Solved Random adverts in background / multiple iexplore.exe processes

[unitdata]

Greetings,

For the last couple days I have been hearing random advertisments while not being on any website. So I took a look at the task manager and saw around 15 iexplore.exe processes running under user name "SYSTEM". I've been looking around and thought I'd come here for some support to remove this nasty bugger from my PC. I've ran Malwarebytes and Avast! antivirus.

Here is a log file:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.21.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
User :: STUDIO [administrator]

7/20/2012 11:29:34 PM
mbam-log-2012-07-20 (23-29-34).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 314794
Time elapsed: 16 minute(s), 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.

(end)

 

[Jay Pfoutz]

Hello, and welcome to TechSpot.

Please see here for the board rules and other FAQ.

Please feel free to introduce yourself, after you follow the steps below to get started.

Information

• From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
• Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
• If you have already asked for help somewhere, please post the link to the topic you were helped.
• We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
• Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

Please review the 5-Step removal instructions and post the logs back here for my review.

 

[unitdata]

Greetings DMJ,

GMER Did not produce a log file.

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Database version: v2012.07.21.02
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
User :: STUDIO [administrator]
7/21/2012 12:26:35 PM
mbam-log-2012-07-21 (12-26-35).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 314506
Time elapsed: 6 minute(s), 23 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
(end)

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by User at 12:59:31 on 2012-07-21
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.2719 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Windows\Explorer.EXE
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
c:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files\HP\HP Wireless Comfort Mouse\TSR\xDaemon.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Razer\Mamba\RazerMambaSysTray.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Razer Mamba Elite Driver] C:\Program Files (x86)\Razer\Mamba\RazerMambaSysTray.exe
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
LSP: mswsock.dll
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} - hxxp://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.3.1.0.cab
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{626A5CC2-9024-41AE-97F7-3C5C0CDEA9C5} : DhcpNameServer = 209.18.47.61 209.18.47.62
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Razer Mamba Elite Driver] C:\Program Files (x86)\Razer\Mamba\RazerMambaSysTray.exe
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2012-7-19 44808]
R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2011-3-30 517632]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-2-21 1262400]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-5-15 382272]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-3-19 2666880]
R3 Lycosa;Lycosa Keyboard;C:\Windows\system32\drivers\Lycosa.sys --> C:\Windows\system32\drivers\Lycosa.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);C:\Windows\system32\DRIVERS\vcsvad.sys --> C:\Windows\system32\DRIVERS\vcsvad.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-4-25 116648]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-3 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-3 250056]
S3 Arctosa;Arctosa Keyboard;C:\Windows\system32\drivers\Arctosa.sys --> C:\Windows\system32\drivers\Arctosa.sys [?]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-11-11 79360]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-4-25 116648]
S3 HpStm001;USB Style Packet Filter Driver;C:\Windows\system32\DRIVERS\HpStm001.SYS --> C:\Windows\system32\DRIVERS\HpStm001.SYS [?]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\Windows\system32\DRIVERS\ManyCam_x64.sys --> C:\Windows\system32\DRIVERS\ManyCam_x64.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 30963576]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2011-8-5 306400]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files (x86)\Microsoft SQL Server\100\Shared\sqladhlp.exe [2008-7-10 47128]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-7-10 369688]
.
=============== Created Last 30 ================
.
2012-07-20 23:32:22 -------- d-----w- C:\Users\User\AppData\Roaming\Malwarebytes
2012-07-20 23:14:34 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-20 22:07:58 -------- d-----w- C:\Users\User\AppData\Local\Paint.NET
2012-07-20 21:54:17 -------- d-----w- C:\Users\User\AppData\Local\Microsoft Help
2012-07-20 21:35:04 -------- d-----w- C:\Users\User\jagexcache
2012-07-20 21:22:39 -------- d-----w- C:\Users\User\AppData\Roaming\DVDVideoSoft
2012-07-20 20:51:48 -------- d-----w- C:\Users\User\AppData\Roaming\NVIDIA
2012-07-20 20:51:40 -------- d-----w- C:\Users\User\AppData\Roaming\MAXON
2012-07-20 20:16:11 -------- d-----w- C:\Users\User\AppData\Local\ElevatedDiagnostics
2012-07-20 19:59:30 -------- d-----w- C:\Users\User\AppData\Roaming\Xfire
2012-07-20 02:48:31 8139072 ----a-w- C:\Windows\System32\nvcuda.dll
2012-07-19 18:26:10 86016 ---ha-w- C:\ProgramData\M8N34Jij.exe
2012-07-17 23:03:25 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{40DF7867-9FD3-460F-BA6A-1F146D4C610D}\mpengine.dll
2012-07-15 00:24:06 -------- d-----w- C:\Program Files (x86)\SIX Projects
2012-07-11 08:07:39 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-11 08:01:59 754808 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe
2012-07-11 05:15:49 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-07-11 05:14:59 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll
2012-07-11 05:14:59 143360 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msjro.dll
2012-07-11 05:14:59 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-07-07 03:30:01 3130440 ----a-w- C:\Windows\SysWow64\pbsvc_blr.exe
2012-07-02 16:35:16 -------- d-----w- C:\MoTemp
2012-06-21 19:25:24 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-21 19:24:24 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-21 19:23:45 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-21 19:23:45 186752 ----a-w- C:\Windows\System32\wuwebv.dll
.
==================== Find3M ====================
.
2012-07-13 02:29:41 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-07-13 02:29:41 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-07-13 02:24:22 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-07-11 19:56:14 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 19:56:14 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-07 03:34:17 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-07-03 18:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-07-03 16:21:52 958400 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-07-03 16:21:52 71064 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-07-03 16:21:52 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2012-07-03 16:21:32 41224 ----a-w- C:\Windows\avastSS.scr
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-31 17:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-05-15 09:29:47 889664 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-05-15 09:29:46 63296 ----a-w- C:\Windows\System32\nvshext.dll
2012-05-15 09:29:46 118080 ----a-w- C:\Windows\System32\nvmctray.dll
2012-05-15 09:29:25 3149632 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-05-15 09:28:42 6151488 ----a-w- C:\Windows\System32\nvcpl.dll
2012-05-15 07:21:50 423744 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-03 02:54:46 42392 ----a-w- C:\Windows\SysWow64\xfcodec.dll
2012-05-03 02:54:46 28056 ----a-w- C:\Windows\System32\xfcodec64.dll
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
.
============= FINISH: 13:00:32.72 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 11/11/2010 9:26:35 PM
System Uptime: 7/21/2012 12:43:52 PM (1 hours ago)
.
Motherboard: Dell Inc. | | 0M017G
Processor: Pentium(R) Dual-Core CPU E6700 @ 3.20GHz | CPU 1 | 3200/267mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 200.679 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
K: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP534: 7/20/2012 3:46:06 AM - Scheduled Checkpoint
RP535: 7/20/2012 3:30:10 PM - Removed Ubisoft Game Launcher
RP536: 7/20/2012 3:32:47 PM - Removed Vegas Pro 11.0
RP537: 7/20/2012 3:43:13 PM - Removed TortoiseSVN 1.7.6.22632 (64 bit)
RP538: 7/20/2012 4:34:36 PM - Installed RuneScape Launcher 1.2
.
==== Installed Programs ======================
.
4500_G510gm_Help
4500G510gm
4500G510gm_Software_Min
Adobe AIR
Adobe Community Help
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Media Player
Adobe Photoshop CS5
Adobe Reader X (10.1.3)
Adobe Shockwave Player 11.6
Adobe Story
Akamai NetSession Interface Service
Apple Application Support
Apple Software Update
ARMA 2
ARMA 2 Operation Arrowhead Uninstall
Aspell English Dictionary-0.50-2
avast! Free Antivirus
Battlefield 3™
Battlefield: Bad Company™ 2
Battlelog Web Plugins
BattlEye for OA Uninstall
BattlEye Uninstall
Bing Bar Platform
BufferChm
Counter-Strike: Source
Creative Audio Control Panel
Creative Software AutoUpdate
Creative Sound Blaster Properties x64 Edition
D3DX10
DAEMON Tools Lite
Day of Defeat: Source
dBpoweramp DSP Effects
Dead Island
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Destinations
Deus Ex Human Revolution
DeviceDiscovery
DocMgr
DocProc
Dragon Age II
ESN Sonar
Fallen Earth
Fallout New Vegas
Far Cry 2
Fax
Fraps (remove only)
Free Fire Screensaver
Garry's Mod
GNU Aspell 0.50-3
GnuWin32: Bzip2-1.0.5
GoldWave v5.67
Google Update Helper
GPBaseService2
Grand Theft Auto IV
Half-Life
Half-Life 2
Half-Life 2: Deathmatch
Half-Life 2: Episode One
Half-Life 2: Episode Two
Half-Life Dedicated Server Update Tool
Hewlett-Packard ACLM.NET v1.1.0.0
HP Product Detection
HP Update
HP Wireless Comfort Mouse
HPDiagnosticAlert
HPProductAssistant
HPSSupply
Internet TV for Windows Media Center
Java Auto Updater
Java(TM) 6 Update 29
Killing Floor
Left 4 Dead 2
Malwarebytes Anti-Malware version 1.62.0.1300
MarketResearch
Microsoft .NET Framework 1.1
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 RsFx Driver
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
Microsoft XNA Framework Redistributable 4.0
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
MSVCRT
MSVCRT Redists
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MTA:SA v1.2.0-full-03585-0-000
Natural Selection 3.2
No Hope
NVIDIA 3D Vision Controller Driver
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
OpenAL
Origin
PAYDAY: The Heist
PDF Settings CS5
Portal
PowerISO
PunkBuster Services
QuickTime
Razer Mamba
Realm of the Mad God
Realtek Ethernet Controller Driver
Rockstar Games Social Club
RuneScape Launcher 1.2
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Six Updater
Skype Click to Call
Skype™ 5.10
SmartWebPrinting
SolutionCenter
Sql Server Customer Experience Improvement Program
Status
Steam
swMSM
System Requirements Lab
System Requirements Lab CYRI
Team Fortress 2
TeamViewer 7
TheMatrix Screen Saver version 1.14
Toolbox
TrayApp
TWC Customer Controls
U3Launcher
Uninstall 1.0.0.1
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553092)
Vuze
WebEx Support Manager for Internet Explorer
WebReg
Win7codecs
Windows 7 Codec Pack 4.0.2
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Media Center Add-in for Flash
Windows Media Center Add-in for Silverlight
World in Conflict: Soviet Assault
Xfire (remove only)
.
==== Event Viewer Messages From Past Week ========
.
7/21/2012 12:47:08 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
7/21/2012 12:47:08 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
7/21/2012 12:45:11 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
7/21/2012 12:44:43 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
7/21/2012 12:44:40 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
7/20/2012 5:49:34 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
7/20/2012 5:46:03 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BITS service.
7/20/2012 5:46:03 PM, Error: Service Control Manager [7000] - The Background Intelligent Transfer Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/20/2012 4:28:44 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk5\DR7.
7/20/2012 3:01:24 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk6\DR6.
7/20/2012 12:14:47 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avast! Antivirus service.
7/20/2012 11:52:22 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SQL Server (SQLEXPRESS) service to connect.
7/20/2012 11:52:22 PM, Error: Service Control Manager [7000] - The SQL Server (SQLEXPRESS) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/20/2012 11:28:50 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk5\DR5.
7/19/2012 9:22:40 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
7/19/2012 8:42:38 PM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: 490@01010004
7/19/2012 2:20:06 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect.
7/19/2012 2:20:06 PM, Error: Service Control Manager [7000] - The Windows Live ID Sign-in Assistant service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/19/2012 1:40:39 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HP CUE DeviceDiscovery Service service to connect.
7/19/2012 1:40:39 PM, Error: Service Control Manager [7000] - The HP CUE DeviceDiscovery Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/19/2012 1:40:09 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Function Discovery Resource Publication service to connect.
7/19/2012 1:40:09 PM, Error: Service Control Manager [7000] - The Function Discovery Resource Publication service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/19/2012 1:39:39 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Diagnostic Policy Service service to connect.
7/19/2012 1:39:39 PM, Error: Service Control Manager [7000] - The Diagnostic Policy Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/19/2012 1:39:09 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Akamai NetSession Interface service to connect.
7/15/2012 11:40:27 AM, Error: Service Control Manager [7022] - The TeamViewer 6 service hung on starting.
7/14/2012 9:37:51 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the TeamViewer 6 service to connect.
7/14/2012 9:37:51 PM, Error: Service Control Manager [7000] - The TeamViewer 6 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/14/2012 1:03:15 AM, Error: Service Control Manager [7024] - The Apache2.2 service terminated with service-specific error Incorrect function..
.
==== End Of File ===========================

 

[Jay Pfoutz]

Download Farbar Recovery Scan Tool and save it to a flash drive.

Please make sure to download the 64-bit version.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
• Use the arrow keys to select the Repair your computer menu item.
• Choose your language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account and click Next.

To enter System Recovery Options by using Windows installation disc:

• Insert the installation disc.
• Restart your computer.
• If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
• Click Repair your computer.
• Choose your language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account an click Next.

On the System Recovery Options menu you will get the following options:

• • Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt
• Select Command Prompt
• In the command window type in notepad and press Enter.
• The notepad opens. Under File menu select Open.
• Select "Computer" and find your flash drive letter and close the notepad.
• In the command window type e:\frst64 and press Enter
  Note: Replace letter e with the drive letter of your flash drive.
• The tool will start to run.
• When the tool opens click Yes to the disclaimer.
• Place a check next to List Drivers MD5 as well as the default check marks that are already there
• Press Scan button.
• type exit and reboot the computer normally
• FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.

 

[unitdata]

Scan result of Farbar Recovery Scan Tool Version: 20-07-2012 01
Ran by SYSTEM at 22-07-2012 17:46:06
Running from J:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001
========================== Registry (Whitelisted) =============
HKLM\...\Run: [HP Input Device Main Program] C:\Program Files\HP\HP Wireless Comfort Mouse\TSR\xDaemon.exe [530432 2008-10-16] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [499608 2011-03-15] (Adobe Systems Incorporated)
HKLM\...\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe" [163552 2011-08-05] (Microsoft Corporation)
HKLM-x32\...\Run: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry [x]
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui [4273976 2012-07-03] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Razer Mamba Elite Driver] C:\Program Files (x86)\Razer\Mamba\RazerMambaSysTray.exe [2276760 2011-06-01] (Razer USA Ltd)
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKU\Account\...\Policies\system: [LogonHoursAction] 2
HKU\Account\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Mcx1-STUDIO\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1242448 2012-03-12] (Valve Corporation)
HKU\Mcx1-STUDIO\...\Run: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent [x]
HKU\Mcx1-STUDIO\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3514176 2011-11-10] (DT Soft Ltd)
HKU\Mcx1-STUDIO\...\Run: [Akamai NetSession Interface] "C:\Users\User\AppData\Local\Akamai\netsession_win.exe" [x]
HKU\Mcx1-STUDIO\...\Run: [Voobly] [x]
HKU\Mcx1-STUDIO\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [343552 2009-07-13] (Microsoft Corporation)
HKU\Mcx2-STUDIO\...\Run: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent [x]
HKU\Mcx2-STUDIO\...\Run: [Akamai NetSession Interface] "C:\Users\User\AppData\Local\Akamai\netsession_win.exe" [x]
HKU\Mcx2-STUDIO\...\Run: [Voobly] [x]
HKU\Mcx2-STUDIO\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3514176 2011-11-10] (DT Soft Ltd)
HKU\Mcx2-STUDIO\...\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [1242448 2012-03-12] (Valve Corporation)
HKU\Mcx2-STUDIO\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [343552 2009-07-13] (Microsoft Corporation)
HKU\UpdatusUser\...\Run: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent [x]
HKU\UpdatusUser\...\Run: [Akamai NetSession Interface] "C:\Users\User\AppData\Local\Akamai\netsession_win.exe" [x]
HKU\UpdatusUser\...\Run: [Voobly] [x]
HKU\UpdatusUser\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3514176 2011-11-10] (DT Soft Ltd)
HKU\UpdatusUser\...\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [1242448 2012-03-12] (Valve Corporation)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1085000 2012-07-03] (Malwarebytes Corporation)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
==================== Services (Whitelisted) ======
2 Akamai; C:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll [4419392 2012-07-10] (Akamai Technologies, Inc)
2 avast! Antivirus; "C:\Program Files\Alwil Software\Avast5\AvastSvc.exe" [44808 2012-07-03] (AVAST Software)
2 McciCMService64; "C:\Program Files\Common Files\Motive\McciCMService.exe" [517632 2010-11-08] (Alcatel-Lucent)
2 MSSQL$SQLEXPRESS; "C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS [40999448 2008-07-10] (Microsoft Corporation)
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-07-06] ()
4 SQLAgent$SQLEXPRESS; "C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE" -I SQLEXPRESS [369688 2008-07-10] (Microsoft Corporation)
2 SupportSoft RemoteAssist; C:\Program Files (x86)\Common Files\supportsoft\bin\ssrc.exe [386424 2010-02-24] (SupportSoft, Inc.)
3 WMZuneComm; "C:\Program Files\Zune\WMZuneComm.exe" [306400 2011-08-05] (Microsoft Corporation)
3 ZuneNetworkSvc; "C:\Program Files\Zune\ZuneNss.exe" [8277728 2011-08-05] (Microsoft Corporation)
3 ZuneWlanCfgSvc; "C:\Program Files\Zune\ZuneWlanCfgSvc.exe" [467680 2011-08-05] (Microsoft Corporation)
========================== Drivers (Whitelisted) =============
3 Arctosa; C:\Windows\System32\Drivers\Arctosa.sys [19840 2009-08-19] (Razer USA Ltd.)
2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [25232 2012-07-03] (AVAST Software)
2 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [71064 2012-07-03] (AVAST Software)
1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [31064 2011-07-04] (AVAST Software)
1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [958400 2012-07-03] (AVAST Software)
1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [355856 2012-07-03] (AVAST Software)
1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59728 2012-07-03] (AVAST Software)
3 hamachi; C:\Windows\System32\Drivers\hamachi.sys [33856 2009-03-18] (LogMeIn, Inc.)
3 HpStm001; C:\Windows\System32\Drivers\HpStm001.sys [14336 2008-08-28] (Primax Electronics Ltd.)
3 Lycosa; C:\Windows\System32\Drivers\Lycosa.sys [18816 2008-01-17] (Razer USA Ltd.)
3 P17; C:\Windows\System32\Drivers\P17.sys [1289216 2009-08-03] (Creative Technology Ltd.)
0 sptd; C:\Windows\System32\Drivers\sptd.sys [530488 2011-12-20] (Duplex Secure Ltd.)
3 VCSVADHWSer; C:\Windows\System32\DRIVERS\vcsvad.sys [21504 2008-12-26] (Avnex)
3 dump_wmimmc; \??\C:\ijji\ENGLISH\Gunz\GameGuard\dump_wmimmc.sys [x]
3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [x]
3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x]
3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x]
3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [x]
3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x]
========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============
2012-07-22 17:45 - 2012-07-22 17:46 - 00000000 ____D C:\FRST
2012-07-22 11:24 - 2012-07-22 11:24 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-07-21 20:40 - 2012-07-21 20:45 - 00000000 ____D C:\Users\User\AppData\Roaming\Azureus
2012-07-21 20:40 - 2012-07-21 20:40 - 00000000 ____D C:\Users\User\.swt
2012-07-21 19:10 - 2012-07-21 19:10 - 01012656 ____A C:\Users\User\Desktop\rkill.com
2012-07-20 21:26 - 2012-07-21 10:01 - 00022684 ____A C:\Users\User\Desktop\DDS.txt
2012-07-20 21:26 - 2012-07-21 10:01 - 00012812 ____A C:\Users\User\Desktop\Attach.txt
2012-07-20 20:36 - 2012-07-20 20:36 - 00607260 ____R (Swearware) C:\Users\User\Desktop\dds.scr
2012-07-20 20:32 - 2012-07-20 20:32 - 00302592 ____A C:\Users\User\Desktop\xyxehvnp.exe
2012-07-20 19:40 - 2012-07-20 20:15 - 00000032 ____A C:\Users\User\jagex_cl_runescape_LIVE.dat
2012-07-20 19:40 - 2012-07-20 19:41 - 00000024 ____A C:\Users\User\jagexappletviewer.preferences
2012-07-20 18:22 - 2012-07-21 20:41 - 00000000 ____D C:\Users\User\AppData\Roaming\Skype
2012-07-20 17:28 - 2012-07-20 17:28 - 00003584 ____A C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-07-20 15:32 - 2012-07-20 15:32 - 00000000 ____D C:\Users\User\AppData\Roaming\Malwarebytes
2012-07-20 15:14 - 2012-07-20 15:52 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-07-20 14:07 - 2012-07-20 14:07 - 00000000 ____D C:\Users\User\AppData\Local\Paint.NET
2012-07-20 13:54 - 2012-07-20 13:54 - 00000000 ____D C:\Users\User\AppData\Local\Microsoft Help
2012-07-20 13:39 - 2012-07-20 14:00 - 00000000 ____D C:\Users\User\Documents\Outlook Files
2012-07-20 13:35 - 2012-07-20 13:35 - 00002050 ____A C:\Users\User\Desktop\RuneScape.lnk
2012-07-20 13:35 - 2012-07-20 13:35 - 00000000 ____D C:\Users\User\jagexcache
2012-07-20 13:29 - 2011-07-02 22:00 - 00000229 ____A C:\Users\User\Desktop\Linksys.txt
2012-07-20 13:25 - 2012-07-20 13:25 - 00001328 ____A C:\Users\User\Desktop\WinRAR - Shortcut.lnk
2012-07-20 13:22 - 2012-07-20 13:22 - 00000000 ____D C:\Users\User\AppData\Roaming\DVDVideoSoft
2012-07-20 13:17 - 2012-07-20 13:17 - 00001682 ____A C:\Users\User\Desktop\Microsoft Word 2010 - shortcut.lnk
2012-07-20 13:16 - 2012-07-20 13:16 - 00001682 ____A C:\Users\User\Desktop\Microsoft Outlook 2010 - Shortcut.lnk
2012-07-20 13:14 - 2012-07-20 13:14 - 00001636 ____A C:\Users\User\Desktop\Sid Meier's Civilization V - Shortcut.lnk
2012-07-20 12:51 - 2012-07-20 12:52 - 00000000 ____D C:\Users\User\AppData\Roaming\MAXON
2012-07-20 12:51 - 2012-07-20 12:51 - 00000000 ____D C:\Users\User\AppData\Roaming\NVIDIA
2012-07-20 12:27 - 2012-07-20 12:27 - 00112912 ____A C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2012-07-20 12:25 - 2012-07-20 12:25 - 00001690 ____A C:\Users\User\Desktop\The Elder Scrolls V Skyrim - Shortcut.lnk
2012-07-20 12:23 - 2012-07-20 12:23 - 00001698 ____A C:\Users\User\Desktop\Far Cry 2 - Shortcut.lnk
2012-07-20 12:20 - 2012-07-20 12:21 - 00003145 ____A C:\Users\User\Desktop\ArmA 2 Operation Arrowhead Beta Patch.lnk
2012-07-20 12:07 - 2012-07-20 12:07 - 00001909 ____A C:\Users\User\Desktop\Arma 2 Operation Arrowhead - Shortcut.lnk
2012-07-20 12:05 - 2012-07-20 12:05 - 00001667 ____A C:\Users\User\Desktop\Dragon Age 2 - Shortcut.lnk
2012-07-20 12:01 - 2012-07-20 12:01 - 00000000 ____D C:\Users\User\Documents\My Games
2012-07-20 12:01 - 2012-07-20 12:01 - 00000000 ____D C:\Users\User\Documents\BioWare
2012-07-20 11:59 - 2012-07-21 20:38 - 00000000 ____D C:\Users\User\AppData\Roaming\Xfire
2012-07-20 11:57 - 2012-07-20 14:39 - 00000000 ____D C:\Users\User\AppData\Local\TSVNCache
2012-07-20 11:57 - 2012-07-20 13:04 - 00000000 ____D C:\Users\User\AppData\Roaming\Adobe
2012-07-20 11:57 - 2012-07-20 11:57 - 00000020 ___SH C:\Users\User\ntuser.ini
2012-07-20 11:57 - 2012-07-20 11:57 - 00000000 ___RD C:\Users\User\Podcasts
2012-07-20 11:57 - 2012-07-20 11:57 - 00000000 ____D C:\Users\User\AppData\Roaming\Subversion
2012-07-20 11:57 - 2012-07-20 11:57 - 00000000 ____D C:\Users\User\AppData\Roaming\Apple Computer
2012-07-20 11:57 - 2012-07-20 11:57 - 00000000 ____D C:\Users\User\AppData\Local\Adobe
2012-07-20 11:57 - 2011-01-07 19:02 - 00000000 ____D C:\Users\User\AppData\Roaming\Macromedia
2012-07-19 18:48 - 2012-05-15 02:48 - 25743168 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
2012-07-19 18:48 - 2012-05-15 02:48 - 25248064 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2012-07-19 18:48 - 2012-05-15 02:48 - 19607872 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2012-07-19 18:48 - 2012-05-15 02:48 - 18044224 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
2012-07-19 18:48 - 2012-05-15 02:48 - 17551680 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2012-07-19 18:48 - 2012-05-15 02:48 - 15322432 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2012-07-19 18:48 - 2012-05-15 02:48 - 14298944 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2012-07-19 18:48 - 2012-05-15 02:48 - 08139072 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2012-07-19 18:48 - 2012-05-15 02:48 - 08105280 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2012-07-19 18:48 - 2012-05-15 02:48 - 05982528 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2012-07-19 18:48 - 2012-05-15 02:48 - 02881856 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2012-07-19 18:48 - 2012-05-15 02:48 - 02681664 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2012-07-19 18:48 - 2012-05-15 02:48 - 02524992 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2012-07-19 18:48 - 2012-05-15 02:48 - 02445120 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2012-07-19 18:48 - 2012-05-15 02:48 - 02368832 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2012-07-19 10:27 - 2012-07-21 20:00 - 00000342 ____A C:\Windows\Tasks\At49.job
2012-07-19 10:27 - 2012-07-21 19:00 - 00000342 ____A C:\Windows\Tasks\At48.job
2012-07-19 10:27 - 2012-07-21 15:00 - 00000342 ____A C:\Windows\Tasks\At44.job
2012-07-19 10:27 - 2012-07-20 18:00 - 00000342 ____A C:\Windows\Tasks\At47.job
2012-07-19 10:27 - 2012-07-20 17:00 - 00000342 ____A C:\Windows\Tasks\At46.job
2012-07-19 10:27 - 2012-07-20 16:00 - 00000342 ____A C:\Windows\Tasks\At45.job
2012-07-19 10:27 - 2012-07-20 14:00 - 00000342 ____A C:\Windows\Tasks\At43.job
2012-07-19 10:26 - 2012-07-21 20:01 - 00000340 ____A C:\Windows\Tasks\At25.job
2012-07-19 10:26 - 2012-07-21 19:01 - 00000340 ____A C:\Windows\Tasks\At24.job
2012-07-19 10:26 - 2012-07-21 15:01 - 00000340 ____A C:\Windows\Tasks\At20.job
2012-07-19 10:26 - 2012-07-21 12:02 - 00000340 ____A C:\Windows\Tasks\At17.job
2012-07-19 10:26 - 2012-07-21 12:00 - 00000342 ____A C:\Windows\Tasks\At41.job
2012-07-19 10:26 - 2012-07-21 10:02 - 00000340 ____A C:\Windows\Tasks\At15.job
2012-07-19 10:26 - 2012-07-21 10:00 - 00000342 ____A C:\Windows\Tasks\At39.job
2012-07-19 10:26 - 2012-07-20 22:00 - 00000342 ____A C:\Windows\Tasks\At27.job
2012-07-19 10:26 - 2012-07-20 22:00 - 00000340 ____A C:\Windows\Tasks\At3.job
2012-07-19 10:26 - 2012-07-20 21:44 - 00000342 ____A C:\Windows\Tasks\At26.job
2012-07-19 10:26 - 2012-07-20 21:23 - 00000340 ____A C:\Windows\Tasks\At2.job
2012-07-19 10:26 - 2012-07-20 18:02 - 00000340 ____A C:\Windows\Tasks\At23.job
2012-07-19 10:26 - 2012-07-20 17:00 - 00000340 ____A C:\Windows\Tasks\At22.job
2012-07-19 10:26 - 2012-07-20 16:08 - 00000340 ____A C:\Windows\Tasks\At21.job
2012-07-19 10:26 - 2012-07-20 14:00 - 00000340 ____A C:\Windows\Tasks\At19.job
2012-07-19 10:26 - 2012-07-20 13:00 - 00000342 ____A C:\Windows\Tasks\At42.job
2012-07-19 10:26 - 2012-07-20 13:00 - 00000340 ____A C:\Windows\Tasks\At18.job
2012-07-19 10:26 - 2012-07-20 11:00 - 00000342 ____A C:\Windows\Tasks\At40.job
2012-07-19 10:26 - 2012-07-20 11:00 - 00000340 ____A C:\Windows\Tasks\At16.job
2012-07-19 10:26 - 2012-07-20 09:00 - 00000342 ____A C:\Windows\Tasks\At38.job
2012-07-19 10:26 - 2012-07-20 09:00 - 00000340 ____A C:\Windows\Tasks\At14.job
2012-07-19 10:26 - 2012-07-20 08:00 - 00000342 ____A C:\Windows\Tasks\At37.job
2012-07-19 10:26 - 2012-07-20 08:00 - 00000340 ____A C:\Windows\Tasks\At13.job
2012-07-19 10:26 - 2012-07-20 07:00 - 00000342 ____A C:\Windows\Tasks\At36.job
2012-07-19 10:26 - 2012-07-20 07:00 - 00000340 ____A C:\Windows\Tasks\At12.job
2012-07-19 10:26 - 2012-07-20 06:00 - 00000342 ____A C:\Windows\Tasks\At35.job
2012-07-19 10:26 - 2012-07-20 06:00 - 00000340 ____A C:\Windows\Tasks\At11.job
2012-07-19 10:26 - 2012-07-20 05:00 - 00000342 ____A C:\Windows\Tasks\At34.job
2012-07-19 10:26 - 2012-07-20 05:00 - 00000340 ____A C:\Windows\Tasks\At10.job
2012-07-19 10:26 - 2012-07-20 04:03 - 00000340 ____A C:\Windows\Tasks\At9.job
2012-07-19 10:26 - 2012-07-20 04:00 - 00000342 ____A C:\Windows\Tasks\At33.job
2012-07-19 10:26 - 2012-07-20 03:06 - 00000340 ____A C:\Windows\Tasks\At8.job
2012-07-19 10:26 - 2012-07-20 03:00 - 00000342 ____A C:\Windows\Tasks\At32.job
2012-07-19 10:26 - 2012-07-20 02:00 - 00000342 ____A C:\Windows\Tasks\At31.job
2012-07-19 10:26 - 2012-07-20 02:00 - 00000340 ____A C:\Windows\Tasks\At7.job
2012-07-19 10:26 - 2012-07-20 01:00 - 00000342 ____A C:\Windows\Tasks\At30.job
2012-07-19 10:26 - 2012-07-20 01:00 - 00000340 ____A C:\Windows\Tasks\At6.job
2012-07-19 10:26 - 2012-07-20 00:00 - 00000342 ____A C:\Windows\Tasks\At29.job
2012-07-19 10:26 - 2012-07-20 00:00 - 00000340 ____A C:\Windows\Tasks\At5.job
2012-07-19 10:26 - 2012-07-19 23:01 - 00000340 ____A C:\Windows\Tasks\At4.job
2012-07-19 10:26 - 2012-07-19 23:00 - 00000342 ____A C:\Windows\Tasks\At28.job
2012-07-19 10:26 - 2012-07-19 10:26 - 00086016 ___AH C:\Users\All Users\M8N34Jij.exe
2012-07-17 16:28 - 2012-07-18 08:20 - 00002573 ____A C:\Users\Public\Desktop\Six Updater.lnk
2012-07-17 16:28 - 2012-07-18 08:20 - 00002573 ____A C:\Users\Public\Desktop\Six Launcher.lnk
2012-07-14 16:24 - 2012-07-14 16:24 - 00000000 ____D C:\Program Files (x86)\SIX Projects
2012-07-14 15:25 - 2012-07-14 15:25 - 00001408 ____A C:\Users\UpdatusUser\Desktop\Launch ARMA 2 Operation Arrowhead.lnk
2012-07-14 15:25 - 2012-07-14 15:25 - 00001408 ____A C:\Users\Mcx2-STUDIO\Desktop\Launch ARMA 2 Operation Arrowhead.lnk
2012-07-14 15:25 - 2012-07-14 15:25 - 00001408 ____A C:\Users\Mcx1-STUDIO\Desktop\Launch ARMA 2 Operation Arrowhead.lnk
2012-07-11 00:07 - 2012-06-11 19:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-11 00:02 - 2012-06-02 04:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-11 00:02 - 2012-06-02 04:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-11 00:02 - 2012-06-02 04:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-11 00:02 - 2012-06-02 03:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-11 00:02 - 2012-06-02 03:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-11 00:02 - 2012-06-02 03:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-11 00:02 - 2012-06-02 03:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-11 00:02 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-07-11 00:02 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-07-11 00:02 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-07-11 00:02 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-07-11 00:02 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-07-11 00:02 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-07-11 00:01 - 2012-06-02 04:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-11 00:01 - 2012-06-02 04:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-11 00:01 - 2012-06-02 04:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-11 00:01 - 2012-06-02 04:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-11 00:01 - 2012-06-02 04:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-11 00:01 - 2012-06-02 04:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-11 00:01 - 2012-06-02 04:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-11 00:01 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-07-11 00:01 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-07-11 00:01 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-07-11 00:01 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-07-11 00:01 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-07-11 00:01 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-07-11 00:01 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-07-11 00:01 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-07-10 21:15 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-10 21:15 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-07-10 21:15 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-10 21:15 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-10 21:15 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-07-10 21:15 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-07-10 21:15 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-07-10 21:15 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-07-10 21:15 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-07-10 21:15 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-10 21:15 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-10 21:15 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-10 21:15 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-07-10 21:15 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-07-10 21:15 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-07-10 21:15 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-07-10 21:15 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2012-07-10 21:15 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2012-07-10 21:14 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-07-06 19:30 - 2012-07-06 19:06 - 03130440 ____A C:\Windows\SysWOW64\pbsvc_blr.exe

 

[unitdata]

============ 3 Months Modified Files ========================
2012-07-22 11:01 - 2012-04-24 23:21 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-22 11:01 - 2011-02-12 23:00 - 00067387 ____A C:\Windows\setupact.log
2012-07-22 11:01 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-22 08:35 - 2010-11-11 19:26 - 02061966 ____A C:\Windows\WindowsUpdate.log
2012-07-22 08:31 - 2012-04-24 23:21 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-22 08:28 - 2009-07-13 20:45 - 00014416 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-22 08:28 - 2009-07-13 20:45 - 00014416 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-22 08:18 - 2010-11-11 19:52 - 00210254 ____A C:\Windows\PFRO.log
2012-07-21 20:07 - 2011-05-12 16:28 - 00001334 ____A C:\rkill.log
2012-07-21 20:01 - 2012-07-19 10:26 - 00000340 ____A C:\Windows\Tasks\At25.job
2012-07-21 20:00 - 2012-07-19 10:27 - 00000342 ____A C:\Windows\Tasks\At49.job
2012-07-21 19:56 - 2012-04-02 22:31 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-21 19:10 - 2012-07-21 19:10 - 01012656 ____A C:\Users\User\Desktop\rkill.com
2012-07-21 19:01 - 2012-07-19 10:26 - 00000340 ____A C:\Windows\Tasks\At24.job
2012-07-21 19:00 - 2012-07-19 10:27 - 00000342 ____A C:\Windows\Tasks\At48.job
2012-07-21 15:01 - 2012-07-19 10:26 - 00000340 ____A C:\Windows\Tasks\At20.job
2012-07-21 15:00 - 2012-07-19 10:27 - 00000342 ____A C:\Windows\Tasks\At44.job
2012-07-21 12:02 - 2012-07-19 10:26 - 00000340 ____A C:\Windows\Tasks\At17.job
2012-07-21 12:00 - 2012-07-19 10:26 - 00000342 ____A C:\Windows\Tasks\At41.job
2012-07-21 10:02 - 2012-07-19 10:26 - 00000340 ____A C:\Windows\Tasks\At15.job
2012-07-21 10:01 - 2012-07-20 21:26 - 00022684 ____A C:\Users\User\Desktop\DDS.txt
2012-07-21 10:01 - 2012-07-20 21:26 - 00012812 ____A C:\Users\User\Desktop\Attach.txt
2012-07-21 10:00 - 2012-07-19 10:26 - 00000342 ____A C:\Windows\Tasks\At39.job
2012-07-20 22:00 - 2012-07-19 10:26 - 00000342 ____A C:\Windows\Tasks\At27.job
2012-07-20 22:00 - 2012-07-19 10:26 - 00000340 ____A C:\Windows\Tasks\At3.job
2012-07-20 21:44 - 2012-07-19 10:26 - 00000342 ____A C:\Windows\Tasks\At26.job
2012-07-20 21:23 - 2012-07-19 10:26 - 00000340 ____A C:\Windows\Tasks\At2.job
2012-07-20 20:36 - 2012-07-20 20:36 - 00607260 ____R (Swearware) C:\Users\User\Desktop\dds.scr
2012-07-20 20:33 - 2010-11-12 06:29 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2012-07-20 20:32 - 2012-07-20 20:32 - 00302592 ____A C:\Users\User\Desktop\xyxehvnp.exe
2012-07-20 20:15 - 2012-07-20 19:40 - 00000032 ____A C:\Users\User\jagex_cl_runescape_LIVE.dat
2012-07-20 19:41 - 2012-07-20 19:40 - 00000024 ____A C:\Users\User\jagexappletviewer.preferences
2012-07-20 18:21 - 2012-04-28 13:33 - 00002515 ____A C:\Users\Public\Desktop\Skype.lnk
2012-07-20 18:02 - 2012-07-19 10:26 - 00000340 ____A C:\Windows\Tasks\At23.job
2012-07-20 18:00 - 2012-07-19 10:27 - 00000342 ____A C:\Windows\Tasks\At47.job
2012-07-20 17:28 - 2012-07-20 17:28 - 00003584 ____A C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-07-20 17:00 - 2012-07-19 10:27 - 00000342 ____A C:\Windows\Tasks\At46.job
2012-07-20 17:00 - 2012-07-19 10:26 - 00000340 ____A C:\Windows\Tasks\At22.job
2012-07-20 16:08 - 2012-07-19 10:26 - 00000340 ____A C:\Windows\Tasks\At21.job
2012-07-20 16:00 - 2012-07-19 10:27 - 00000342 ____A C:\Windows\Tasks\At45.job
2012-07-20 14:00 - 2012-07-19 10:27 - 00000342 ____A C:\Windows\Tasks\At43.job
2012-07-20 14:00 - 2012-07-19 10:26 - 00000340 ____A C:\Windows\Tasks\At19.job
2012-07-20 13:35 - 2012-07-20 13:35 - 00002050 ____A C:\Users\User\Desktop\RuneScape.lnk
2012-07-20 13:32 - 2009-07-13 21:13 - 00926574 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-20 13:25 - 2012-07-20 13:25 - 00001328 ____A C:\Users\User\Desktop\WinRAR - Shortcut.lnk
2012-07-20 13:17 - 2012-07-20 13:17 - 00001682 ____A C:\Users\User\Desktop\Microsoft Word 2010 - shortcut.lnk
2012-07-20 13:16 - 2012-07-20 13:16 - 00001682 ____A C:\Users\User\Desktop\Microsoft Outlook 2010 - Shortcut.lnk
2012-07-20 13:14 - 2012-07-20 13:14 - 00001636 ____A C:\Users\User\Desktop\Sid Meier's Civilization V - Shortcut.lnk
2012-07-20 13:00 - 2012-07-19 10:26 - 00000342 ____A C:\Windows\Tasks\At42.job
2012-07-20 13:00 - 2012-07-19 10:26 - 00000340 ____A C:\Windows\Tasks\At18.job
2012-07-20 12:27 - 2012-07-20 12:27 - 00112912 ____A C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2012-07-20 12:25 - 2012-07-20 12:25 - 00001690 ____A C:\Users\User\Desktop\The Elder Scrolls V Skyrim - Shortcut.lnk
2012-07-20 12:23 - 2012-07-20 12:23 - 00001698 ____A C:\Users\User\Desktop\Far Cry 2 - Shortcut.lnk
2012-07-20 12:21 - 2012-07-20 12:20 - 00003145 ____A C:\Users\User\Desktop\ArmA 2 Operation Arrowhead Beta Patch.lnk
2012-07-20 12:07 - 2012-07-20 12:07 - 00001909 ____A C:\Users\User\Desktop\Arma 2 Operation Arrowhead - Shortcut.lnk
2012-07-20 12:05 - 2012-07-20 12:05 - 00001667 ____A C:\Users\User\Desktop\Dragon Age 2 - Shortcut.lnk
2012-07-20 11:57 - 2012-07-20 11:57 - 00000020 ___SH C:\Users\User\ntuser.ini
2012-07-20 11:00 - 2012-07-19 10:26 - 00000342 ____A C:\Windows\Tasks\At40.job
2012-07-20 11:00 - 2012-07-19 10:26 - 00000340 ____A C:\Windows\Tasks\At16.job
2012-07-20 09:00 - 2012-07-19 10:26 - 00000342 ____A C:\Windows\Tasks\At38.job
2012-07-20 09:00 - 2012-07-19 10:26 - 00000340 ____A C:\Windows\Tasks\At14.job
2012-07-20 08:00 - 2012-07-19 10:26 - 00000342 ____A C:\Windows\Tasks\At37.job
2012-07-20 08:00 - 2012-07-19 10:26 - 00000340 ____A C:\Windows\Tasks\At13.job
2012-07-20 07:00 - 2012-07-19 10:26 - 00000342 ____A C:\Windows\Tasks\At36.job
2012-07-20 07:00 - 2012-07-19 10:26 - 00000340 ____A C:\Windows\Tasks\At12.job
2012-07-20 06:00 - 2012-07-19 10:26 - 00000342 ____A C:\Windows\Tasks\At35.job
2012-07-20 06:00 - 2012-07-19 10:26 - 00000340 ____A C:\Windows\Tasks\At11.job
2012-07-20 05:00 - 2012-07-19 10:26 - 00000342 ____A C:\Windows\Tasks\At34.job
2012-07-20 05:00 - 2012-07-19 10:26 - 00000340 ____A C:\Windows\Tasks\At10.job
2012-07-20 04:03 - 2012-07-19 10:26 - 00000340 ____A C:\Windows\Tasks\At9.job
2012-07-20 04:00 - 2012-07-19 10:26 - 00000342 ____A C:\Windows\Tasks\At33.job
2012-07-20 03:06 - 2012-07-19 10:26 - 00000340 ____A C:\Windows\Tasks\At8.job
2012-07-20 03:00 - 2012-07-19 10:26 - 00000342 ____A C:\Windows\Tasks\At32.job
2012-07-20 02:00 - 2012-07-19 10:26 - 00000342 ____A C:\Windows\Tasks\At31.job
2012-07-20 02:00 - 2012-07-19 10:26 - 00000340 ____A C:\Windows\Tasks\At7.job
2012-07-20 01:00 - 2012-07-19 10:26 - 00000342 ____A C:\Windows\Tasks\At30.job
2012-07-20 01:00 - 2012-07-19 10:26 - 00000340 ____A C:\Windows\Tasks\At6.job
2012-07-20 00:00 - 2012-07-19 10:26 - 00000342 ____A C:\Windows\Tasks\At29.job
2012-07-20 00:00 - 2012-07-19 10:26 - 00000340 ____A C:\Windows\Tasks\At5.job
2012-07-19 23:01 - 2012-07-19 10:26 - 00000340 ____A C:\Windows\Tasks\At4.job
2012-07-19 23:00 - 2012-07-19 10:26 - 00000342 ____A C:\Windows\Tasks\At28.job
2012-07-19 11:17 - 2009-07-13 21:08 - 00032622 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-07-19 10:42 - 2010-11-13 11:02 - 00000258 _RASH C:\Users\All Users\ntuser.pol
2012-07-19 10:26 - 2012-07-19 10:26 - 00086016 ___AH C:\Users\All Users\M8N34Jij.exe
2012-07-19 08:50 - 2012-03-14 21:14 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-18 08:20 - 2012-07-17 16:28 - 00002573 ____A C:\Users\Public\Desktop\Six Updater.lnk
2012-07-18 08:20 - 2012-07-17 16:28 - 00002573 ____A C:\Users\Public\Desktop\Six Launcher.lnk
2012-07-14 15:25 - 2012-07-14 15:25 - 00001408 ____A C:\Users\UpdatusUser\Desktop\Launch ARMA 2 Operation Arrowhead.lnk
2012-07-14 15:25 - 2012-07-14 15:25 - 00001408 ____A C:\Users\Mcx2-STUDIO\Desktop\Launch ARMA 2 Operation Arrowhead.lnk
2012-07-14 15:25 - 2012-07-14 15:25 - 00001408 ____A C:\Users\Mcx1-STUDIO\Desktop\Launch ARMA 2 Operation Arrowhead.lnk
2012-07-14 15:25 - 2010-11-11 20:05 - 00476985 ____A C:\Windows\DirectX.log
2012-07-12 18:29 - 2012-06-05 18:23 - 00280904 ____A C:\Windows\SysWOW64\PnkBstrB.exe
2012-07-12 18:29 - 2010-11-14 21:16 - 00280904 ____A C:\Windows\SysWOW64\PnkBstrB.xtr
2012-07-12 18:24 - 2010-11-13 09:40 - 00283304 ____A C:\Windows\SysWOW64\PnkBstrB.ex0
2012-07-11 11:56 - 2012-04-02 22:31 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-11 11:56 - 2011-05-12 18:31 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-11 10:36 - 2009-07-13 20:45 - 04982560 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-11 00:02 - 2010-11-11 20:04 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-06 19:34 - 2010-11-13 09:40 - 00076888 ____A C:\Windows\SysWOW64\PnkBstrA.exe
2012-07-06 19:06 - 2012-07-06 19:30 - 03130440 ____A C:\Windows\SysWOW64\pbsvc_blr.exe
2012-07-03 10:46 - 2011-05-12 16:31 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-03 08:21 - 2012-03-14 21:26 - 00054072 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2012-07-03 08:21 - 2011-03-14 06:58 - 00958400 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2012-07-03 08:21 - 2011-01-16 08:46 - 00285328 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-07-03 08:21 - 2010-11-12 06:29 - 00355856 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2012-07-03 08:21 - 2010-11-12 06:29 - 00071064 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2012-07-03 08:21 - 2010-11-12 06:29 - 00059728 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2012-07-03 08:21 - 2010-11-12 06:29 - 00025232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2012-07-03 08:21 - 2010-11-12 06:28 - 00227648 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe
2012-07-03 08:21 - 2010-11-12 06:28 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr
2012-06-18 19:46 - 2012-06-18 19:42 - 00000529 ____A C:\Windows\eReg.dat
2012-06-11 19:08 - 2012-07-11 00:07 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-08 21:43 - 2012-07-10 21:15 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 20:41 - 2012-07-10 21:15 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-05 22:06 - 2012-07-10 21:15 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 22:06 - 2012-07-10 21:15 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 22:02 - 2012-07-10 21:14 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-05 21:05 - 2012-07-10 21:15 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 21:05 - 2012-07-10 21:15 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-05 21:03 - 2012-07-10 21:15 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-06-04 23:59 - 2011-06-07 16:35 - 00008191 ____A C:\Windows\IE9_main.log
2012-06-04 23:57 - 2012-06-04 23:57 - 03695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2012-06-04 23:57 - 2012-06-04 23:57 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-06-04 23:57 - 2012-06-04 23:57 - 00697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-06-04 23:57 - 2012-06-04 23:57 - 00603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-06-04 23:57 - 2012-06-04 23:57 - 00580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-06-04 23:57 - 2012-06-04 23:57 - 00534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-06-04 23:57 - 2012-06-04 23:57 - 00452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-06-04 23:57 - 2012-06-04 23:57 - 00448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-06-04 23:57 - 2012-06-04 23:57 - 00434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2012-06-04 23:57 - 2012-06-04 23:57 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-06-04 23:57 - 2012-06-04 23:57 - 00403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-06-04 23:57 - 2012-06-04 23:57 - 00367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-06-04 23:57 - 2012-06-04 23:57 - 00353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2012-06-04 23:57 - 2012-06-04 23:57 - 00353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-06-04 23:57 - 2012-06-04 23:57 - 00282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-06-04 23:57 - 2012-06-04 23:57 - 00267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-06-04 23:57 - 2012-06-04 23:57 - 00249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-06-04 23:57 - 2012-06-04 23:57 - 00227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2012-06-04 23:57 - 2012-06-04 23:57 - 00223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2012-06-04 23:57 - 2012-06-04 23:57 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-06-04 23:57 - 2012-06-04 23:57 - 00203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2012-06-04 23:57 - 2012-06-04 23:57 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-06-04 23:57 - 2012-06-04 23:57 - 00165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-06-04 23:57 - 2012-06-04 23:57 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2012-06-04 23:57 - 2012-06-04 23:57 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-06-04 23:57 - 2012-06-04 23:57 - 00162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2012-06-04 23:57 - 2012-06-04 23:57 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2012-06-04 23:57 - 2012-06-04 23:57 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-06-04 23:57 - 2012-06-04 23:57 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-06-04 23:57 - 2012-06-04 23:57 - 00152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2012-06-04 23:57 - 2012-06-04 23:57 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2012-06-04 23:57 - 2012-06-04 23:57 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-06-04 23:57 - 2012-06-04 23:57 - 00145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-06-04 23:57 - 2012-06-04 23:57 - 00135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-06-04 23:57 - 2012-06-04 23:57 - 00130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2012-06-04 23:57 - 2012-06-04 23:57 - 00123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2012-06-04 23:57 - 2012-06-04 23:57 - 00118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-06-04 23:57 - 2012-06-04 23:57 - 00114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-06-04 23:57 - 2012-06-04 23:57 - 00111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-06-04 23:57 - 2012-06-04 23:57 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2012-06-04 23:57 - 2012-06-04 23:57 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-06-04 23:57 - 2012-06-04 23:57 - 00101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2012-06-04 23:57 - 2012-06-04 23:57 - 00091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-06-04 23:57 - 2012-06-04 23:57 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-06-04 23:57 - 2012-06-04 23:57 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-06-04 23:57 - 2012-06-04 23:57 - 00086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2012-06-04 23:57 - 2012-06-04 23:57 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-06-04 23:57 - 2012-06-04 23:57 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-06-04 23:57 - 2012-06-04 23:57 - 00078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2012-06-04 23:57 - 2012-06-04 23:57 - 00076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2012-06-04 23:57 - 2012-06-04 23:57 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-06-04 23:57 - 2012-06-04 23:57 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2012-06-04 23:57 - 2012-06-04 23:57 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2012-06-04 23:57 - 2012-06-04 23:57 - 00074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2012-06-04 23:57 - 2012-06-04 23:57 - 00066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2012-06-04 23:57 - 2012-06-04 23:57 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-06-04 23:57 - 2012-06-04 23:57 - 00063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2012-06-04 23:57 - 2012-06-04 23:57 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-06-04 23:57 - 2012-06-04 23:57 - 00054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2012-06-04 23:57 - 2012-06-04 23:57 - 00049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-06-04 23:57 - 2012-06-04 23:57 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2012-06-04 23:57 - 2012-06-04 23:57 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-06-04 23:57 - 2012-06-04 23:57 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-06-04 23:57 - 2012-06-04 23:57 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-06-04 23:57 - 2012-06-04 23:57 - 00035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2012-06-04 23:57 - 2012-06-04 23:57 - 00031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2012-06-04 23:57 - 2012-06-04 23:57 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-06-04 23:57 - 2012-06-04 23:57 - 00023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-06-04 23:57 - 2012-06-04 23:57 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-06-04 23:57 - 2012-06-04 23:57 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2012-06-04 23:57 - 2012-06-04 23:57 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-06-04 23:57 - 2012-06-04 23:57 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-06-02 14:19 - 2012-06-21 11:25 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-21 11:25 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-21 11:25 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-21 11:24 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-21 11:24 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-21 11:25 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-21 11:24 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 12:19 - 2012-06-21 11:23 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 12:15 - 2012-06-21 11:23 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 04:49 - 2012-07-11 00:01 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 04:17 - 2012-07-11 00:01 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 04:12 - 2012-07-11 00:01 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 04:05 - 2012-07-11 00:02 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 04:05 - 2012-07-11 00:01 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 04:04 - 2012-07-11 00:02 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 04:04 - 2012-07-11 00:01 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 04:03 - 2012-07-11 00:01 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 04:01 - 2012-07-11 00:02 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 04:00 - 2012-07-11 00:01 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 03:59 - 2012-07-11 00:02 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 03:57 - 2012-07-11 00:02 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 03:57 - 2012-07-11 00:02 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 03:54 - 2012-07-11 00:02 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-02 01:07 - 2012-07-11 00:01 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-02 00:43 - 2012-07-11 00:01 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-02 00:33 - 2012-07-11 00:01 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-02 00:26 - 2012-07-11 00:02 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-02 00:25 - 2012-07-11 00:01 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-02 00:25 - 2012-07-11 00:01 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-02 00:23 - 2012-07-11 00:02 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-02 00:21 - 2012-07-11 00:01 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-02 00:20 - 2012-07-11 00:01 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-02 00:19 - 2012-07-11 00:02 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-02 00:19 - 2012-07-11 00:01 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-02 00:17 - 2012-07-11 00:02 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-02 00:16 - 2012-07-11 00:02 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-02 00:14 - 2012-07-11 00:02 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-01 21:50 - 2012-07-10 21:15 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 21:48 - 2012-07-10 21:15 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 21:48 - 2012-07-10 21:15 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 21:45 - 2012-07-10 21:15 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 21:44 - 2012-07-10 21:15 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 20:40 - 2012-07-10 21:15 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 20:40 - 2012-07-10 21:15 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 20:39 - 2012-07-10 21:15 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-01 20:34 - 2012-07-10 21:15 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-05-31 09:25 - 2010-11-11 19:43 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-05-15 02:48 - 2012-07-19 18:48 - 25743168 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
2012-05-15 02:48 - 2012-07-19 18:48 - 25248064 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2012-05-15 02:48 - 2012-07-19 18:48 - 19607872 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2012-05-15 02:48 - 2012-07-19 18:48 - 18044224 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
2012-05-15 02:48 - 2012-07-19 18:48 - 17551680 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2012-05-15 02:48 - 2012-07-19 18:48 - 15322432 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2012-05-15 02:48 - 2012-07-19 18:48 - 14298944 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2012-05-15 02:48 - 2012-07-19 18:48 - 08139072 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2012-05-15 02:48 - 2012-07-19 18:48 - 08105280 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2012-05-15 02:48 - 2012-07-19 18:48 - 05982528 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2012-05-15 02:48 - 2012-07-19 18:48 - 02881856 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2012-05-15 02:48 - 2012-07-19 18:48 - 02681664 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2012-05-15 02:48 - 2012-07-19 18:48 - 02524992 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2012-05-15 02:48 - 2012-07-19 18:48 - 02445120 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2012-05-15 02:48 - 2012-07-19 18:48 - 02368832 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2012-05-15 02:48 - 2012-02-21 20:52 - 00068928 ____A (Khronos Group) C:\Windows\System32\OpenCL.dll
2012-05-15 02:48 - 2012-02-21 20:52 - 00061248 ____A (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2012-05-15 02:48 - 2011-09-27 16:55 - 01738048 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco64.dll
2012-05-15 02:48 - 2011-09-27 16:55 - 01468224 ____A (NVIDIA Corporation) C:\Windows\System32\nvgenco64.dll
2012-05-15 02:48 - 2010-11-11 19:34 - 02741568 ____A (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll
2012-05-15 02:48 - 2010-11-11 19:34 - 00014324 ____A C:\Windows\System32\nvinfo.pb
2012-05-15 02:48 - 2009-07-13 13:59 - 10194752 ____A (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll
2012-05-15 01:29 - 2011-04-07 20:19 - 03149632 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll
2012-05-15 01:29 - 2011-04-07 20:19 - 00889664 ____A (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
2012-05-15 01:29 - 2011-04-07 20:19 - 00118080 ____A (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
2012-05-15 01:29 - 2010-10-16 11:13 - 00063296 ____A (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
2012-05-15 01:28 - 2011-04-07 20:19 - 06151488 ____A (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
2012-05-14 23:21 - 2012-05-14 23:21 - 00423744 ____A C:\Windows\SysWOW64\nvStreaming.exe
2012-05-04 03:06 - 2012-06-13 19:41 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 02:03 - 2012-06-13 19:41 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 02:03 - 2012-06-13 19:41 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-02 18:54 - 2012-05-02 18:54 - 00042392 ____A C:\Windows\SysWOW64\xfcodec.dll
2012-05-02 18:54 - 2012-05-02 18:54 - 00028056 ____A C:\Windows\System32\xfcodec64.dll
2012-04-30 21:40 - 2012-06-13 19:41 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-27 19:55 - 2012-06-13 19:41 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-25 21:41 - 2012-06-13 19:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 21:41 - 2012-06-13 19:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 21:34 - 2012-06-13 19:41 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
ZeroAccess:
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\@
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\L
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\L\00000004.@
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\00000004.@
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\00000008.@
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\000000cb.@
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\80000000.@
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\80000032.@
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\80000064.@
ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini
ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

 

[unitdata]

========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
========================= Memory info ======================
Percentage of memory in use: 21%
Total physical RAM: 4095.18 MB
Available physical RAM: 3224 MB
Total Pagefile: 4093.33 MB
Available Pagefile: 3221.89 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB
======================= Partitions =========================
1 Drive c: () (Fixed) (Total:465.66 GB) (Free:196.61 GB) NTFS
7 Drive j: (CRUZER) (Removable) (Total:7.5 GB) (Free:7.34 GB) FAT32
8 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
9 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 Online 7691 MB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 465 GB 101 MB
==================================================================================
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy
==================================================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 465 GB Healthy
==================================================================================
Partitions of Disk 5:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
* Partition 1 Primary 7691 MB 0 B
==================================================================================
Disk: 5
There is no partition selected.
There is no partition selected.
Please select a partition and try again.
==================================================================================
==========================================================
Last Boot: 2012-07-20 00:38
======================= End Of Log ==========================

 

[Jay Pfoutz]

Additional FRST Scan

Once again, please boot to the System Recovery Options and run FRST, as done previously.

Type the following text in the blank box after Search:

services.exe

Click: Search file(s)

When done searching, FRST makes a log, Search.txt, on the C:\ drive.

Please provide the Search.txt in your reply.

 

[unitdata]

Farbar Recovery Scan Tool Version: 20-07-2012 01
Ran by SYSTEM at 2012-07-23 03:19:04
Running from J:\
================== Search: "services.exe" ===================
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06
====== End Of Search ======

 

[Jay Pfoutz]

FRST64 Fixlist

Please run the following:

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
Replace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\Windows\System32\services.exe
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now, please enter System Recovery Options then select Command Prompt.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Now restart, let it boot normally and tell me how it went.

 

[unitdata]

Followed all the steps you gave me and everything went smoothy with no errors, but looks like farbar couldn't find services.exe?

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 20-07-2012 01
Ran by SYSTEM at 2012-07-23 16:38:18 Run:1
Running from J:\
==============================================
Could not find C:\Windows\System32\services.exe.
Could not find C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe.
==== End of Fixlog ====

 

[Jay Pfoutz]

Please redo the steps in this post: https://www.techspot.com/community/...e-iexplore-exe-processes.183215/#post-1205741 and reply with your new log.

 

[unitdata]

Farbar Recovery Scan Tool Version: 20-07-2012 01
Ran by SYSTEM at 2012-07-24 04:05:19
Running from J:\
================== Search: "services.exe" ===================
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06
====== End Of Search ======

 

[Jay Pfoutz]

FRST64 Fixlist

Please run the following:

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
Replace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\Windows\System32\services.exe
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now, please enter System Recovery Options then select Command Prompt.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Now restart, let it boot normally and tell me how it went.

 

[unitdata]

Same results.

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 20-07-2012 01
Ran by SYSTEM at 2012-07-24 15:52:07 Run:2
Running from J:\
==============================================
Could not find C:\Windows\System32\services.exe.
Could not find C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe.
==== End of Fixlog ====

 

[Jay Pfoutz]

Are you sure everything is being copied and pasted correctly?

Those other things should have been deleted too.

Please let me see another log from FRST (not the search for services.exe, just the regular scan).

 

[Jay Pfoutz]

Hello. Are you still with us?

Your thread has been marked as "Inactive" because of your lack of reply. Please let us know how your computer is running, or if you want to continue in this topic.

Thanks.

 

[unitdata]

Sorry for the delay, yes everything was copied and pasted correctly.

Heres the log you requested:


Scan result of Farbar Recovery Scan Tool Version: 20-07-2012 01
Ran by SYSTEM at 31-07-2012 03:10:46
Running from J:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001
========================== Registry (Whitelisted) =============
HKLM\...\Run: [HP Input Device Main Program] C:\Program Files\HP\HP Wireless Comfort Mouse\TSR\xDaemon.exe [530432 2008-10-16] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [499608 2011-03-15] (Adobe Systems Incorporated)
HKLM\...\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe" [163552 2011-08-05] (Microsoft Corporation)
HKLM-x32\...\Run: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry [x]
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui [4273976 2012-07-03] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Razer Mamba Elite Driver] C:\Program Files (x86)\Razer\Mamba\RazerMambaSysTray.exe [2276760 2011-06-01] (Razer USA Ltd)
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKU\Account\...\Policies\system: [LogonHoursAction] 2
HKU\Account\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Mcx2-STUDIO\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [343552 2009-07-13] (Microsoft Corporation)
HKU\UpdatusUser\...\Run: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent [x]
HKU\UpdatusUser\...\Run: [Akamai NetSession Interface] "C:\Users\User\AppData\Local\Akamai\netsession_win.exe" [x]
HKU\UpdatusUser\...\Run: [Voobly] [x]
HKU\UpdatusUser\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3514176 2011-11-10] (DT Soft Ltd)
HKU\UpdatusUser\...\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [1242448 2012-03-12] (Valve Corporation)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
==================== Services (Whitelisted) ======
2 Akamai; C:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll [4419392 2012-07-10] (Akamai Technologies, Inc)
2 avast! Antivirus; "C:\Program Files\Alwil Software\Avast5\AvastSvc.exe" [44808 2012-07-03] (AVAST Software)
2 McciCMService64; "C:\Program Files\Common Files\Motive\McciCMService.exe" [517632 2010-11-08] (Alcatel-Lucent)
2 MSSQL$SQLEXPRESS; "C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS [40999448 2008-07-10] (Microsoft Corporation)
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-07-06] ()
4 SQLAgent$SQLEXPRESS; "C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE" -I SQLEXPRESS [369688 2008-07-10] (Microsoft Corporation)
2 SupportSoft RemoteAssist; C:\Program Files (x86)\Common Files\supportsoft\bin\ssrc.exe [386424 2010-02-24] (SupportSoft, Inc.)
3 WMZuneComm; "C:\Program Files\Zune\WMZuneComm.exe" [306400 2011-08-05] (Microsoft Corporation)
3 ZuneNetworkSvc; "C:\Program Files\Zune\ZuneNss.exe" [8277728 2011-08-05] (Microsoft Corporation)
3 ZuneWlanCfgSvc; "C:\Program Files\Zune\ZuneWlanCfgSvc.exe" [467680 2011-08-05] (Microsoft Corporation)
========================== Drivers (Whitelisted) =============
3 Arctosa; C:\Windows\System32\Drivers\Arctosa.sys [19840 2009-08-19] (Razer USA Ltd.)
2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [25232 2012-07-03] (AVAST Software)
2 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [71064 2012-07-03] (AVAST Software)
1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [31064 2011-07-04] (AVAST Software)
1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [958400 2012-07-03] (AVAST Software)
1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [355856 2012-07-03] (AVAST Software)
1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59728 2012-07-03] (AVAST Software)
3 hamachi; C:\Windows\System32\Drivers\hamachi.sys [33856 2009-03-18] (LogMeIn, Inc.)
3 HpStm001; C:\Windows\System32\Drivers\HpStm001.sys [14336 2008-08-28] (Primax Electronics Ltd.)
3 Lycosa; C:\Windows\System32\Drivers\Lycosa.sys [18816 2008-01-17] (Razer USA Ltd.)
3 P17; C:\Windows\System32\Drivers\P17.sys [1289216 2009-08-03] (Creative Technology Ltd.)
0 sptd; C:\Windows\System32\Drivers\sptd.sys [530488 2011-12-20] (Duplex Secure Ltd.)
3 VCSVADHWSer; C:\Windows\System32\DRIVERS\vcsvad.sys [21504 2008-12-26] (Avnex)
3 dump_wmimmc; \??\C:\ijji\ENGLISH\Gunz\GameGuard\dump_wmimmc.sys [x]
3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [x]
3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x]
3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x]
3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [x]
3 NPPTNT2; \??\C:\Windows\system32\npptNT2.sys [x]

 

[unitdata]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============
2012-07-30 22:14 - 2012-07-30 22:17 - 00000000 ____D C:\Users\User\AppData\Local\Windows Live
2012-07-30 22:14 - 2012-07-30 22:15 - 00000000 ____D C:\Users\User\AppData\Local\{A34A1C9F-2E2D-4CFB-8A10-54735C39984F}
2012-07-30 22:13 - 2012-07-30 22:14 - 00000000 ____D C:\Users\User\AppData\Local\{94669D8B-0CDA-44AF-B0CA-F15BEB867A7F}
2012-07-30 21:31 - 2012-07-30 22:06 - 68845205 ____A C:\Users\User\Desktop\Lighting1.wmv
2012-07-30 21:27 - 2012-07-30 21:24 - 303055560 ____A C:\Users\User\Desktop\VIDEO0020.mp4
2012-07-29 14:10 - 2012-07-30 23:51 - 00000000 ____D C:\Users\User\AppData\Local\PAYDAY
2012-07-29 11:06 - 2012-07-29 11:06 - 00000020 ___SH C:\Users\Mcx2-STUDIO\ntuser.ini
2012-07-29 11:06 - 2012-07-29 11:06 - 00000000 ____D C:\users\Mcx2-STUDIO
2012-07-29 11:06 - 2011-01-07 19:02 - 00000000 ____D C:\Users\Mcx2-STUDIO\AppData\Roaming\Macromedia
2012-07-28 21:33 - 2012-07-28 21:33 - 00000132 ____A C:\Users\User\AppData\Roaming\Adobe PNG Format CS5 Prefs
2012-07-28 16:58 - 2012-07-28 16:58 - 00000000 ____D C:\Users\User\AppData\Roaming\Awesomium
2012-07-28 12:28 - 2012-07-28 12:28 - 00000000 ____D C:\Users\User\AppData\Local\ArmA 2
2012-07-27 21:29 - 2012-07-27 21:29 - 00000000 ____D C:\Users\User\AppData\Roaming\WinRAR
2012-07-26 22:54 - 2012-07-26 22:54 - 00000000 ____D C:\Users\User\Documents\Mount&Blade Warband Characters
2012-07-26 22:27 - 2012-07-26 22:53 - 00000000 ____D C:\Users\User\Documents\Mount&Blade Warband Savegames
2012-07-26 22:24 - 2012-07-26 22:26 - 00000000 ____D C:\Users\User\AppData\Roaming\Mount&Blade Warband
2012-07-26 18:58 - 2012-07-26 18:58 - 00001098 ____A C:\Users\User\Desktop\Mount&Blade Warband.lnk
2012-07-26 18:58 - 2012-07-26 18:58 - 00001098 ____A C:\Users\UpdatusUser\Desktop\Mount&Blade Warband.lnk
2012-07-26 18:55 - 2012-07-26 22:25 - 00000000 ____D C:\Program Files (x86)\Mount&Blade Warband
2012-07-26 17:23 - 2012-07-26 17:23 - 00001243 ____A C:\Users\User\Desktop\DVDVideoSoft Free Studio.lnk
2012-07-26 17:23 - 2012-07-26 17:23 - 00000000 ____D C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers
2012-07-26 17:20 - 2012-07-12 14:13 - 00405144 ____A (Newtonsoft) C:\Windows\SysWOW64\Newtonsoft.Json.Net20.dll
2012-07-26 17:19 - 2012-07-26 17:19 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2012-07-26 15:38 - 2012-07-30 19:04 - 00001810 ____A C:\Users\User\Desktop\songs.txt
2012-07-25 20:34 - 2012-07-25 20:34 - 00000000 ____D C:\Program Files (x86)\1ClickDownload
2012-07-25 15:11 - 2012-07-25 15:14 - 00001031 ____A C:\Users\User\Desktop\passwords.txt
2012-07-25 12:08 - 2012-07-25 12:08 - 00000000 ____D C:\Users\User\Documents\Battlefield 3
2012-07-25 12:08 - 2012-07-25 12:08 - 00000000 ____D C:\Users\User\AppData\Local\PunkBuster
2012-07-25 12:05 - 2012-07-25 12:05 - 00000000 ____D C:\Users\User\AppData\Roaming\Origin
2012-07-25 12:05 - 2012-07-25 12:05 - 00000000 ____D C:\Users\User\AppData\Local\Origin
2012-07-24 21:26 - 2012-07-24 21:26 - 00000000 ____D C:\Users\User\AppData\Local\Downloaded Installations
2012-07-24 10:34 - 2012-07-24 10:34 - 00000000 ____D C:\Users\User\AppData\Local\Apple
2012-07-23 23:01 - 2012-07-24 20:55 - 00000000 ____D C:\Users\User\AppData\Roaming\TS3Client
2012-07-23 22:48 - 2012-07-23 22:48 - 00000000 ____D C:\Users\User\AppData\Local\SIX_Projects
2012-07-22 17:45 - 2012-07-22 17:46 - 00000000 ____D C:\FRST
2012-07-22 16:26 - 2012-07-29 18:16 - 00000000 ____D C:\Users\User\AppData\Local\ArmA 2 OA
2012-07-22 16:26 - 2012-07-22 16:26 - 00000000 ____D C:\Users\User\Documents\ArmA 2
2012-07-22 16:21 - 2012-07-23 23:01 - 00000000 ____D C:\Users\User\AppData\Roaming\six-updater
2012-07-22 16:21 - 2012-07-22 16:21 - 00000000 ____D C:\Users\User\AppData\Roaming\six-zsync
2012-07-22 11:24 - 2012-07-22 11:24 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-07-21 20:40 - 2012-07-30 19:17 - 00000000 ____D C:\Users\User\AppData\Roaming\Azureus
2012-07-21 20:40 - 2012-07-21 20:40 - 00000000 ____D C:\Users\User\.swt
2012-07-20 19:40 - 2012-07-30 16:34 - 00000032 ____A C:\Users\User\jagex_cl_runescape_LIVE.dat
2012-07-20 19:40 - 2012-07-20 19:41 - 00000024 ____A C:\Users\User\jagexappletviewer.preferences
2012-07-20 18:22 - 2012-07-30 22:13 - 00000000 ____D C:\Users\User\AppData\Roaming\Skype
2012-07-20 17:28 - 2012-07-20 17:28 - 00003584 ____A C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-07-20 15:32 - 2012-07-20 15:32 - 00000000 ____D C:\Users\User\AppData\Roaming\Malwarebytes
2012-07-20 15:14 - 2012-07-20 15:52 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-07-20 14:07 - 2012-07-20 14:07 - 00000000 ____D C:\Users\User\AppData\Local\Paint.NET
2012-07-20 13:54 - 2012-07-20 13:54 - 00000000 ____D C:\Users\User\AppData\Local\Microsoft Help
2012-07-20 13:39 - 2012-07-20 14:00 - 00000000 ____D C:\Users\User\Documents\Outlook Files
2012-07-20 13:35 - 2012-07-20 13:35 - 00002050 ____A C:\Users\User\Desktop\RuneScape.lnk
2012-07-20 13:35 - 2012-07-20 13:35 - 00000000 ____D C:\Users\User\jagexcache
2012-07-20 13:29 - 2011-07-02 22:00 - 00000229 ____A C:\Users\User\Desktop\Linksys.txt
2012-07-20 13:25 - 2012-07-20 13:25 - 00001328 ____A C:\Users\User\Desktop\WinRAR - Shortcut.lnk
2012-07-20 13:22 - 2012-07-26 17:23 - 00000000 ____D C:\Users\User\AppData\Roaming\DVDVideoSoft
2012-07-20 13:17 - 2012-07-20 13:17 - 00001682 ____A C:\Users\User\Desktop\Microsoft Word 2010 - shortcut.lnk
2012-07-20 13:16 - 2012-07-20 13:16 - 00001682 ____A C:\Users\User\Desktop\Microsoft Outlook 2010 - Shortcut.lnk
2012-07-20 13:14 - 2012-07-20 13:14 - 00001636 ____A C:\Users\User\Desktop\Sid Meier's Civilization V - Shortcut.lnk
2012-07-20 12:51 - 2012-07-29 14:10 - 00000000 ____D C:\Users\User\AppData\Roaming\NVIDIA
2012-07-20 12:51 - 2012-07-20 12:52 - 00000000 ____D C:\Users\User\AppData\Roaming\MAXON
2012-07-20 12:27 - 2012-07-20 12:27 - 00112912 ____A C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2012-07-20 12:25 - 2012-07-20 12:25 - 00001690 ____A C:\Users\User\Desktop\The Elder Scrolls V Skyrim - Shortcut.lnk
2012-07-20 12:23 - 2012-07-20 12:23 - 00001698 ____A C:\Users\User\Desktop\Far Cry 2 - Shortcut.lnk
2012-07-20 12:20 - 2012-07-20 12:21 - 00003145 ____A C:\Users\User\Desktop\ArmA 2 Operation Arrowhead Beta Patch.lnk
2012-07-20 12:07 - 2012-07-20 12:07 - 00001909 ____A C:\Users\User\Desktop\Arma 2 Operation Arrowhead - Shortcut.lnk
2012-07-20 12:05 - 2012-07-20 12:05 - 00001667 ____A C:\Users\User\Desktop\Dragon Age 2 - Shortcut.lnk
2012-07-20 12:01 - 2012-07-20 12:01 - 00000000 ____D C:\Users\User\Documents\My Games
2012-07-20 12:01 - 2012-07-20 12:01 - 00000000 ____D C:\Users\User\Documents\BioWare
2012-07-20 11:59 - 2012-07-30 23:15 - 00000000 ____D C:\Users\User\AppData\Roaming\Xfire
2012-07-20 11:57 - 2012-07-28 21:19 - 00000000 ____D C:\Users\User\AppData\Roaming\Adobe
2012-07-20 11:57 - 2012-07-28 21:19 - 00000000 ____D C:\Users\User\AppData\Local\Adobe
2012-07-20 11:57 - 2012-07-20 14:39 - 00000000 ____D C:\Users\User\AppData\Local\TSVNCache
2012-07-20 11:57 - 2012-07-20 11:57 - 00000020 ___SH C:\Users\User\ntuser.ini
2012-07-20 11:57 - 2012-07-20 11:57 - 00000000 ___RD C:\Users\User\Podcasts
2012-07-20 11:57 - 2012-07-20 11:57 - 00000000 ____D C:\Users\User\AppData\Roaming\Subversion
2012-07-20 11:57 - 2012-07-20 11:57 - 00000000 ____D C:\Users\User\AppData\Roaming\Apple Computer
2012-07-20 11:57 - 2011-01-07 19:02 - 00000000 ____D C:\Users\User\AppData\Roaming\Macromedia
2012-07-19 18:48 - 2012-05-15 02:48 - 25743168 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
2012-07-19 18:48 - 2012-05-15 02:48 - 25248064 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2012-07-19 18:48 - 2012-05-15 02:48 - 19607872 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2012-07-19 18:48 - 2012-05-15 02:48 - 18044224 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
2012-07-19 18:48 - 2012-05-15 02:48 - 17551680 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2012-07-19 18:48 - 2012-05-15 02:48 - 15322432 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2012-07-19 18:48 - 2012-05-15 02:48 - 14298944 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2012-07-19 18:48 - 2012-05-15 02:48 - 08139072 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2012-07-19 18:48 - 2012-05-15 02:48 - 08105280 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2012-07-19 18:48 - 2012-05-15 02:48 - 05982528 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2012-07-19 18:48 - 2012-05-15 02:48 - 02881856 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2012-07-19 18:48 - 2012-05-15 02:48 - 02681664 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2012-07-19 18:48 - 2012-05-15 02:48 - 02524992 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2012-07-19 18:48 - 2012-05-15 02:48 - 02445120 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2012-07-19 18:48 - 2012-05-15 02:48 - 02368832 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2012-07-19 10:27 - 2012-07-30 20:00 - 00000342 ____A C:\Windows\Tasks\At49.job
2012-07-19 10:27 - 2012-07-30 19:00 - 00000342 ____A C:\Windows\Tasks\At48.job
2012-07-19 10:27 - 2012-07-30 18:00 - 00000342 ____A C:\Windows\Tasks\At47.job
2012-07-19 10:27 - 2012-07-30 17:00 - 00000342 ____A C:\Windows\Tasks\At46.job
2012-07-19 10:27 - 2012-07-30 16:00 - 00000342 ____A C:\Windows\Tasks\At45.job
2012-07-19 10:27 - 2012-07-30 15:00 - 00000342 ____A C:\Windows\Tasks\At44.job
2012-07-19 10:27 - 2012-07-30 14:00 - 00000342 ____A C:\Windows\Tasks\At43.job
2012-07-19 10:26 - 2012-07-31 00:00 - 00000342 ____A C:\Windows\Tasks\At29.job
2012-07-19 10:26 - 2012-07-30 23:00 - 00000342 ____A C:\Windows\Tasks\At28.job
2012-07-19 10:26 - 2012-07-30 22:00 - 00000342 ____A C:\Windows\Tasks\At27.job
2012-07-19 10:26 - 2012-07-30 21:44 - 00000342 ____A C:\Windows\Tasks\At26.job
2012-07-19 10:26 - 2012-07-29 13:00 - 00000342 ____A C:\Windows\Tasks\At42.job
2012-07-19 10:26 - 2012-07-29 12:00 - 00000342 ____A C:\Windows\Tasks\At41.job
2012-07-19 10:26 - 2012-07-29 10:00 - 00000342 ____A C:\Windows\Tasks\At39.job
2012-07-19 10:26 - 2012-07-29 09:00 - 00000342 ____A C:\Windows\Tasks\At38.job
2012-07-19 10:26 - 2012-07-29 01:00 - 00000342 ____A C:\Windows\Tasks\At30.job
2012-07-19 10:26 - 2012-07-27 02:00 - 00000342 ____A C:\Windows\Tasks\At31.job
2012-07-19 10:26 - 2012-07-26 11:00 - 00000342 ____A C:\Windows\Tasks\At40.job
2012-07-19 10:26 - 2012-07-20 08:00 - 00000342 ____A C:\Windows\Tasks\At37.job
2012-07-19 10:26 - 2012-07-20 07:00 - 00000342 ____A C:\Windows\Tasks\At36.job
2012-07-19 10:26 - 2012-07-20 06:00 - 00000342 ____A C:\Windows\Tasks\At35.job
2012-07-19 10:26 - 2012-07-20 05:00 - 00000342 ____A C:\Windows\Tasks\At34.job
2012-07-19 10:26 - 2012-07-20 04:00 - 00000342 ____A C:\Windows\Tasks\At33.job
2012-07-19 10:26 - 2012-07-20 03:00 - 00000342 ____A C:\Windows\Tasks\At32.job
2012-07-17 16:28 - 2012-07-24 21:27 - 00002573 ____A C:\Users\Public\Desktop\Six Updater.lnk
2012-07-17 16:28 - 2012-07-24 21:27 - 00002573 ____A C:\Users\Public\Desktop\Six Launcher.lnk
2012-07-14 16:24 - 2012-07-14 16:24 - 00000000 ____D C:\Program Files (x86)\SIX Projects
2012-07-14 15:25 - 2012-07-14 15:25 - 00001408 ____A C:\Users\UpdatusUser\Desktop\Launch ARMA 2 Operation Arrowhead.lnk
2012-07-11 00:07 - 2012-06-11 19:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-11 00:02 - 2012-06-02 04:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-11 00:02 - 2012-06-02 04:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-11 00:02 - 2012-06-02 04:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-11 00:02 - 2012-06-02 03:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-11 00:02 - 2012-06-02 03:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-11 00:02 - 2012-06-02 03:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-11 00:02 - 2012-06-02 03:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-11 00:02 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-07-11 00:02 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-07-11 00:02 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-07-11 00:02 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-07-11 00:02 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-07-11 00:02 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-07-11 00:01 - 2012-06-02 04:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-11 00:01 - 2012-06-02 04:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-11 00:01 - 2012-06-02 04:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-11 00:01 - 2012-06-02 04:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-11 00:01 - 2012-06-02 04:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-11 00:01 - 2012-06-02 04:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-11 00:01 - 2012-06-02 04:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-11 00:01 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-07-11 00:01 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-07-11 00:01 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-07-11 00:01 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-07-11 00:01 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-07-11 00:01 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-07-11 00:01 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-07-11 00:01 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-07-10 21:15 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-10 21:15 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-07-10 21:15 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-10 21:15 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-10 21:15 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-07-10 21:15 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-07-10 21:15 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-07-10 21:15 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-07-10 21:15 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-07-10 21:15 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-10 21:15 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-10 21:15 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-10 21:15 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-07-10 21:15 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-07-10 21:15 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-07-10 21:15 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-07-10 21:15 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2012-07-10 21:15 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2012-07-10 21:14 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-07-06 19:30 - 2012-07-06 19:06 - 03130440 ____A C:\Windows\SysWOW64\pbsvc_blr.exe

 

[unitdata]

============ 3 Months Modified Files ========================
2012-07-31 00:04 - 2012-04-24 23:21 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-31 00:04 - 2011-02-12 23:00 - 00068731 ____A C:\Windows\setupact.log
2012-07-31 00:04 - 2010-11-11 19:52 - 00218176 ____A C:\Windows\PFRO.log
2012-07-31 00:04 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-31 00:00 - 2012-07-19 10:26 - 00000342 ____A C:\Windows\Tasks\At29.job
2012-07-30 23:56 - 2012-04-02 22:31 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-30 23:31 - 2012-04-24 23:21 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-30 23:00 - 2012-07-19 10:26 - 00000342 ____A C:\Windows\Tasks\At28.job
2012-07-30 22:27 - 2010-11-11 19:26 - 02068357 ____A C:\Windows\WindowsUpdate.log
2012-07-30 22:06 - 2012-07-30 21:31 - 68845205 ____A C:\Users\User\Desktop\Lighting1.wmv
2012-07-30 22:00 - 2012-07-19 10:26 - 00000342 ____A C:\Windows\Tasks\At27.job
2012-07-30 21:44 - 2012-07-19 10:26 - 00000342 ____A C:\Windows\Tasks\At26.job
2012-07-30 21:24 - 2012-07-30 21:27 - 303055560 ____A C:\Users\User\Desktop\VIDEO0020.mp4
2012-07-30 20:00 - 2012-07-19 10:27 - 00000342 ____A C:\Windows\Tasks\At49.job
2012-07-30 19:04 - 2012-07-26 15:38 - 00001810 ____A C:\Users\User\Desktop\songs.txt
2012-07-30 19:00 - 2012-07-19 10:27 - 00000342 ____A C:\Windows\Tasks\At48.job
2012-07-30 18:00 - 2012-07-19 10:27 - 00000342 ____A C:\Windows\Tasks\At47.job
2012-07-30 17:00 - 2012-07-19 10:27 - 00000342 ____A C:\Windows\Tasks\At46.job
2012-07-30 16:34 - 2012-07-20 19:40 - 00000032 ____A C:\Users\User\jagex_cl_runescape_LIVE.dat
2012-07-30 16:00 - 2012-07-19 10:27 - 00000342 ____A C:\Windows\Tasks\At45.job
2012-07-30 15:00 - 2012-07-19 10:27 - 00000342 ____A C:\Windows\Tasks\At44.job
2012-07-30 14:00 - 2012-07-19 10:27 - 00000342 ____A C:\Windows\Tasks\At43.job
2012-07-30 13:26 - 2009-07-13 20:45 - 00014416 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-30 13:26 - 2009-07-13 20:45 - 00014416 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-29 14:10 - 2010-11-11 20:05 - 00495420 ____A C:\Windows\DirectX.log
2012-07-29 13:00 - 2012-07-19 10:26 - 00000342 ____A C:\Windows\Tasks\At42.job
2012-07-29 12:00 - 2012-07-19 10:26 - 00000342 ____A C:\Windows\Tasks\At41.job
2012-07-29 11:06 - 2012-07-29 11:06 - 00000020 ___SH C:\Users\Mcx2-STUDIO\ntuser.ini
2012-07-29 11:06 - 2010-11-13 11:02 - 00000258 _RASH C:\Users\All Users\ntuser.pol
2012-07-29 10:00 - 2012-07-19 10:26 - 00000342 ____A C:\Windows\Tasks\At39.job
2012-07-29 09:00 - 2012-07-19 10:26 - 00000342 ____A C:\Windows\Tasks\At38.job
2012-07-29 01:00 - 2012-07-19 10:26 - 00000342 ____A C:\Windows\Tasks\At30.job
2012-07-28 21:33 - 2012-07-28 21:33 - 00000132 ____A C:\Users\User\AppData\Roaming\Adobe PNG Format CS5 Prefs
2012-07-27 11:56 - 2012-04-02 22:31 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-27 11:56 - 2011-05-12 18:31 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-27 02:00 - 2012-07-19 10:26 - 00000342 ____A C:\Windows\Tasks\At31.job
2012-07-26 18:58 - 2012-07-26 18:58 - 00001098 ____A C:\Users\User\Desktop\Mount&Blade Warband.lnk
2012-07-26 18:58 - 2012-07-26 18:58 - 00001098 ____A C:\Users\UpdatusUser\Desktop\Mount&Blade Warband.lnk
2012-07-26 17:23 - 2012-07-26 17:23 - 00001243 ____A C:\Users\User\Desktop\DVDVideoSoft Free Studio.lnk
2012-07-26 16:44 - 2010-11-21 14:32 - 00001852 ____A C:\Users\Public\Desktop\Vuze.lnk
2012-07-26 11:00 - 2012-07-19 10:26 - 00000342 ____A C:\Windows\Tasks\At40.job
2012-07-25 15:14 - 2012-07-25 15:11 - 00001031 ____A C:\Users\User\Desktop\passwords.txt
2012-07-25 12:17 - 2012-06-05 18:23 - 00283304 ____A C:\Windows\SysWOW64\PnkBstrB.exe
2012-07-25 12:17 - 2010-11-14 21:16 - 00283304 ____A C:\Windows\SysWOW64\PnkBstrB.xtr
2012-07-25 12:12 - 2010-11-13 09:40 - 00280904 ____A C:\Windows\SysWOW64\PnkBstrB.ex0
2012-07-24 21:47 - 2009-07-13 21:13 - 00926400 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-24 21:27 - 2012-07-17 16:28 - 00002573 ____A C:\Users\Public\Desktop\Six Updater.lnk
2012-07-24 21:27 - 2012-07-17 16:28 - 00002573 ____A C:\Users\Public\Desktop\Six Launcher.lnk
2012-07-21 20:07 - 2011-05-12 16:28 - 00001334 ____A C:\rkill.log
2012-07-20 20:33 - 2010-11-12 06:29 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2012-07-20 19:41 - 2012-07-20 19:40 - 00000024 ____A C:\Users\User\jagexappletviewer.preferences
2012-07-20 18:21 - 2012-04-28 13:33 - 00002515 ____A C:\Users\Public\Desktop\Skype.lnk
2012-07-20 17:28 - 2012-07-20 17:28 - 00003584 ____A C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-07-20 13:35 - 2012-07-20 13:35 - 00002050 ____A C:\Users\User\Desktop\RuneScape.lnk
2012-07-20 13:25 - 2012-07-20 13:25 - 00001328 ____A C:\Users\User\Desktop\WinRAR - Shortcut.lnk
2012-07-20 13:17 - 2012-07-20 13:17 - 00001682 ____A C:\Users\User\Desktop\Microsoft Word 2010 - shortcut.lnk
2012-07-20 13:16 - 2012-07-20 13:16 - 00001682 ____A C:\Users\User\Desktop\Microsoft Outlook 2010 - Shortcut.lnk
2012-07-20 13:14 - 2012-07-20 13:14 - 00001636 ____A C:\Users\User\Desktop\Sid Meier's Civilization V - Shortcut.lnk
2012-07-20 12:27 - 2012-07-20 12:27 - 00112912 ____A C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2012-07-20 12:25 - 2012-07-20 12:25 - 00001690 ____A C:\Users\User\Desktop\The Elder Scrolls V Skyrim - Shortcut.lnk
2012-07-20 12:23 - 2012-07-20 12:23 - 00001698 ____A C:\Users\User\Desktop\Far Cry 2 - Shortcut.lnk
2012-07-20 12:21 - 2012-07-20 12:20 - 00003145 ____A C:\Users\User\Desktop\ArmA 2 Operation Arrowhead Beta Patch.lnk
2012-07-20 12:07 - 2012-07-20 12:07 - 00001909 ____A C:\Users\User\Desktop\Arma 2 Operation Arrowhead - Shortcut.lnk
2012-07-20 12:05 - 2012-07-20 12:05 - 00001667 ____A C:\Users\User\Desktop\Dragon Age 2 - Shortcut.lnk
2012-07-20 11:57 - 2012-07-20 11:57 - 00000020 ___SH C:\Users\User\ntuser.ini
2012-07-20 08:00 - 2012-07-19 10:26 - 00000342 ____A C:\Windows\Tasks\At37.job
2012-07-20 07:00 - 2012-07-19 10:26 - 00000342 ____A C:\Windows\Tasks\At36.job
2012-07-20 06:00 - 2012-07-19 10:26 - 00000342 ____A C:\Windows\Tasks\At35.job
2012-07-20 05:00 - 2012-07-19 10:26 - 00000342 ____A C:\Windows\Tasks\At34.job
2012-07-20 04:00 - 2012-07-19 10:26 - 00000342 ____A C:\Windows\Tasks\At33.job
2012-07-20 03:00 - 2012-07-19 10:26 - 00000342 ____A C:\Windows\Tasks\At32.job
2012-07-19 11:17 - 2009-07-13 21:08 - 00032622 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-07-19 08:50 - 2012-03-14 21:14 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-14 15:25 - 2012-07-14 15:25 - 00001408 ____A C:\Users\UpdatusUser\Desktop\Launch ARMA 2 Operation Arrowhead.lnk
2012-07-12 14:13 - 2012-07-26 17:20 - 00405144 ____A (Newtonsoft) C:\Windows\SysWOW64\Newtonsoft.Json.Net20.dll
2012-07-11 10:36 - 2009-07-13 20:45 - 04982560 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-11 00:02 - 2010-11-11 20:04 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-06 19:34 - 2010-11-13 09:40 - 00076888 ____A C:\Windows\SysWOW64\PnkBstrA.exe
2012-07-06 19:06 - 2012-07-06 19:30 - 03130440 ____A C:\Windows\SysWOW64\pbsvc_blr.exe
2012-07-03 10:46 - 2011-05-12 16:31 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-03 08:21 - 2012-03-14 21:26 - 00054072 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2012-07-03 08:21 - 2011-03-14 06:58 - 00958400 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2012-07-03 08:21 - 2011-01-16 08:46 - 00285328 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-07-03 08:21 - 2010-11-12 06:29 - 00355856 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2012-07-03 08:21 - 2010-11-12 06:29 - 00071064 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2012-07-03 08:21 - 2010-11-12 06:29 - 00059728 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2012-07-03 08:21 - 2010-11-12 06:29 - 00025232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2012-07-03 08:21 - 2010-11-12 06:28 - 00227648 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe
2012-07-03 08:21 - 2010-11-12 06:28 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr
2012-06-18 19:46 - 2012-06-18 19:42 - 00000529 ____A C:\Windows\eReg.dat
2012-06-11 19:08 - 2012-07-11 00:07 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-08 21:43 - 2012-07-10 21:15 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 20:41 - 2012-07-10 21:15 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-05 22:06 - 2012-07-10 21:15 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 22:06 - 2012-07-10 21:15 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 22:02 - 2012-07-10 21:14 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-05 21:05 - 2012-07-10 21:15 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 21:05 - 2012-07-10 21:15 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-05 21:03 - 2012-07-10 21:15 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-06-04 23:59 - 2011-06-07 16:35 - 00008191 ____A C:\Windows\IE9_main.log
2012-06-04 23:57 - 2012-06-04 23:57 - 03695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2012-06-04 23:57 - 2012-06-04 23:57 - 03695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-06-04 23:57 - 2012-06-04 23:57 - 00697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-06-04 23:57 - 2012-06-04 23:57 - 00603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-06-04 23:57 - 2012-06-04 23:57 - 00580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-06-04 23:57 - 2012-06-04 23:57 - 00534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-06-04 23:57 - 2012-06-04 23:57 - 00452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-06-04 23:57 - 2012-06-04 23:57 - 00448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-06-04 23:57 - 2012-06-04 23:57 - 00434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2012-06-04 23:57 - 2012-06-04 23:57 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-06-04 23:57 - 2012-06-04 23:57 - 00403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-06-04 23:57 - 2012-06-04 23:57 - 00367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-06-04 23:57 - 2012-06-04 23:57 - 00353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2012-06-04 23:57 - 2012-06-04 23:57 - 00353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-06-04 23:57 - 2012-06-04 23:57 - 00282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-06-04 23:57 - 2012-06-04 23:57 - 00267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-06-04 23:57 - 2012-06-04 23:57 - 00249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-06-04 23:57 - 2012-06-04 23:57 - 00227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2012-06-04 23:57 - 2012-06-04 23:57 - 00223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2012-06-04 23:57 - 2012-06-04 23:57 - 00222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-06-04 23:57 - 2012-06-04 23:57 - 00203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2012-06-04 23:57 - 2012-06-04 23:57 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-06-04 23:57 - 2012-06-04 23:57 - 00165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-06-04 23:57 - 2012-06-04 23:57 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2012-06-04 23:57 - 2012-06-04 23:57 - 00163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-06-04 23:57 - 2012-06-04 23:57 - 00162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2012-06-04 23:57 - 2012-06-04 23:57 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2012-06-04 23:57 - 2012-06-04 23:57 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-06-04 23:57 - 2012-06-04 23:57 - 00160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-06-04 23:57 - 2012-06-04 23:57 - 00152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2012-06-04 23:57 - 2012-06-04 23:57 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2012-06-04 23:57 - 2012-06-04 23:57 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-06-04 23:57 - 2012-06-04 23:57 - 00145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-06-04 23:57 - 2012-06-04 23:57 - 00135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-06-04 23:57 - 2012-06-04 23:57 - 00130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2012-06-04 23:57 - 2012-06-04 23:57 - 00123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2012-06-04 23:57 - 2012-06-04 23:57 - 00118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-06-04 23:57 - 2012-06-04 23:57 - 00114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-06-04 23:57 - 2012-06-04 23:57 - 00111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-06-04 23:57 - 2012-06-04 23:57 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2012-06-04 23:57 - 2012-06-04 23:57 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-06-04 23:57 - 2012-06-04 23:57 - 00101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2012-06-04 23:57 - 2012-06-04 23:57 - 00091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-06-04 23:57 - 2012-06-04 23:57 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-06-04 23:57 - 2012-06-04 23:57 - 00089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-06-04 23:57 - 2012-06-04 23:57 - 00086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2012-06-04 23:57 - 2012-06-04 23:57 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-06-04 23:57 - 2012-06-04 23:57 - 00082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-06-04 23:57 - 2012-06-04 23:57 - 00078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2012-06-04 23:57 - 2012-06-04 23:57 - 00076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2012-06-04 23:57 - 2012-06-04 23:57 - 00076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-06-04 23:57 - 2012-06-04 23:57 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2012-06-04 23:57 - 2012-06-04 23:57 - 00074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2012-06-04 23:57 - 2012-06-04 23:57 - 00074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2012-06-04 23:57 - 2012-06-04 23:57 - 00066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2012-06-04 23:57 - 2012-06-04 23:57 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-06-04 23:57 - 2012-06-04 23:57 - 00063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2012-06-04 23:57 - 2012-06-04 23:57 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-06-04 23:57 - 2012-06-04 23:57 - 00054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2012-06-04 23:57 - 2012-06-04 23:57 - 00049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-06-04 23:57 - 2012-06-04 23:57 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2012-06-04 23:57 - 2012-06-04 23:57 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-06-04 23:57 - 2012-06-04 23:57 - 00041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-06-04 23:57 - 2012-06-04 23:57 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-06-04 23:57 - 2012-06-04 23:57 - 00035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2012-06-04 23:57 - 2012-06-04 23:57 - 00031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2012-06-04 23:57 - 2012-06-04 23:57 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-06-04 23:57 - 2012-06-04 23:57 - 00023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-06-04 23:57 - 2012-06-04 23:57 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-06-04 23:57 - 2012-06-04 23:57 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2012-06-04 23:57 - 2012-06-04 23:57 - 00010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-06-04 23:57 - 2012-06-04 23:57 - 00010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-06-02 14:19 - 2012-06-21 11:25 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-21 11:25 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-21 11:25 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-21 11:24 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-21 11:24 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-21 11:25 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-21 11:24 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 12:19 - 2012-06-21 11:23 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 12:15 - 2012-06-21 11:23 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 04:49 - 2012-07-11 00:01 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 04:17 - 2012-07-11 00:01 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 04:12 - 2012-07-11 00:01 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 04:05 - 2012-07-11 00:02 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 04:05 - 2012-07-11 00:01 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 04:04 - 2012-07-11 00:02 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 04:04 - 2012-07-11 00:01 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 04:03 - 2012-07-11 00:01 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 04:01 - 2012-07-11 00:02 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 04:00 - 2012-07-11 00:01 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 03:59 - 2012-07-11 00:02 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 03:57 - 2012-07-11 00:02 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 03:57 - 2012-07-11 00:02 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 03:54 - 2012-07-11 00:02 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-02 01:07 - 2012-07-11 00:01 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-02 00:43 - 2012-07-11 00:01 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-02 00:33 - 2012-07-11 00:01 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-02 00:26 - 2012-07-11 00:02 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-02 00:25 - 2012-07-11 00:01 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-02 00:25 - 2012-07-11 00:01 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-02 00:23 - 2012-07-11 00:02 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-02 00:21 - 2012-07-11 00:01 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-02 00:20 - 2012-07-11 00:01 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-02 00:19 - 2012-07-11 00:02 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-02 00:19 - 2012-07-11 00:01 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-02 00:17 - 2012-07-11 00:02 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-02 00:16 - 2012-07-11 00:02 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-02 00:14 - 2012-07-11 00:02 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-01 21:50 - 2012-07-10 21:15 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 21:48 - 2012-07-10 21:15 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 21:48 - 2012-07-10 21:15 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 21:45 - 2012-07-10 21:15 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 21:44 - 2012-07-10 21:15 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 20:40 - 2012-07-10 21:15 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 20:40 - 2012-07-10 21:15 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 20:39 - 2012-07-10 21:15 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-01 20:34 - 2012-07-10 21:15 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-05-31 09:25 - 2010-11-11 19:43 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-05-15 02:48 - 2012-07-19 18:48 - 25743168 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
2012-05-15 02:48 - 2012-07-19 18:48 - 25248064 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2012-05-15 02:48 - 2012-07-19 18:48 - 19607872 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2012-05-15 02:48 - 2012-07-19 18:48 - 18044224 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
2012-05-15 02:48 - 2012-07-19 18:48 - 17551680 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2012-05-15 02:48 - 2012-07-19 18:48 - 15322432 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2012-05-15 02:48 - 2012-07-19 18:48 - 14298944 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2012-05-15 02:48 - 2012-07-19 18:48 - 08139072 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2012-05-15 02:48 - 2012-07-19 18:48 - 08105280 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2012-05-15 02:48 - 2012-07-19 18:48 - 05982528 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2012-05-15 02:48 - 2012-07-19 18:48 - 02881856 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll
2012-05-15 02:48 - 2012-07-19 18:48 - 02681664 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2012-05-15 02:48 - 2012-07-19 18:48 - 02524992 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2012-05-15 02:48 - 2012-07-19 18:48 - 02445120 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2012-05-15 02:48 - 2012-07-19 18:48 - 02368832 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2012-05-15 02:48 - 2012-02-21 20:52 - 00068928 ____A (Khronos Group) C:\Windows\System32\OpenCL.dll
2012-05-15 02:48 - 2012-02-21 20:52 - 00061248 ____A (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2012-05-15 02:48 - 2011-09-27 16:55 - 01738048 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco64.dll
2012-05-15 02:48 - 2011-09-27 16:55 - 01468224 ____A (NVIDIA Corporation) C:\Windows\System32\nvgenco64.dll
2012-05-15 02:48 - 2010-11-11 19:34 - 02741568 ____A (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll
2012-05-15 02:48 - 2010-11-11 19:34 - 00014324 ____A C:\Windows\System32\nvinfo.pb
2012-05-15 02:48 - 2009-07-13 13:59 - 10194752 ____A (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll
2012-05-15 01:29 - 2011-04-07 20:19 - 03149632 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll
2012-05-15 01:29 - 2011-04-07 20:19 - 00889664 ____A (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
2012-05-15 01:29 - 2011-04-07 20:19 - 00118080 ____A (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
2012-05-15 01:29 - 2010-10-16 11:13 - 00063296 ____A (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
2012-05-15 01:28 - 2011-04-07 20:19 - 06151488 ____A (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
2012-05-14 23:21 - 2012-05-14 23:21 - 00423744 ____A C:\Windows\SysWOW64\nvStreaming.exe
2012-05-04 03:06 - 2012-06-13 19:41 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 02:03 - 2012-06-13 19:41 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 02:03 - 2012-06-13 19:41 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

 

[unitdata]

ZeroAccess:
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\@
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\L
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\L\00000004.@
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\00000008.@
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\000000cb.@
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\80000064.@
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz10EB.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz11A6.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz1281.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz13E7.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz15EB.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz15EF.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz1659.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz1717.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz1767.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz178B.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz17B6.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz186F.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz18CE.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz1913.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz19D2.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz1A5C.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz1AA4.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz1ADF.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz1C6.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz1FC1.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz2078.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz20C3.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz2149.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz249C.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz263.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz2670.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz2836.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz28E4.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz28EF.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz2AB5.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz2B03.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz2B33.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz2CD.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz2D07.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz2ED8.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz2FF2.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz300.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz3030.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz3032.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz304.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz30B4.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz310B.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz310C.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz311B.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz3123.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz3179.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz31C7.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz31C8.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz324C.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz328B.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz36DA.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz3764.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz3784.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz3869.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz38ED.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz3916.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz3934.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz393C.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz396.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz39AE.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz3B2F.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz3B4F.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz3B54.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz3C20.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz3D81.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz3E72.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz447E.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz454A.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz4580.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz458A.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz45A9.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz4625.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz474F.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz4E27.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz4E9E.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz4F12.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz4F71.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz4FE6.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz5074.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz5128.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz53E7.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz544F.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz55AF.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz55C7.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz55F6.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz57C8.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz5830.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz5855.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz591B.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz5CC5.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz5D51.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz5D5B.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz5E5F.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz5E72.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz5E8A.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz5EB.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz5F17.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz5F4F.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz5FB.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz601D.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz603D.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz6097.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz6221.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz6271.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz62DE.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz6392.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz6446.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz656E.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz66BC.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz66C6.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz66FF.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz67AB.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz680A.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz689E.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz68B1.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz69CE.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz69E3.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz6AB3.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz6AC9.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz6B90.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz6BF7.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz6E01.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz6E2B.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz6E91.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz6F3D.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz6FD9.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz707A.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz7149.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz7260.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz7261.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz73B7.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz7409.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz7419.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz7437.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz7449.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz7483.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz74D2.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz7556.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz7576.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz75CE.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz75EE.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz75FE.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz7669.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz7706.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz7765.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz7766.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz77FC.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz782.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz784F.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz797.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz7A37.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz7B03.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz7B2.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz7B33.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz7B48.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz7B52.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz7B68.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz7B75.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz7CC9.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz7D25.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz7D35.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz7E7E.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz7E9E.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz7ECD.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz7F4A.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz8057.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz8207.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz822E.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz82FA.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz8396.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz84B0.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz84FF.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz86DD.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz87CA.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz8848.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz8853.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz88B2.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz88CD.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz88E2.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz8904.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz89AF.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz89E7.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz8B8A.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz8C0A.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz8FA7.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz9243.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz92C8.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz92D3.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz930A.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz94C8.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz9646.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz9783.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz97C5.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz97FB.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz98C0.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz991F.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz9924.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz9B5.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz9C9.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz9D9C.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz9E1.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz9E6C.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz9F33.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trz9FCB.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzA100.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzA28.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzA5DF.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzA874.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzA893.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzA972.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzA9FB.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzAA7F.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzAA89.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzAA8D.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzAB75.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzAC0D.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzAC2D.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzAC71.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzACDF.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzAD3E.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzB0E0.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzB11B.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzB183.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzB24A.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzB253.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzB2AA.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzB31A.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzB355.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzB3A1.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzB3E9.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzB405.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzB419.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzB520.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzB671.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzB6C4.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzB718.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzB7C8.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzB84C.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzB90.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzB976.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzB9BE.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzBB2A.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzBBBB.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzBC2D.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzBC39.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzBC41.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzBE13.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzBE2F.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzC021.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzC19C.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzC1D8.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzC40A.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzC5C2.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzC5D4.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzC5DD.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzC64D.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzC65F.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzC6B8.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzC6C.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzC6F8.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzC70E.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzC8B4.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzC8D5.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzC8E9.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzCA0.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzCAD8.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzCB2B.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzCD07.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzCE1B.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzCE40.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzCE41.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzCE6A.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzCECB.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzCF17.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzCFD2.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzD011.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzD060.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzD0BF.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzD16.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzD1A0.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzD1C0.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzD212.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzD224.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzD245.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzD25D.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzD2D.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzD2D0.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzD32E.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzD35D.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzD3E7.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzD3F8.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzD532.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzD562.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzD566.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzD67A.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzD75.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzD815.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzD900.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzD90A.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzD93F.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzDA86.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzDE39.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzDE93.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzDFC0.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzE00B.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzE182.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzE208.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzE285.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzE2A6.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzE4A9.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzE4B.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzE5D.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzE5F1.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzE5F2.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzE6F6.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzE716.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzE7FC.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzE958.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzE978.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzEC37.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzED23.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzEF4D.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzF0C4.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzF124.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzF1AF.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzF1CE.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzF27C.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzF29C.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzF39A.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzF495.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzF532.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzF880.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzFA32.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzFB1.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzFB67.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzFBE1.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzFC4.tmp
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}\U\trzFD5.tmp

 

[unitdata]

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini
ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini
========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
========================= Memory info ======================
Percentage of memory in use: 21%
Total physical RAM: 4095.18 MB
Available physical RAM: 3222.78 MB
Total Pagefile: 4093.33 MB
Available Pagefile: 3216.21 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB
======================= Partitions =========================
1 Drive c: () (Fixed) (Total:465.66 GB) (Free:168.21 GB) NTFS
7 Drive j: (CRUZER) (Removable) (Total:7.5 GB) (Free:7.34 GB) FAT32
9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
10 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B
Disk 5 Online 7691 MB 0 B
Disk 6 No Media 0 B 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 465 GB 101 MB
==================================================================================
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy
==================================================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 465 GB Healthy
==================================================================================
Partitions of Disk 5:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
* Partition 1 Primary 7691 MB 0 B
==================================================================================
Disk: 5
There is no partition selected.
There is no partition selected.
Please select a partition and try again.
==================================================================================
==========================================================
Last Boot: 2012-07-29 11:38
======================= End Of Log ==========================

 

[Jay Pfoutz]

FRST64 Fixlist

Please run the following:

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
HKU\Account\...\Policies\system: [LogonHoursAction] 2
HKU\Account\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Replace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\Windows\System32\services.exe
C:\Windows\Tasks\at*.job
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84}
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now, please enter System Recovery Options then select Command Prompt.

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Now restart, let it boot normally and tell me how it went.

 

[unitdata]

Third times the charm.

fixlog.txt:

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 20-07-2012 01
Ran by SYSTEM at 2012-07-31 06:15:12 Run:3
Running from J:\
==============================================
HKEY_USERS\Account\Software\Microsoft\Windows\CurrentVersion\Policies\system\\LogonHoursAction Value deleted successfully.
HKEY_USERS\Account\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DontDisplayLogonHoursWarnings Value deleted successfully.
C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe
C:\Windows\Tasks\at*.job moved successfully.
C:\Windows\Installer\{1b19bc6b-0bfd-a29d-f286-225a04e8de84} moved successfully.
C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.
==== End of Fixlog ====

 

[Jay Pfoutz]

Back to Normal Mode...

ComboFix

Please download ComboFix

by sUBs
From BleepingComputer.com

Please save the file to your Desktop, but rename it first to svchost.exe

Important information about ComboFix

Before the download:

• Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
• It is important to rename ComboFix before the download.
• Please do not rename ComboFix to other names, but only the one indicated.

After the download:

• Close any open browsers.
• Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
• If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.

Running ComboFix:

• Double click on svchost.exe & follow the prompts.
• It will attempt to install the Recovery Console:

• When ComboFix finishes, it will produce a report for you.
• Please post the "C:\Combo-Fix.txt" in your next reply.

Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.