windows\system32\msscntrs.dll
2012-04-26 18:22 . 2012-04-26 18:22 666624 ----a-w- c:\windows\SysWow64\mssvp.dll
2012-04-26 18:22 . 2012-04-26 18:22 59392 ----a-w- c:\windows\SysWow64\msscntrs.dll
2012-04-26 18:22 . 2012-04-26 18:22 591872 ----a-w- c:\windows\system32\SearchIndexer.exe
2012-04-26 18:22 . 2012-04-26 18:22 491520 ----a-w- c:\windows\system32\mssph.dll
2012-04-26 18:22 . 2012-04-26 18:22 427520 ----a-w- c:\windows\SysWow64\SearchIndexer.exe
2012-04-26 18:22 . 2012-04-26 18:22 337408 ----a-w- c:\windows\SysWow64\mssph.dll
2012-04-26 18:22 . 2012-04-26 18:22 288256 ----a-w- c:\windows\system32\mssphtb.dll
2012-04-26 18:22 . 2012-04-26 18:22 249856 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2012-04-26 18:22 . 2012-04-26 18:22 2315776 ----a-w- c:\windows\system32\tquery.dll
2012-04-26 18:22 . 2012-04-26 18:22 2223616 ----a-w- c:\windows\system32\mssrch.dll
2012-04-26 18:22 . 2012-04-26 18:22 197120 ----a-w- c:\windows\SysWow64\mssphtb.dll
2012-04-26 18:22 . 2012-04-26 18:22 164352 ----a-w- c:\windows\SysWow64\SearchProtocolHost.exe
2012-04-26 18:22 . 2012-04-26 18:22 1549312 ----a-w- c:\windows\SysWow64\tquery.dll
2012-04-26 18:22 . 2012-04-26 18:22 1401344 ----a-w- c:\windows\SysWow64\mssrch.dll
2012-04-26 18:22 . 2012-04-26 18:22 113664 ----a-w- c:\windows\system32\SearchFilterHost.exe
2012-04-26 18:22 . 2012-04-26 18:22 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2012-04-26 18:22 . 2012-04-26 18:22 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2012-04-26 18:22 . 2012-04-26 18:22 976896 ----a-w- c:\windows\system32\inetcomm.dll
2012-04-26 18:22 . 2012-04-26 18:22 80384 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2012-04-26 18:22 . 2012-04-26 18:22 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
2012-04-26 18:22 . 2012-04-26 18:22 552960 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-04-26 18:22 . 2012-04-26 18:22 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2012-04-26 18:22 . 2012-04-26 18:22 1395712 ----a-w- c:\windows\system32\mfc42.dll
2012-04-26 18:22 . 2012-04-26 18:22 1359872 ----a-w- c:\windows\system32\mfc42u.dll
2012-04-26 18:22 . 2012-04-26 18:22 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll
2012-04-26 18:22 . 2012-04-26 18:22 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll
2012-04-26 18:22 . 2012-04-26 18:22 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2012-04-26 18:22 . 2012-04-26 18:22 613888 ----a-w- c:\windows\system32\psisdecd.dll
2012-04-26 18:22 . 2012-04-26 18:22 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-04-26 18:22 . 2012-04-26 18:22 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2012-04-26 18:22 . 2012-04-26 18:22 108032 ----a-w- c:\windows\system32\psisrndr.ax
2012-04-26 18:22 . 2012-04-26 18:22 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-04-26 18:22 . 2012-04-26 18:22 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-04-26 18:22 . 2012-04-26 18:22 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2012-04-26 18:22 . 2012-04-26 18:22 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2012-04-26 18:22 . 2012-04-26 18:22 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-04-26 18:22 . 2012-04-26 18:22 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2012-04-26 18:22 . 2012-04-26 18:22 404480 ----a-w- c:\windows\system32\umpnpmgr.dll
2012-04-26 18:22 . 2012-04-26 18:22 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-04-26 18:22 . 2012-04-26 18:22 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-04-26 18:22 . 2012-04-26 18:22 294912 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-04-26 18:22 . 2012-04-26 18:22 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
2012-04-26 18:22 . 2012-04-26 18:22 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2012-04-26 18:22 . 2012-04-26 18:22 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-04-26 18:22 . 2012-04-26 18:22 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2012-04-26 18:22 . 2012-04-26 18:22 100864 ----a-w- c:\windows\system32\fontsub.dll
2012-04-26 18:22 . 2012-04-26 18:22 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-04-26 18:22 . 2012-04-26 18:22 77312 ----a-w- c:\windows\system32\packager.dll
2012-04-26 18:22 . 2012-04-26 18:22 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-04-26 18:22 . 2012-04-26 18:22 723456 ----a-w- c:\windows\system32\EncDec.dll
2012-04-26 18:22 . 2012-04-26 18:22 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-04-26 18:22 . 2012-04-26 18:22 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2012-04-26 18:22 . 2012-04-26 18:22 2871808 ----a-w- c:\windows\explorer.exe
2012-04-26 18:22 . 2012-04-26 18:22 2616320 ----a-w- c:\windows\SysWow64\explorer.exe
2012-04-26 18:22 . 2012-04-26 18:22 1139200 ----a-w- c:\windows\system32\FntCache.dll
2012-04-26 18:22 . 2012-04-26 18:22 715776 ----a-w- c:\windows\system32\kerberos.dll
2012-04-26 18:22 . 2012-04-26 18:22 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
2012-04-26 18:22 . 2012-04-26 18:22 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-04-26 18:22 . 2012-04-26 18:22 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-04-26 18:22 . 2012-04-26 18:22 850944 ----a-w- c:\windows\SysWow64\sbe.dll
2012-04-26 18:22 . 2012-04-26 18:22 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2012-04-26 18:22 . 2012-04-26 18:22 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-04-26 18:22 . 2012-04-26 18:22 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-04-26 18:22 . 2012-04-26 18:22 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2012-04-26 18:22 . 2012-04-26 18:22 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-04-26 18:22 . 2012-04-26 18:22 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2012-04-26 18:22 . 2012-04-26 18:22 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-04-26 18:22 . 2012-04-26 18:22 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2012-04-26 18:22 . 2012-04-26 18:22 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-04-26 18:22 . 2012-04-26 18:22 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-04-26 18:22 . 2012-04-26 18:22 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-04-26 18:22 . 2012-04-26 18:22 421888 ----a-w- c:\windows\system32\KernelBase.dll
2012-04-26 18:22 . 2012-04-26 18:22 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-04-26 18:22 . 2012-04-26 18:22 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2012-04-26 18:22 . 2012-04-26 18:22 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2012-04-26 18:22 . 2012-04-26 18:22 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2012-04-26 18:22 . 2012-04-26 18:22 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2012-04-26 18:22 . 2012-04-26 18:22 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-04-26 18:22 . 2012-04-26 18:22 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-04-26 18:22 . 2012-04-26 18:22 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-04-26 18:22 . 2012-04-26 18:22 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-04-26 18:22 . 2012-04-26 18:22 362496 ----a-w- c:\windows\system32\wow64win.dll
2012-04-26 18:22 . 2012-04-26 18:22 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-04-26 18:22 . 2012-04-26 18:22 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-04-26 18:22 . 2012-04-26 18:22 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-04-26 18:22 . 2012-04-26 18:22 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2012-04-26 18:22 . 2012-04-26 18:22 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-04-26 18:22 . 2012-04-26 18:22 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2012-04-26 18:22 . 2012-04-26 18:22 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2012-04-26 18:22 . 2012-04-26 18:22 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="c:\users\Ian\AppData\Local\AOL\AIM\aim.exe" [2012-02-11 1263448]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-06-05 17344176]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-06-20 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-04-04 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"NeroLauncher"="c:\program files (x86)\Nero\SyncUP\NeroLauncher.exe" [2012-02-06 66872]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2012-02-01 968048]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
"FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-12-03 847872]
"OfficeScanNT Monitor"="c:\program files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe" [2011-08-29 1836592]
.
c:\users\Ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Epson all-in-one Registration.lnk - d:\common\EpsonReg\EpsonReg.exe [N/A]
Intel(R) Turbo Boost Technology Monitor 2.0.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2010-11-29 204288]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-11 250056]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-08-08 299008]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-05-19 1335360]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-06-21 34200]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-06-17 237008]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-27 113120]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-07-28 340240]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-30 250984]
R3 tihub3;TI USB3 Hub Service;c:\windows\system32\drivers\tihub3.sys [2011-07-20 136000]
R3 tixhci;TI XHCI Service;c:\windows\system32\drivers\tixhci.sys [2011-07-20 406336]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-27 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-08-08 1166848]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-05-19 921664]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-05-19 995392]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-06-03 134928]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [2012-06-19 173056]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2012-02-16 1695040]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-06-19 3048136]
S2 TmFilter;Trend Micro Filter;c:\program files (x86)\Trend Micro\OfficeScan Client\TmXPFlt.sys [2011-07-12 342288]
S2 TmPreFilter;Trend Micro PreFilter;c:\program files (x86)\Trend Micro\OfficeScan Client\TmPreFlt.sys [2011-07-12 42768]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-08-08 299008]
S3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys [2011-05-19 51712]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-05-19 53248]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-11-15 327168]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2011-01-20 176096]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-12-09 60416]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-06-21 25496]
S3 MEIx64;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-08-04 8604672]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 TmProxy;OfficeScan NT Proxy Service;c:\program files (x86)\Trend Micro\OfficeScan Client\TmProxy.exe [2011-04-15 918032]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-27 22:56]
.
2012-07-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1321412489-1100581043-3427248746-1000Core.job
- c:\users\Ian\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-30 02:02]
.
2012-07-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1321412489-1100581043-3427248746-1000UA.job
- c:\users\Ian\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-30 02:02]
.
2012-06-28 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-05-22 07:16]
.
2012-07-12 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-05-22 07:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-04-12 609144]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-25 525312]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-20 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-20 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-20 416024]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2011-03-24 3668336]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-07-28 1935120]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-05-19 10365952]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-29 497648]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2012-02-01 2195824]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\8y280o7d.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
c:\program files (x86)\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
.
**************************************************************************
.
Completion time: 2012-07-12 15:08:08 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-12 19:08
.
Pre-Run: 908,293,246,976 bytes free
Post-Run: 908,613,435,392 bytes free
.
- - End Of File - - C5364411EB08D86B6353972A0B3A7017

 

[Broni]

In your reply #10 you just posted my script so I don't know if the fix worked.
Re-read my instructions, redo.

 

[Icmc13]

Sorry about that, I guess I just saw the "fix" part first and got it mixed up. Here's the actual log when I ran it a couple of hours ago.

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 11-07-2012
Ran by SYSTEM at 2012-07-12 12:18:46 Run:1
Running from E:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
C:\Windows\System32\consrv.dll not found.
HKEY_USERS\Ian\Software\Microsoft\Windows\CurrentVersion\Run\\0i763f66bz Value deleted successfully.
HKEY_USERS\Ian\Software\Microsoft\Windows\CurrentVersion\Run\\Regedit32 Value deleted successfully.
C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

==== End of Fixlog ====

 

[Broni]

Good

Combofix log is clean.

Any current issues?

======================================

Uninstall McAfee Security Scan Plus, typical foistware.

===================================

Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
NOTE. If you already have MBAM installed, update it before running the scan.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer IF MBAM asks you to do so.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=====================================

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[Icmc13]

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.12.11

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Ian :: IAN-PC [administrator]

7/12/2012 5:47:20 PM
mbam-log-2012-07-12 (17-47-20).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 217415
Time elapsed: 4 minute(s), 17 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

I'll post the other logs later tonight, but so far it's looking good!

 

[Broni]

Cool

 

[Icmc13]

OTL report

OTL logfile created on: 7/13/2012 2:59:52 AM - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Ian\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.91 Gb Total Physical Memory | 3.66 Gb Available Physical Memory | 61.96% Memory free
11.82 Gb Paging File | 9.27 Gb Available in Paging File | 78.46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 911.66 Gb Total Space | 845.79 Gb Free Space | 92.78% Space Free | Partition Type: NTFS
Drive Y: | 19.81 Gb Total Space | 7.61 Gb Free Space | 38.40% Space Free | Partition Type: NTFS

Computer Name: IAN-PC | User Name: Ian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/13 02:58:24 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Ian\Desktop\OTL.exe
PRC - [2012/06/20 16:23:09 | 000,529,232 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2012/06/20 16:22:32 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2012/06/19 17:32:30 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/06/19 14:33:06 | 000,173,056 | ---- | M] (Dell Products, LP.) -- C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
PRC - [2012/04/03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/02/16 13:49:44 | 001,695,040 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2012/02/06 18:23:20 | 003,110,184 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\SyncUP\SyncUP.exe
PRC - [2012/02/01 11:50:58 | 000,968,048 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
PRC - [2012/01/27 17:30:16 | 000,465,216 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2012/01/26 22:49:34 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2012/01/26 22:47:36 | 004,293,952 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/12/31 18:04:38 | 000,150,312 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\SyncUP\Nero.AndroidServer.exe
PRC - [2011/11/30 15:38:44 | 000,458,904 | ---- | M] (Trend Micro Inc.) -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\CNTAoSMgr.exe
PRC - [2011/11/25 16:32:36 | 000,687,400 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/05/19 02:16:48 | 000,995,392 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2011/05/19 02:16:46 | 001,335,360 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
PRC - [2011/05/19 02:16:36 | 000,921,664 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2011/05/19 02:16:34 | 000,839,744 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
PRC - [2011/04/13 11:39:14 | 000,503,942 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2010/11/06 00:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/11/06 00:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/09/30 04:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- c:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2009/12/03 10:12:12 | 000,976,320 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/20 16:23:08 | 020,313,384 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2012/06/20 16:23:08 | 001,099,576 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012/06/20 16:23:08 | 000,895,312 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2012/06/20 16:23:08 | 000,190,776 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012/06/20 16:23:08 | 000,123,192 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012/06/13 11:06:15 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\f2f8201dd3453250dfd9ed1afce630a0\WindowsFormsIntegration.ni.dll
MOD - [2012/06/13 11:06:14 | 001,358,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\e3e5aa45736b95804bf6bb7eca08a57b\System.WorkflowServices.ni.dll
MOD - [2012/06/13 11:05:21 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\2e16482769fcdf856919e292a968f16c\IAStorUtil.ni.dll
MOD - [2012/06/13 10:59:08 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll
MOD - [2012/06/13 10:59:02 | 001,044,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Printing\991dbe40be5b114ed705bb5b48e6b330\System.Printing.ni.dll
MOD - [2012/06/13 10:59:01 | 002,157,056 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\87f73de6e080d37be93adfc7d5c31d7a\ReachFramework.ni.dll
MOD - [2012/06/13 10:59:00 | 001,658,368 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\163517c8a195fb48f7ef6ee17c585bdb\PresentationUI.ni.dll
MOD - [2012/06/13 10:58:59 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll
MOD - [2012/06/13 10:58:47 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/06/13 10:58:42 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/06/13 10:58:41 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll
MOD - [2012/06/13 10:58:41 | 001,806,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\3421b96c2885b8e4137a376ff3d95fa5\System.Deployment.ni.dll
MOD - [2012/05/19 20:41:32 | 001,707,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\ed560b26f2f86b3f07b7f6d384f92275\System.ServiceModel.Web.ni.dll
MOD - [2012/05/19 20:41:28 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\64de6810023adccdc56ddae13bdd6b03\System.Xml.Linq.ni.dll
MOD - [2012/05/19 20:41:24 | 009,921,536 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\51a2589d5ee1c9c40fb6c56391570f9e\System.Data.Entity.ni.dll
MOD - [2012/05/19 20:40:43 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll
MOD - [2012/05/19 20:40:16 | 001,083,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\2ce8210219c7123610072357358df470\System.IdentityModel.ni.dll
MOD - [2012/05/19 20:40:15 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\72a24b45e11d64eb2bc840aae9419ba5\System.Runtime.Serialization.ni.dll
MOD - [2012/05/19 20:40:14 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\9e7bf69d97febe4ed1a288c787e5d9ca\SMDiagnostics.ni.dll
MOD - [2012/05/19 20:40:12 | 017,478,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\107779ca2708d2b31b2e1560e47f6d15\System.ServiceModel.ni.dll
MOD - [2012/05/19 18:49:28 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll
MOD - [2012/05/19 18:49:28 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\3b2b9f4ec1819e4b95792d92f56d26f9\IAStorCommon.ni.dll
MOD - [2012/05/19 05:10:41 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
MOD - [2012/05/19 05:10:29 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012/05/19 05:10:29 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\168755d010e5a96ac940b0ddd27616a4\System.EnterpriseServices.ni.dll
MOD - [2012/05/19 05:10:28 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll
MOD - [2012/05/19 05:10:28 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\80fae9f16f80075535e72458ef293f7a\System.Transactions.ni.dll
MOD - [2012/05/19 05:10:25 | 001,117,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\ef0d8a4790c24a3a091170958bc7b976\System.DirectoryServices.ni.dll
MOD - [2012/05/19 05:10:11 | 000,039,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\5a9d0ff936810991cedd098fe006a9be\PresentationCFFRasterizer.ni.dll
MOD - [2012/05/19 05:10:03 | 000,185,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\d8af9a65cf0ed85d47360796e2645a06\UIAutomationTypes.ni.dll
MOD - [2012/05/19 05:10:03 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\ca2eff60beb3ba00a529a2d42dceca22\UIAutomationProvider.ni.dll
MOD - [2012/05/19 05:10:03 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\2ec98ab0193d64e95b7d09d094deed97\Accessibility.ni.dll
MOD - [2012/05/19 05:09:53 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/05/19 05:09:51 | 000,680,448 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\054fcff18035c210487b0888e6461192\System.Security.ni.dll
MOD - [2012/05/19 05:09:49 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/19 05:09:45 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/19 05:09:45 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/19 05:09:41 | 000,015,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\55c57057dc81a5e8c5bde3a230f0bcb9\Microsoft.VisualC.ni.dll
MOD - [2012/05/19 05:09:36 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012/02/01 11:50:58 | 000,968,048 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
MOD - [2012/02/01 11:44:34 | 008,151,040 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtGui4.dll
MOD - [2012/02/01 11:44:34 | 002,278,400 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtCore4.dll
MOD - [2012/01/26 22:49:34 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2011/12/31 18:04:40 | 000,891,688 | ---- | M] () -- C:\Program Files (x86)\Nero\SyncUP\System.Data.SQLite.dll
MOD - [2011/12/31 18:04:32 | 000,026,408 | ---- | M] () -- C:\Program Files (x86)\Nero\SyncUP\AdbDetect.dll
MOD - [2011/12/31 18:04:28 | 000,251,688 | ---- | M] () -- C:\Program Files (x86)\Nero\SyncUP\System.ComponentModel.Composition.dll
MOD - [2010/11/20 23:24:08 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2009/06/10 17:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/08/08 08:39:18 | 001,166,848 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2011/07/27 22:04:48 | 001,517,328 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV:64bit: - [2011/07/27 21:48:34 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011/07/27 21:44:18 | 000,844,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV:64bit: - [2011/06/03 13:51:38 | 000,134,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr) Intel(R) Centrino(R) Wireless Bluetooth(R)
SRV:64bit: - [2011/01/24 23:57:18 | 000,296,448 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/11/29 16:00:56 | 000,149,504 | ---- | M] (Intel(R) Corporation) [On_Demand | Running] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) Intel(R)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/03/03 00:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2012/07/11 18:56:12 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/06/27 16:27:11 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/06/20 16:23:09 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/06/19 17:32:30 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/06/19 14:33:06 | 000,173,056 | ---- | M] (Dell Products, LP.) [Auto | Running] -- C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe -- (DellDigitalDelivery)
SRV - [2012/06/05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/04/09 16:34:20 | 003,957,088 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2012/04/03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/02/16 13:49:44 | 001,695,040 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2011/11/25 16:32:36 | 000,687,400 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) @C:\Program Files (x86)
SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/08/26 02:52:40 | 002,772,096 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmListen.exe -- (tmlisten)
SRV - [2011/08/26 02:43:24 | 002,771,856 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\NTRTScan.exe -- (ntrtscan)
SRV - [2011/05/19 02:16:48 | 000,995,392 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2011/05/19 02:16:46 | 001,335,360 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2011/05/19 02:16:36 | 000,921,664 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2011/04/15 13:17:44 | 000,918,032 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\TmProxy.exe -- (TmProxy)
SRV - [2010/11/06 00:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010/09/30 04:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- c:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0)
SRV - [2010/08/25 21:28:54 | 002,823,000 | ---- | M] (Dell, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU)
SRV - [2010/03/18 17:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/26 14:22:19 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/04/26 14:22:19 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/09 19:45:00 | 000,060,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex)
DRV:64bit: - [2011/11/15 01:13:00 | 000,327,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/08/08 08:32:08 | 000,299,008 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2011/08/08 08:32:08 | 000,299,008 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2011/08/03 21:28:32 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel(R)
DRV:64bit: - [2011/07/20 18:21:50 | 000,406,336 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tixhci.sys -- (tixhci)
DRV:64bit: - [2011/07/20 18:21:50 | 000,136,000 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tihub3.sys -- (tihub3)
DRV:64bit: - [2011/06/21 16:19:14 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2011/06/21 16:19:12 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/05/19 02:17:04 | 000,053,248 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2011/05/19 02:17:02 | 000,051,712 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaud.sys -- (btmaudio)
DRV:64bit: - [2011/05/13 04:28:46 | 000,363,856 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2011/04/10 15:51:06 | 012,223,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/01/24 23:57:18 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/01/20 12:20:46 | 000,176,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2010/12/10 16:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/12/10 16:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/12/07 15:58:38 | 000,108,624 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi)
DRV:64bit: - [2010/11/29 16:00:04 | 000,016,120 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/06 19:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/10/29 20:11:42 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/10/19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010/10/15 05:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2010/03/19 04:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 20:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2006/11/01 05:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2011/07/12 11:56:50 | 000,342,288 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmxpflt.sys -- (TmFilter)
DRV - [2011/07/12 11:56:36 | 000,042,768 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\tmpreflt.sys -- (TmPreFilter)
DRV - [2011/07/12 11:47:06 | 002,077,456 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Trend Micro\OfficeScan Client\VsapiNT.sys -- (VSApiNt)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

 

[Icmc13]

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {03CD61AE-7244-4774-A215-060848A2F0B1}
IE:64bit: - HKLM\..\SearchScopes\{03CD61AE-7244-4774-A215-060848A2F0B1}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {03CD61AE-7244-4774-A215-060848A2F0B1}
IE - HKLM\..\SearchScopes\{03CD61AE-7244-4774-A215-060848A2F0B1}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1321412489-1100581043-3427248746-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1321412489-1100581043-3427248746-1000\..\SearchScopes,DefaultScope = {03CD61AE-7244-4774-A215-060848A2F0B1}
IE - HKU\S-1-5-21-1321412489-1100581043-3427248746-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Ian\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Ian\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Ian\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Ian\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/27 16:27:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/27 16:27:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/05/18 13:55:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ian\AppData\Roaming\Mozilla\Extensions
[2012/05/19 15:47:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\8y280o7d.default\extensions
[2012/06/16 17:54:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/06/24 01:47:06 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/06/27 16:27:11 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/06/13 16:31:21 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/13 16:31:21 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/07/12 15:02:12 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [AccuWeatherWidget] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe ()
O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe (Trend Micro Inc.)
O4 - HKU\S-1-5-21-1321412489-1100581043-3427248746-1000..\Run: [AIM] C:\Users\Ian\AppData\Local\AOL\AIM\aim.exe (AOL Inc.)
O4 - HKU\S-1-5-21-1321412489-1100581043-3427248746-1000..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk = File not found
O4 - Startup: C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel(R) Turbo Boost Technology Monitor 2.0.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1321412489-1100581043-3427248746-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1321412489-1100581043-3427248746-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{973BCF1D-6C5B-4C12-9025-67EF4C950911}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\cozi - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/04/30 17:01:00 | 000,000,053 | -HS- | M] () - Y:\AUTORUN.INF -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/13 02:58:21 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Ian\Desktop\OTL.exe
[2012/07/12 17:46:48 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Roaming\Malwarebytes
[2012/07/12 17:46:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/12 17:46:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/07/12 17:46:38 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/07/12 17:46:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/07/12 17:43:40 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Ian\Desktop\mbam-setup-1.62.0.1300.exe
[2012/07/12 15:02:16 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/07/12 15:00:43 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/07/12 14:55:43 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/07/12 14:55:43 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/07/12 14:55:43 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/07/12 14:53:48 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/12 14:53:34 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/07/12 12:23:33 | 004,576,941 | R--- | C] (Swearware) -- C:\Users\Ian\Desktop\ComboFix.exe
[2012/07/11 23:36:00 | 000,000,000 | ---D | C] -- C:\FRST
[2012/07/11 12:34:42 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/07/10 16:13:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012/07/05 22:50:09 | 000,000,000 | ---D | C] -- C:\Users\Ian\Documents\Slender v0.9.1
[2012/07/04 20:11:51 | 000,000,000 | ---D | C] -- C:\TMQuarantine
[2012/06/28 00:32:45 | 000,000,000 | R--D | C] -- C:\Users\Ian\Desktop\MySyncUPFiles
[2012/06/28 00:05:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dell Digital Delivery
[2012/06/27 16:28:09 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\log
[2012/06/27 16:28:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro OfficeScan Client
[2012/06/27 16:27:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012/06/27 16:23:21 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\Trend Micro
[2012/06/25 00:51:33 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\Nero_AG
[2012/06/25 00:50:55 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\Nero
[2012/06/25 00:50:53 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Roaming\Nero
[2012/06/23 02:03:47 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\Macromedia
[2012/06/22 13:31:24 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2012/06/20 17:13:27 | 000,000,000 | ---D | C] -- C:\Users\Ian\Documents\Wizards of the Coast
[2012/06/20 16:22:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2012/06/20 16:22:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2012/06/20 16:22:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2012/06/20 01:47:35 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\Microsoft Games
[2012/06/16 17:54:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/06/16 17:54:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/06/16 11:04:39 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Roaming\Leadertech
[2012/06/16 11:03:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\EPSON
[2012/06/16 10:59:50 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Roaming\Epson
[2012/06/16 10:58:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EpsonNet
[2012/06/16 10:58:16 | 000,000,000 | ---D | C] -- C:\Program Files\EpsonNet
[2012/06/16 10:57:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\EPSON
[2012/06/16 10:57:50 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Roaming\InstallShield
[2012/06/16 10:57:09 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON
[2012/06/16 10:57:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
[2012/06/16 10:56:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Epson Software
[2012/06/16 10:55:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
[2012/06/16 10:55:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\epson
[2012/06/16 09:52:15 | 003,957,088 | ---- | C] (INCA Internet Co., Ltd.) -- C:\Windows\SysWow64\GameMon.des
[2012/06/16 09:52:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\INCA Shared
[2012/06/16 09:42:21 | 000,000,000 | ---D | C] -- C:\Users\Ian\Documents\pso2openbetaclient
[2012/06/16 09:40:53 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Roaming\WinRAR
[2012/06/16 09:40:53 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/06/16 09:40:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/06/16 09:40:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR
[2012/06/15 03:26:10 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Roaming\SEGA
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/13 02:58:24 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Ian\Desktop\OTL.exe
[2012/07/13 02:56:46 | 000,811,256 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/13 02:56:46 | 000,683,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/13 02:56:46 | 000,129,128 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/13 02:56:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/13 02:52:52 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1321412489-1100581043-3427248746-1000UA.job
[2012/07/13 02:52:49 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1321412489-1100581043-3427248746-1000Core.job
[2012/07/13 02:52:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/12 17:46:41 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/12 17:45:22 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Ian\Desktop\mbam-setup-1.62.0.1300.exe
[2012/07/12 15:20:32 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/12 15:20:32 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/12 15:11:25 | 463,871,999 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/12 15:02:12 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/07/12 12:26:47 | 004,576,941 | R--- | M] (Swearware) -- C:\Users\Ian\Desktop\ComboFix.exe
[2012/07/12 12:19:47 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/07/11 12:34:53 | 000,002,767 | ---- | M] () -- C:\Users\Public\Desktop\SyncUP.lnk
[2012/07/11 04:19:02 | 000,273,200 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/11 03:56:13 | 000,129,024 | ---- | M] () -- C:\Windows\RegBootClean64.exe
[2012/07/11 03:56:12 | 000,102,400 | ---- | M] () -- C:\Windows\RegBootClean.exe
[2012/07/10 19:32:06 | 000,000,204 | ---- | M] () -- C:\Users\Public\Desktop\MapleStory.url
[2012/07/10 16:06:39 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/07/10 16:03:30 | 000,017,588 | ---- | M] () -- C:\Windows\cfgall.ini
[2012/07/10 15:10:40 | 000,183,660 | ---- | M] () -- C:\Users\Ian\AppData\Local\census.cache
[2012/07/10 15:10:35 | 000,093,597 | ---- | M] () -- C:\Users\Ian\AppData\Local\ars.cache
[2012/07/10 15:05:17 | 000,000,036 | ---- | M] () -- C:\Users\Ian\AppData\Local\housecall.guid.cache
[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/06/27 23:53:07 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/06/27 16:26:39 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/06/20 16:26:15 | 000,000,221 | ---- | M] () -- C:\Users\Ian\Desktop\Magic The Gathering - Duels of the Planeswalkers 2013 Demo.url
[2012/06/20 15:42:51 | 000,006,188 | ---- | M] () -- C:\Users\Ian\Desktop\pso2launcher - Shortcut.lnk
[2012/06/16 11:05:07 | 000,000,765 | ---- | M] () -- C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk
[2012/06/16 11:04:37 | 000,000,089 | ---- | M] () -- C:\Windows\EWF520.ini
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/12 17:46:41 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/12 14:55:43 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/07/12 14:55:43 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/07/12 14:55:43 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/07/12 14:55:43 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/07/12 14:55:43 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/07/11 12:34:53 | 000,002,767 | ---- | C] () -- C:\Users\Public\Desktop\SyncUP.lnk
[2012/07/10 16:37:53 | 000,129,024 | ---- | C] () -- C:\Windows\RegBootClean64.exe
[2012/07/10 16:37:50 | 000,102,400 | ---- | C] () -- C:\Windows\RegBootClean.exe
[2012/07/10 16:06:39 | 000,002,021 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/07/10 15:10:40 | 000,183,660 | ---- | C] () -- C:\Users\Ian\AppData\Local\census.cache
[2012/07/10 15:10:35 | 000,093,597 | ---- | C] () -- C:\Users\Ian\AppData\Local\ars.cache
[2012/07/10 14:57:42 | 000,000,036 | ---- | C] () -- C:\Users\Ian\AppData\Local\housecall.guid.cache
[2012/07/04 20:11:51 | 000,017,588 | ---- | C] () -- C:\Windows\cfgall.ini
[2012/06/20 16:26:15 | 000,000,221 | ---- | C] () -- C:\Users\Ian\Desktop\Magic The Gathering - Duels of the Planeswalkers 2013 Demo.url
[2012/06/20 15:42:51 | 000,006,188 | ---- | C] () -- C:\Users\Ian\Desktop\pso2launcher - Shortcut.lnk
[2012/06/16 11:05:07 | 000,000,765 | ---- | C] () -- C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk
[2012/06/16 10:59:09 | 000,000,119 | ---- | C] () -- C:\Windows\SysWow64\epson.sep
[2012/06/16 10:57:57 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2012/06/16 10:57:57 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2012/06/16 10:57:57 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2012/06/16 10:57:57 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2012/06/16 10:57:57 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2012/06/16 10:57:57 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2012/06/16 10:57:57 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2012/06/16 10:57:57 | 000,012,669 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_EN.cfg
[2012/06/16 10:57:57 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2012/06/16 10:57:57 | 000,006,478 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_PT.cfg
[2012/06/16 10:57:57 | 000,006,478 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_BP.cfg
[2012/06/16 10:57:57 | 000,006,366 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_FR.cfg
[2012/06/16 10:57:57 | 000,006,366 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_CF.cfg
[2012/06/16 10:57:57 | 000,006,226 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_ES.cfg
[2012/06/16 10:57:57 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2012/06/16 10:57:57 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2012/06/16 10:57:57 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2012/06/16 10:57:57 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2012/06/16 10:57:57 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2012/06/16 10:57:57 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2012/06/16 10:57:57 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2012/06/16 10:57:57 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2012/06/16 10:51:29 | 000,000,089 | ---- | C] () -- C:\Windows\EWF520.ini
[2012/04/26 14:13:08 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/04/26 14:13:07 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/04/26 14:13:06 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/04/26 14:13:05 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012/04/26 14:13:04 | 013,356,032 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011/02/10 12:10:51 | 000,799,920 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== LOP Check ==========

[2012/05/20 20:48:00 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\.minecraft
[2012/06/27 23:56:39 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\Epson
[2012/04/27 14:08:48 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\Fingertapps
[2012/06/16 11:04:39 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\Leadertech
[2012/06/01 15:00:42 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\PCDr
[2012/06/15 03:26:10 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\SEGA
[2012/06/01 04:15:53 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\SoftGrid Client
[2012/05/31 04:35:04 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\TP
[2012/06/27 23:53:07 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2012/06/28 00:12:54 | 000,010,904 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/07/12 12:19:47 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2012/06/01 20:56:05 | 000,001,571 | ---- | M] ()(C:\Users\Ian\Desktop\PHANTASY STAR ONLINE 2 ??????????????.lnk) -- C:\Users\Ian\Desktop\PHANTASY STAR ONLINE 2 キャラクタークリエイト体験版.lnk
[2012/06/01 20:56:05 | 000,001,571 | ---- | C] ()(C:\Users\Ian\Desktop\PHANTASY STAR ONLINE 2 ??????????????.lnk) -- C:\Users\Ian\Desktop\PHANTASY STAR ONLINE 2 キャラクタークリエイト体験版.lnk
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PHANTASY STAR ONLINE 2 ??????????????) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PHANTASY STAR ONLINE 2 キャラクタークリエイト体験版

========== Alternate Data Streams ==========

@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:233BFF24

< End of report >

 

[Icmc13]

OTL Extras report

OTL Extras logfile created on: 7/13/2012 2:59:52 AM - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Ian\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.91 Gb Total Physical Memory | 3.66 Gb Available Physical Memory | 61.96% Memory free
11.82 Gb Paging File | 9.27 Gb Available in Paging File | 78.46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 911.66 Gb Total Space | 845.79 Gb Free Space | 92.78% Space Free | Partition Type: NTFS
Drive Y: | 19.81 Gb Total Space | 7.61 Gb Free Space | 38.40% Space Free | Partition Type: NTFS

Computer Name: IAN-PC | User Name: Ian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1321412489-1100581043-3427248746-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{5FE84355-F1D8-4C33-95B8-FCB59E03A17E}" = lport=21264 | protocol=6 | dir=in | name=trend micro officescan listener |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{2204B1E2-CEDA-4F3B-B8EA-5DF967AD36FF}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"TCP Query User{6CDE90C9-1C3F-4E45-B8D1-91CD3C30B9B4}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{1C28703D-32CD-422F-9DED-21FFA3B1115F}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |
"UDP Query User{4D970BF1-27DE-4A47-8BB9-A3931B17CF70}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{0d78370e-4086-4292-a82e-f920135dcee4}.sdb" = SCHTHACK PSOBB Compatibility Database
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{25FBDA9A-E868-4B3B-B9FF-D923818511A1}" = Intel(R) PROSet/Wireless WiFi Software
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel(R) Wireless Display
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{7CE8BE79-ABC3-4B2C-9543-28ED2B0A9EA8}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Intel(R) Turbo Boost Technology Monitor 2.0
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Dell Support Center" = Dell Support Center
"EPSON WorkForce 520 Series" = EPSON WorkForce 520 Series Printer Uninstall
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"ProInst" = Intel PROSet Wireless

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007F778D-F15C-4EAB-AE92-071D21FAF632}" = Adobe Photoshop Elements 9
"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
"{0E74474A-1CDF-4249-A507-CE8C1DCEC8BC}" = TrustedID IDMonitor Identity Protection
"{0ECFCB07-9BFE-4970-ACA1-D568D982760B}" = Complete Care Business Service Agreement
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{25175695-4B20-4298-9F34-C2C57CD277B3}" = Elements STI Installer
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 5
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3BD7DD08-991B-4A2F-A165-614ED14EAADD}" = Dell MusicStage
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{400182B4-CA55-46A9-9D88-F8413DCFB36D}" = Blio
"{40F06490-8C14-43AA-99D3-EEEFDBAC3CFC}" = SyncUP
"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
"{433EACD8-4747-4A6A-826A-FFA9F39B0D40}" = Elements 9 Organizer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{6748E773-5DA0-4D19-8AA5-273B4133A09B}" = SmartSound Quicktracks for Premiere Elements 9.0
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{781A93CD-1608-427D-B7F0-D05C07795B25}" = Intel(R) WiDi
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7EC66A95-AC2D-4127-940B-0445A526AB2F}" = Dell DataSafe Online
"{7FB00B6B-6843-97EC-EED6-78BD6D35370A}" = Zinio Reader 4
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{975C3A93-2491-3D44-A071-F6CBF153E46D}" = Google Talk Plugin
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8B88634-7F90-402F-B66A-86429755F6A5}" = eBay
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}" = Dell Home Systems Service Agreement
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.3) MUI
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C33AA6D6-F5EC-48F3-AFDC-8141345D473A}" = Premium Service Agreement
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C9D8A041-2963-4B31-8FFC-1500F3DB9293}" = EpsonNet Setup 3.3
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D92C9CCE-E5F0-4125-977A-0590F3225B74}" = SyncUP
"{D9ED3EFC-AB00-4CE0-ADED-80EE6B1158A7}" = Dell Digital Delivery
"{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2AE009D-37E5-4724-A6B8-0ED6A6BA4F68}" = Elements STI Installer
"{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage
"{EA1F3D6C-A6F5-4CDC-B0D3-9C56C06B4D29}" = Cozi
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB9955F8-467C-47FC-90F8-12CD5DF684C3}" = Adobe Premiere Elements 9
"{ECEA7878-2100-4525-915D-B09174E36971}" = Trend Micro OfficeScan Client
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}" = Accidental Damage Services Agreement
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F302F4F0-588D-6501-1ACF-BE3FDCC9135D}" = Adobe Community Help
"{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE182796-F6BA-486A-8590-89B7E8D1D60F}" = Dell Stage
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 9" = Adobe Photoshop Elements 9
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Dell Webcam Central" = Dell Webcam Central
"EPSON PC-FAX Driver 2" = Epson PC-FAX Driver
"EPSON Scanner" = EPSON Scan
"http://pso2.jp/appid/charactercreator_is1" = PHANTASY STAR ONLINE 2 キャラクタークリエイト体験版
"InstallShield_{6748E773-5DA0-4D19-8AA5-273B4133A09B}" = SmartSound Quicktracks for Premiere Elements 9.0
"InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"MapleStory" = MapleStory
"Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"PremElem90" = Adobe Premiere Elements 9
"ProInst" = Intel PROSet Wireless
"SCHTHACK PSOBB" = SCHTHACK PSOBB
"Steam App 97340" = Magic: The Gathering - Duels of the Planeswalkers 2013 Demo
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.20 (32-bit)
"ZinioReader4" = Zinio Reader 4

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1321412489-1100581043-3427248746-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"AIM" = AIM for Windows

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 5/24/2012 12:54:40 AM | Computer Name = Ian-PC | Source = Application Error | ID = 1000
Description = Faulting application name: SHPsoBBn.exe, version: 0.0.0.0, time stamp:
0x00000000 Faulting module name: SHPsoBBn.exe, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x00363d0f Faulting process id: 0x2670 Faulting application
start time: 0x01cd396947a92cf2 Faulting application path: C:\Program Files (x86)\SCHTHACK
PSOBB\SHPsoBBn.exe Faulting module path: C:\Program Files (x86)\SCHTHACK PSOBB\SHPsoBBn.exe
Report
Id: 91c40773-a55c-11e1-bc45-4ceb42459cf4

Error - 5/25/2012 10:26:03 PM | Computer Name = Ian-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\Program Files (x86)\Cozi
Express\CoziExpress.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 5/27/2012 3:50:13 PM | Computer Name = Ian-PC | Source = Application Error | ID = 1000
Description = Faulting application name: SHPsoBBn.exe, version: 0.0.0.0, time stamp:
0x00000000 Faulting module name: SHPsoBBn.exe, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000096 Fault offset: 0x00363d0b Faulting process id: 0x2f8 Faulting application
start time: 0x01cd3c41dbd7f903 Faulting application path: C:\Program Files (x86)\SCHTHACK
PSOBB\SHPsoBBn.exe Faulting module path: C:\Program Files (x86)\SCHTHACK PSOBB\SHPsoBBn.exe
Report
Id: 2bd78c8c-a835-11e1-bc45-4ceb42459cf4

Error - 5/27/2012 3:50:13 PM | Computer Name = Ian-PC | Source = Application Error | ID = 1005
Description = Windows cannot access the file for one of the following reasons: there
is a problem with the network connection, the disk that the file is stored on,
or the storage drivers installed on this computer; or the disk is missing. Windows
closed the program SHPsoBBn.exe because of this error. Program: SHPsoBBn.exe File:
The error value is listed in the Additional Data section. User Action 1. Open the
file again. This situation might be a temporary problem that corrects itself when
the program runs again. 2. If the file still cannot be accessed and - It is on the
network, your network administrator should verify that there is not a problem with
the network and that the server can be contacted. - It is on a removable disk, for
example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the
computer. 3. Check and repair the file system by running CHKDSK. To run CHKDSK,
click Start, click Run, type CMD, and then click OK. At the command prompt, type
CHKDSK /F, and then press ENTER. 4. If the problem persists, restore the file from
a backup copy. 5. Determine whether other files on the same disk can be opened.
If not, the disk might be damaged. If it is a hard disk, contact your administrator
or computer hardware vendor for further assistance. Additional Data Error value: 00000000
Disk
type: 0

Error - 5/27/2012 5:39:26 PM | Computer Name = Ian-PC | Source = Application Error | ID = 1000
Description = Faulting application name: SHPsoBBn.exe, version: 0.0.0.0, time stamp:
0x00000000 Faulting module name: SHPsoBBn.exe, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x00363d3a Faulting process id: 0x7f8 Faulting application
start time: 0x01cd3c512124f040 Faulting application path: C:\Program Files (x86)\SCHTHACK
PSOBB\SHPsoBBn.exe Faulting module path: C:\Program Files (x86)\SCHTHACK PSOBB\SHPsoBBn.exe
Report
Id: 6e2d31aa-a844-11e1-bc45-4ceb42459cf4

Error - 5/31/2012 4:34:24 AM | Computer Name = Ian-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/31/2012 3:20:06 PM | Computer Name = Ian-PC | Source = CVHSVC | ID = 100
Description = Information only. Error: Failed to make the SOAP Call HResult: 0x800c0005.
Exception caught while trying to report the Update Event

Error - 5/31/2012 3:20:06 PM | Computer Name = Ian-PC | Source = CVHSVC | ID = 100
Description = Information only. Error: There are currently no active network connections.
Background Intelligent Transfer Service (BITS) will try again when an adapter is
connected. ErrorCode: 14007(0x36b7).

Error - 5/31/2012 7:50:43 PM | Computer Name = Ian-PC | Source = Application Error | ID = 1000
Description = Faulting application name: SHPsoBBn.exe, version: 0.0.0.0, time stamp:
0x00000000 Faulting module name: SHPsoBBn.exe, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x00363d3a Faulting process id: 0x4788 Faulting application
start time: 0x01cd3f88226b0d15 Faulting application path: C:\Program Files (x86)\SCHTHACK
PSOBB\SHPsoBBn.exe Faulting module path: C:\Program Files (x86)\SCHTHACK PSOBB\SHPsoBBn.exe
Report
Id: 6ee8e6c8-ab7b-11e1-bc45-4ceb42459cf4

Error - 6/1/2012 4:17:15 AM | Computer Name = Ian-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 7/10/2012 3:15:13 PM | Computer Name = Ian-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Resource
Publication service which failed to start because of the following error: %%-2147024891

Error - 7/10/2012 3:15:13 PM | Computer Name = Ian-PC | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
the following error: %%-2147024891

Error - 7/10/2012 3:43:34 PM | Computer Name = Ian-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Resource
Publication service which failed to start because of the following error: %%-2147024891

Error - 7/10/2012 3:43:34 PM | Computer Name = Ian-PC | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
the following error: %%-2147024891

Error - 7/10/2012 4:01:23 PM | Computer Name = Ian-PC | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1060

Error - 7/10/2012 4:01:23 PM | Computer Name = Ian-PC | Source = Service Control Manager | ID = 7003
Description = The IKE and AuthIP IPsec Keying Modules service depends the following
service: BFE. This service might not be installed.

Error - 7/10/2012 4:01:26 PM | Computer Name = Ian-PC | Source = Service Control Manager | ID = 7003
Description = The IPsec Policy Agent service depends the following service: BFE.
This service might not be installed.

Error - 7/10/2012 4:02:24 PM | Computer Name = Ian-PC | Source = DCOM | ID = 10016
Description =

Error - 7/10/2012 4:03:41 PM | Computer Name = Ian-PC | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
the following error: %%-2147024891

Error - 7/10/2012 4:03:41 PM | Computer Name = Ian-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Resource
Publication service which failed to start because of the following error: %%-2147024891


< End of report >

 

[Broni]

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
  O4 - Startup: C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk = File not found
  O4 - Startup: C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel(R) Turbo Boost Technology Monitor 2.0.lnk = File not found
  [2012/07/11 23:36:00 | 000,000,000 | ---D | C] -- C:\FRST
  @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:233BFF24
  
  :Commands
  [purity]
  [emptytemp]
  [emptyjava]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

============================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  
  NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

3. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

4. Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, click on List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• NOTE. If Eset won't find any threats, it won't produce any log.

 

[Icmc13]

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk moved successfully.
C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel(R) Turbo Boost Technology Monitor 2.0.lnk moved successfully.
C:\FRST\Quarantine folder moved successfully.
C:\FRST\Logs folder moved successfully.
C:\FRST\Hives folder moved successfully.
C:\FRST folder moved successfully.
ADS C:\ProgramData\Temp:233BFF24 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Ian
->Temp folder emptied: 8588542 bytes
->Temporary Internet Files folder emptied: 17937873 bytes
->Java cache emptied: 4216296 bytes
->FireFox cache emptied: 1169779742 bytes
->Flash cache emptied: 157569 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 10032 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 170417441 bytes
RecycleBin emptied: 178732 bytes

Total Files Cleaned = 1,308.00 mb


[EMPTYJAVA]

User: Administrator

User: All Users

User: Default

User: Default User

User: Ian
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Ian
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.54.0 log created on 07142012_202449

Files\Folders moved on Reboot...
C:\Users\Ian\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\tm_icrcL_A606D985_38CA_41ab_BCD9_60F771CF800D scheduled to be moved on reboot.

PendingFileRenameOperations files...
File C:\Users\Ian\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
[2012/07/14 20:30:06 | 000,000,000 | ---- | M] () C:\Windows\temp\tm_icrcL_A606D985_38CA_41ab_BCD9_60F771CF800D : Unable to obtain MD5

Registry entries deleted on Reboot...

 

[Icmc13]

Farbar Service Scanner Version: 08-07-2012
Ran by Ian (administrator) on 14-07-2012 at 20:39:13
Running from "C:\Users\Ian\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

 

[Broni]

I still need Security Check and Eset logs.

 

[Broni]

I still need Security Check and Eset logs.

 

[Icmc13]

I can't access those two pages because my anti virus flags the URLS as very dangerous.