eg303

Computer booted up normally, running Malwarebytes Anti-Rootkit now. Again, thank you so much Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-06-2013 02 Ran by SYSTEM at 2013-07-06 15:38:19 Run:2 Running from F:\ Boot Mode: Recovery ============================================== HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\GrpConv => Value deleted successfully. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\Malwarebytes Anti-Malware (cleanup) => Value deleted successfully. C:\Users\Ed Greenslade\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk => Moved successfully. ShortcutTarget: regmonstd.lnk ->(Microsoft Corporation) not found. HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck => Value deleted successfully. HKLM\Software\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED} => Key not found. HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\SSODL-x32: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No File => Value not found. HKLM\Software\Wow6432Node\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED} => Key not found. C:\ProgramData\yamyfrjfqokbmciyuyu.bat => Moved successfully. C:\ProgramData\yamyfrjfqokbmciyuyu.reg => Moved successfully. C:\Users\EDGREE~1\AppData\Local\Temp\uyuyicmbkoqfjrfymay.bfg => Moved successfully. C:\Users\Ed Greenslade\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk => File/Directory not found. ==== End of Fixlog ====

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-06-2013 02 (ATTENTION: FRST version is 35 days old) Ran by SYSTEM on 06-07-2013 12:53:56 Running from F:\ Windows 7 Home Premium (X64) OS Language: English(US) Internet Explorer Version 9 Boot Mode: Recovery The current controlset is ControlSet001 ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log. ==================== Registry (Whitelisted) ================== HKLM\...\Run: [igfxTray] DOWS\SYSTEM32\IGFXTRAY.EXE [x] HKLM\...\Run: [HotKeysCmds] DOWS\SYSTEM32\HKCMD.EXE [x] HKLM\...\Run: [Persistence] DOWS\SYSTEM32\IGFXPERS.EXE [x] HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11465832 2010-09-14] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3 [2122344 2010-09-14] (Realtek Semiconductor) HKLM\...\Run: [synTPEnh] H.EXE [x] HKLM\...\Run: [TpShocks] DOWS\SYSTEM32\TPSHOCKS.EXE [x] HKLM\...\Run: [EnergyUtility] T\UTILITY.EXE [x] HKLM\...\Run: [Energy Management] T.EXE [x] HKLM\...\Runonce: [GrpConv] grpconv -o [x] HKLM-x32\...\Runonce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [x] HKLM-x32\...\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation) HKLM-x32\...\Run: [332BigDog] C:\Program Files (x86)\USB Camera2\VM332_STI.EXE [536576 2010-01-19] (Vimicro) HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1486392 2011-04-05] (McAfee, Inc.) HKLM-x32\...\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [3122528 2011-04-04] (Lenovo) HKLM-x32\...\Run: [uCam_Menu] "C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0" [222504 2009-05-19] (CyberLink Corp.) HKLM-x32\...\Run: [YouCam Mirror Tray icon] "C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s [171104 2010-06-30] (CyberLink Corp.) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [] [x] HKLM-x32\...\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [887976 2011-08-23] (Ask) HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [3524536 2012-07-15] (Samsung Electronics Co., Ltd.) HKU\Ed Greenslade\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation) HKU\Ed Greenslade\...\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup [x] HKU\Ed Greenslade\...\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [21432 2012-07-15] () HKU\Ed Greenslade\...\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload [975800 2012-07-15] (Samsung) HKU\Ed Greenslade\...\Run: [spotify Web Helper] "C:\Users\Ed Greenslade\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1104384 2013-07-05] (Spotify Ltd) HKU\Ed Greenslade\...\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18678376 2013-04-19] (Skype Technologies S.A.) HKU\Ed Greenslade\...\Run: [spotify] "C:\Users\Ed Greenslade\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart [4640768 2013-07-05] (Spotify Ltd) Startup: C:\ProgramData\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\Users\Ed Greenslade\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\Ed Greenslade\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk ShortcutTarget: regmonstd.lnk -> C:\Users\EDGREE~1\AppData\Local\Temp\uyuyicmbkoqfjrfymay.bfg (Microsoft Corporation) Startup: C:\Users\Ed Greenslade\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TimeLeft.lnk ShortcutTarget: TimeLeft.lnk -> C:\Program Files (x86)\TimeLeft3\TimeLeft.exe (NesterSoft Inc.) SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No File SSODL-x32: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No File ==================== Services (Whitelisted) ================= S2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [903456 2010-04-20] (Broadcom Corporation.) S2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.) S2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.) S2 mcmscsvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.) S2 McNaiAnn; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.) S2 McNASvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.) S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [509416 2010-10-07] (McAfee, Inc.) S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.) S2 McProxy; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.) S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [200056 2011-04-14] (McAfee, Inc.) S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [245352 2011-04-14] (McAfee, Inc.) S2 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [149032 2011-04-14] (McAfee, Inc.) S2 SpyHunter 4 Service; C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [1025408 2013-05-07] (Enigma Software Group USA, LLC.) ==================== Drivers (Whitelisted) ==================== S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [63056 2011-04-14] (McAfee, Inc.) S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] () S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [121376 2011-04-14] (McAfee, Inc.) S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [190520 2011-04-14] (McAfee, Inc.) S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [441840 2011-04-14] (McAfee, Inc.) S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [530304 2011-04-14] (McAfee, Inc.) S1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [75160 2011-04-14] (McAfee, Inc.) S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [94992 2011-04-14] (McAfee, Inc.) S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [283744 2011-04-14] (McAfee, Inc.) S3 ssudobex; C:\Windows\System32\DRIVERS\ssudobex.sys [203320 2012-05-20] (DEVGURU Co., LTD.(www.devguru.co.kr)) S3 BcmSqlStartupSvc; S3 IGRS; S2 IviRegMgr; S4 mbamswissarmy; \??\C:\windows\system32\drivers\mbamswissarmy.sys [x] S2 ReadyComm.DirectRouter; S2 RichVideo; S3 SQLWriter; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-07-06 03:03 - 2013-07-06 03:03 - 00000000 ____D C:\Users\Ed Greenslade\Downloads\mbar-1.06.0.1004 2013-07-06 03:01 - 2013-07-06 03:01 - 13399154 ____A C:\Users\Ed Greenslade\Downloads\mbar-1.06.0.1004.zip 2013-07-06 02:35 - 2013-07-06 02:35 - 00000165 ____A C:\ProgramData\yamyfrjfqokbmciyuyu.reg 2013-07-06 02:35 - 2013-07-06 02:35 - 00000070 ____A C:\ProgramData\yamyfrjfqokbmciyuyu.bat 2013-07-05 15:13 - 2013-07-05 15:14 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{11E69CC1-D6C2-4A92-8ADA-2A92035CCAE2} 2013-07-05 03:13 - 2013-07-05 03:13 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{7F9C033D-FC6C-4720-824E-DB7C71AE7844} 2013-07-04 03:12 - 2013-07-04 15:13 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{AB110009-74F7-4B40-90E2-C9D58E99D926} 2013-07-03 08:23 - 2013-07-04 06:42 - 00011890 ____A C:\Users\Ed Greenslade\Documents\Battle of the Goldroad.xlsx 2013-07-03 00:55 - 2013-07-03 00:55 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{0B591B3E-EF44-45EE-A8E4-3C3A26154D57} 2013-07-02 05:46 - 2013-07-02 05:51 - 00013614 ____A C:\Users\Ed Greenslade\Documents\Army of King's Landing under Queen Rhaenyra.xlsx 2013-07-02 03:38 - 2013-07-02 03:38 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{EECD98DE-3628-4708-A6CC-60D02BE1B717} 2013-07-01 15:38 - 2013-07-01 15:38 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{8ADC0B9D-A6B1-44CC-8F7F-36AE89F19C30} 2013-07-01 03:37 - 2013-07-01 03:38 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{DDBF11DA-B37F-41C3-B8B6-3ADA58388916} 2013-06-30 15:37 - 2013-06-30 15:37 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{A287BE2C-C528-46A0-8F5A-E7A6765B4497} 2013-06-30 03:37 - 2013-06-30 03:37 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{5293C3A3-DFF2-4D4F-BE8C-325CE07179BD} 2013-06-29 15:36 - 2013-06-29 15:36 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{0E833867-E945-43B1-8C0D-CD1FDF9AB813} 2013-06-29 03:22 - 2013-06-29 03:22 - 00011339 ____A C:\Users\Ed Greenslade\Documents\The North has suffered.xlsx 2013-06-29 03:03 - 2013-06-29 03:03 - 00886000 ____A C:\Users\Ed Greenslade\Documents\Brown.pptx 2013-06-29 01:44 - 2013-06-29 01:44 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{B7546FE9-50BC-4C54-A3C0-6FF57D8C7F2B} 2013-06-28 13:43 - 2013-06-28 13:43 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{A77083AE-88B0-4384-A8FD-89CD6FB5D2D5} 2013-06-28 03:09 - 2013-07-04 06:53 - 00012989 ____A C:\Users\Ed Greenslade\Documents\The Ongoing Dance of the Dragons.xlsx 2013-06-28 02:06 - 2013-07-04 07:14 - 00014898 ____A C:\Users\Ed Greenslade\Documents\Battles of the Dance of the Dragons.xlsx 2013-06-28 01:43 - 2013-06-28 01:43 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{3C59EE9C-2D19-4F37-842D-B54E0B0A1D91} 2013-06-27 13:42 - 2013-06-27 13:43 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{A99C3003-E3F2-48F2-8B4A-46A8E03DA66F} 2013-06-27 10:13 - 2013-07-04 08:46 - 00022423 ____A C:\Users\Ed Greenslade\Documents\Dance of the Dragons characters.xlsx 2013-06-27 01:42 - 2013-06-27 01:42 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{0B82D516-E6A2-428A-BC59-FA52076643C2} 2013-06-26 04:03 - 2013-06-26 04:03 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{6B4FBA49-ED86-4C2C-BA3F-88C37F6BA26C} 2013-06-25 03:31 - 2013-06-25 03:31 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{F87EA818-780D-43E9-85C7-6B8A711A6C8F} 2013-06-24 14:28 - 2013-06-24 14:29 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{FD49AE58-9436-49C4-AC83-00E5B353FC80} 2013-06-22 05:29 - 2013-06-22 05:29 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{04E3F5C1-35C1-4828-909E-DB30A1A94F89} 2013-06-21 05:00 - 2013-06-21 05:00 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Roaming\Windows Live Writer 2013-06-21 05:00 - 2013-06-21 05:00 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\Windows Live Writer 2013-06-21 02:35 - 2013-06-21 02:35 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{32138C49-4012-46A4-9834-D29999C416EB} 2013-06-20 05:21 - 2013-07-04 07:17 - 01559204 ____A C:\Users\Ed Greenslade\Documents\The Dance of the Dragons map.pptx 2013-06-20 02:51 - 2013-06-20 02:51 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{7EBEB5B0-9385-4E83-830D-8D447C5707B2} 2013-06-18 07:28 - 2013-07-04 07:54 - 00028359 ____A C:\Users\Ed Greenslade\Documents\The Dance of the Dragons.xlsx 2013-06-18 06:18 - 2013-06-18 06:41 - 01484911 ____A C:\Users\Ed Greenslade\Documents\Robert's Rebellion.pptx 2013-06-18 05:19 - 2013-06-18 05:19 - 01439574 ____A C:\Users\Ed Greenslade\Documents\Red Lake Rebellion.pptx 2013-06-18 04:43 - 2013-06-18 04:53 - 00048420 ____A C:\Users\Ed Greenslade\Documents\Trident.pptx 2013-06-18 04:43 - 2013-06-18 04:43 - 00014674 ____A C:\Users\Ed Greenslade\Documents\Battle of the Trident.xlsx 2013-06-18 03:05 - 2013-06-18 03:05 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{76A0617E-E2AC-4ADA-A265-D4A2CC403A44} 2013-06-17 16:17 - 2013-06-08 06:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-06-17 16:17 - 2013-06-08 06:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-06-17 16:17 - 2013-06-08 06:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-06-17 16:17 - 2013-06-08 06:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-06-17 16:17 - 2013-06-08 06:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-06-17 16:17 - 2013-06-08 04:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-06-17 16:17 - 2013-06-08 03:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-06-17 16:17 - 2013-06-08 03:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-06-17 16:17 - 2013-06-08 03:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-06-17 16:17 - 2013-06-08 03:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-06-17 16:17 - 2013-06-08 03:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-06-17 16:17 - 2013-06-08 03:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-06-17 06:47 - 2013-06-17 06:48 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{89D6F479-FC57-415C-8D34-82470AC1882B} 2013-06-14 14:13 - 2013-06-14 14:13 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{1ECEE421-9ABF-4274-87FF-B85281A175F2} 2013-06-14 02:13 - 2013-06-14 02:13 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{EB528CAB-CFF4-4777-8EA5-A8983B17845C} 2013-06-13 14:12 - 2013-06-13 14:12 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{9BD6A6ED-B898-4740-84F4-F9A5979C1D59} 2013-06-13 07:00 - 2013-06-13 07:00 - 00012098 ____A C:\Users\Ed Greenslade\Documents\War for Westeros.xlsx 2013-06-13 06:47 - 2013-06-13 06:59 - 01776573 ____A C:\Users\Ed Greenslade\Documents\War for Westeros 5 BC.pptx 2013-06-13 02:12 - 2013-06-13 02:12 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{DB520329-E5C7-45E7-8974-C8F26954ED1F} 2013-06-12 06:56 - 2013-06-12 06:56 - 00361118 ____A C:\Users\Ed Greenslade\Documents\280 AL Conflict.pptx 2013-06-12 03:41 - 2013-06-12 03:41 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{E3D7FA79-FE17-43AE-BAB7-485033FEB4A7} 2013-06-11 23:24 - 2013-05-16 17:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-06-11 23:24 - 2013-05-16 17:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-06-11 23:24 - 2013-05-16 17:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-06-11 23:24 - 2013-05-16 17:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-06-11 23:24 - 2013-05-16 17:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-06-11 23:24 - 2013-05-16 17:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-06-11 23:24 - 2013-05-16 17:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-06-11 23:24 - 2013-05-16 17:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-06-11 23:24 - 2013-05-16 16:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-06-11 23:24 - 2013-05-16 16:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2013-06-11 23:24 - 2013-05-16 16:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-06-11 23:24 - 2013-05-16 16:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-06-11 23:24 - 2013-05-16 16:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-06-11 23:24 - 2013-05-16 16:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll 2013-06-11 23:24 - 2013-05-16 16:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2013-06-11 23:24 - 2013-05-16 16:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-06-11 23:24 - 2013-05-16 16:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2013-06-11 23:24 - 2013-05-14 04:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe 2013-06-11 23:24 - 2013-05-14 00:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-06-11 22:51 - 2013-05-09 21:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll 2013-06-11 22:51 - 2013-05-09 19:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll 2013-06-11 22:51 - 2013-05-07 22:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2013-06-11 22:51 - 2013-04-25 21:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll 2013-06-11 22:51 - 2013-04-25 20:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll 2013-06-11 22:50 - 2013-05-12 21:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2013-06-11 22:50 - 2013-05-12 21:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2013-06-11 22:50 - 2013-05-12 21:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll 2013-06-11 22:50 - 2013-05-12 21:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll 2013-06-11 22:50 - 2013-05-12 20:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-06-11 22:50 - 2013-05-12 20:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2013-06-11 22:50 - 2013-05-12 20:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2013-06-11 22:50 - 2013-05-12 19:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe 2013-06-11 22:50 - 2013-05-12 19:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe 2013-06-11 22:50 - 2013-05-12 19:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll 2013-06-11 22:50 - 2013-04-16 23:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2013-06-11 22:50 - 2013-04-16 22:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll 2013-06-11 22:49 - 2013-04-25 15:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll 2013-06-11 22:49 - 2013-03-31 14:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll 2013-06-11 13:01 - 2013-06-11 13:01 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{25472F93-2899-4F41-A657-D746E89CCD22} 2013-06-11 01:01 - 2013-06-11 01:01 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{9806C917-B29B-4850-9F9D-6712B65B24A8} 2013-06-10 03:07 - 2013-06-10 03:07 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{BD73BF6A-9CB6-4D63-AA74-6F7251EC6DA1} 2013-06-09 15:06 - 2013-06-09 15:07 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{29CB2AD0-DF06-4C83-B7B9-B8A2B6BF383B} 2013-06-09 04:13 - 2013-06-09 05:54 - 00016128 ____A C:\Users\Ed Greenslade\Documents\Icemark garrison.xlsx 2013-06-08 23:38 - 2013-06-08 23:38 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{5DD8EF6F-C18E-4C01-86D4-192C01732652} 2013-06-08 08:12 - 2013-06-08 08:13 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{5B79D989-46FA-401F-94FD-FF0C80A97A66} 2013-06-07 17:46 - 2013-06-07 17:46 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{CD852BE4-0E6D-4481-93A9-76B90E2EED65} 2013-06-07 03:48 - 2013-06-07 03:48 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{C9912FD3-AA12-4E58-8B57-C9EDFAE4C56A} 2013-06-06 15:18 - 2013-06-06 15:19 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{AE6374EE-C260-41E6-B481-21F8A0975160} 2013-06-06 00:20 - 2013-06-06 00:20 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{28B40AF9-CBEB-4D95-AFDD-AEAE5B693125} ==================== One Month Modified Files and Folders ======= 2013-07-06 03:45 - 2013-06-01 08:06 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2013-07-06 03:03 - 2013-07-06 03:03 - 00000000 ____D C:\Users\Ed Greenslade\Downloads\mbar-1.06.0.1004 2013-07-06 03:01 - 2013-07-06 03:01 - 13399154 ____A C:\Users\Ed Greenslade\Downloads\mbar-1.06.0.1004.zip 2013-07-06 03:00 - 2009-07-13 21:13 - 00779306 ____A C:\Windows\System32\PerfStringBackup.INI 2013-07-06 02:58 - 2011-05-18 12:23 - 00002130 ____A C:\Users\Ed Greenslade\Desktop\OneKey Recovery.lnk 2013-07-06 02:58 - 2011-04-04 07:11 - 01869651 ____A C:\Windows\WindowsUpdate.log 2013-07-06 02:55 - 2011-12-09 02:21 - 00001828 ____A C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk 2013-07-06 02:52 - 2011-05-19 09:26 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Roaming\Skype 2013-07-06 02:52 - 2011-05-18 14:36 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Roaming\Spotify 2013-07-06 02:51 - 2011-05-23 03:20 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-07-06 02:51 - 2011-05-18 14:50 - 00000000 ____D C:\Users\Ed Greenslade\Tracing 2013-07-06 02:51 - 2011-05-18 12:22 - 24262160 ____A C:\FaceProv.log 2013-07-06 02:51 - 2011-05-17 20:16 - 00053648 ____A C:\Windows\PFRO.log 2013-07-06 02:51 - 2011-04-04 07:29 - 00000000 ____D C:\ProgramData\VeriFace 2013-07-06 02:51 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-07-06 02:51 - 2009-07-13 20:51 - 00156869 ____A C:\Windows\setupact.log 2013-07-06 02:35 - 2013-07-06 02:35 - 00000165 ____A C:\ProgramData\yamyfrjfqokbmciyuyu.reg 2013-07-06 02:35 - 2013-07-06 02:35 - 00000070 ____A C:\ProgramData\yamyfrjfqokbmciyuyu.bat 2013-07-06 02:13 - 2011-05-23 03:20 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-07-06 01:50 - 2012-09-10 11:59 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-07-06 01:41 - 2009-07-13 20:45 - 00013632 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-07-06 01:41 - 2009-07-13 20:45 - 00013632 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-07-05 15:14 - 2013-07-05 15:13 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{11E69CC1-D6C2-4A92-8ADA-2A92035CCAE2} 2013-07-05 03:13 - 2013-07-05 03:13 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{7F9C033D-FC6C-4720-824E-DB7C71AE7844} 2013-07-04 15:13 - 2013-07-04 03:12 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{AB110009-74F7-4B40-90E2-C9D58E99D926} 2013-07-04 08:46 - 2013-06-27 10:13 - 00022423 ____A C:\Users\Ed Greenslade\Documents\Dance of the Dragons characters.xlsx 2013-07-04 07:54 - 2013-06-18 07:28 - 00028359 ____A C:\Users\Ed Greenslade\Documents\The Dance of the Dragons.xlsx 2013-07-04 07:17 - 2013-06-20 05:21 - 01559204 ____A C:\Users\Ed Greenslade\Documents\The Dance of the Dragons map.pptx 2013-07-04 07:14 - 2013-06-28 02:06 - 00014898 ____A C:\Users\Ed Greenslade\Documents\Battles of the Dance of the Dragons.xlsx 2013-07-04 06:53 - 2013-06-28 03:09 - 00012989 ____A C:\Users\Ed Greenslade\Documents\The Ongoing Dance of the Dragons.xlsx 2013-07-04 06:42 - 2013-07-03 08:23 - 00011890 ____A C:\Users\Ed Greenslade\Documents\Battle of the Goldroad.xlsx 2013-07-04 05:37 - 2011-05-18 14:36 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\Spotify 2013-07-04 04:15 - 2013-02-07 11:06 - 00000000 ____D C:\Users\Ed Greenslade\Documents\VirtualDJ 2013-07-03 00:55 - 2013-07-03 00:55 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{0B591B3E-EF44-45EE-A8E4-3C3A26154D57} 2013-07-03 00:55 - 2011-08-20 02:50 - 00000000 ____D C:\Users\Ed Greenslade\Documents\Youcam 2013-07-02 05:51 - 2013-07-02 05:46 - 00013614 ____A C:\Users\Ed Greenslade\Documents\Army of King's Landing under Queen Rhaenyra.xlsx 2013-07-02 03:38 - 2013-07-02 03:38 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{EECD98DE-3628-4708-A6CC-60D02BE1B717} 2013-07-01 15:38 - 2013-07-01 15:38 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{8ADC0B9D-A6B1-44CC-8F7F-36AE89F19C30} 2013-07-01 03:38 - 2013-07-01 03:37 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{DDBF11DA-B37F-41C3-B8B6-3ADA58388916} 2013-07-01 00:31 - 2012-06-24 03:53 - 87340382 ____A C:\Users\Ed Greenslade\Documents\Trouble.pptx 2013-06-30 15:37 - 2013-06-30 15:37 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{A287BE2C-C528-46A0-8F5A-E7A6765B4497} 2013-06-30 03:37 - 2013-06-30 03:37 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{5293C3A3-DFF2-4D4F-BE8C-325CE07179BD} 2013-06-29 15:36 - 2013-06-29 15:36 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{0E833867-E945-43B1-8C0D-CD1FDF9AB813} 2013-06-29 03:22 - 2013-06-29 03:22 - 00011339 ____A C:\Users\Ed Greenslade\Documents\The North has suffered.xlsx 2013-06-29 03:03 - 2013-06-29 03:03 - 00886000 ____A C:\Users\Ed Greenslade\Documents\Brown.pptx 2013-06-29 01:44 - 2013-06-29 01:44 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{B7546FE9-50BC-4C54-A3C0-6FF57D8C7F2B} 2013-06-28 13:43 - 2013-06-28 13:43 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{A77083AE-88B0-4384-A8FD-89CD6FB5D2D5} 2013-06-28 13:13 - 2013-03-17 03:24 - 00011443 ____A C:\Users\Ed Greenslade\Documents\Helen's course.xlsx 2013-06-28 01:43 - 2013-06-28 01:43 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{3C59EE9C-2D19-4F37-842D-B54E0B0A1D91} 2013-06-27 13:43 - 2013-06-27 13:42 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{A99C3003-E3F2-48F2-8B4A-46A8E03DA66F} 2013-06-27 10:42 - 2011-08-21 15:23 - 00068652 ____A C:\Users\Ed Greenslade\Documents\ASOIAF names.xlsx 2013-06-27 01:42 - 2013-06-27 01:42 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{0B82D516-E6A2-428A-BC59-FA52076643C2} 2013-06-26 04:08 - 2011-04-04 07:24 - 00000000 ____D C:\Program Files\mcafee 2013-06-26 04:03 - 2013-06-26 04:03 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{6B4FBA49-ED86-4C2C-BA3F-88C37F6BA26C} 2013-06-25 03:31 - 2013-06-25 03:31 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{F87EA818-780D-43E9-85C7-6B8A711A6C8F} 2013-06-24 14:29 - 2013-06-24 14:28 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{FD49AE58-9436-49C4-AC83-00E5B353FC80} 2013-06-22 05:29 - 2013-06-22 05:29 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{04E3F5C1-35C1-4828-909E-DB30A1A94F89} 2013-06-21 05:00 - 2013-06-21 05:00 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Roaming\Windows Live Writer 2013-06-21 05:00 - 2013-06-21 05:00 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\Windows Live Writer 2013-06-21 05:00 - 2011-05-18 14:43 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\Windows Live 2013-06-21 02:35 - 2013-06-21 02:35 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{32138C49-4012-46A4-9834-D29999C416EB} 2013-06-20 02:51 - 2013-06-20 02:51 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{7EBEB5B0-9385-4E83-830D-8D447C5707B2} 2013-06-18 06:41 - 2013-06-18 06:18 - 01484911 ____A C:\Users\Ed Greenslade\Documents\Robert's Rebellion.pptx 2013-06-18 05:19 - 2013-06-18 05:19 - 01439574 ____A C:\Users\Ed Greenslade\Documents\Red Lake Rebellion.pptx 2013-06-18 04:55 - 2013-05-29 14:06 - 00017737 ____A C:\Users\Ed Greenslade\Documents\Ser Hostan's quests characters.xlsx 2013-06-18 04:53 - 2013-06-18 04:43 - 00048420 ____A C:\Users\Ed Greenslade\Documents\Trident.pptx 2013-06-18 04:43 - 2013-06-18 04:43 - 00014674 ____A C:\Users\Ed Greenslade\Documents\Battle of the Trident.xlsx 2013-06-18 03:05 - 2013-06-18 03:05 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{76A0617E-E2AC-4ADA-A265-D4A2CC403A44} 2013-06-17 06:48 - 2013-06-17 06:47 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{89D6F479-FC57-415C-8D34-82470AC1882B} 2013-06-14 14:13 - 2013-06-14 14:13 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{1ECEE421-9ABF-4274-87FF-B85281A175F2} 2013-06-14 02:13 - 2013-06-14 02:13 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{EB528CAB-CFF4-4777-8EA5-A8983B17845C} 2013-06-13 14:12 - 2013-06-13 14:12 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{9BD6A6ED-B898-4740-84F4-F9A5979C1D59} 2013-06-13 07:00 - 2013-06-13 07:00 - 00012098 ____A C:\Users\Ed Greenslade\Documents\War for Westeros.xlsx 2013-06-13 06:59 - 2013-06-13 06:47 - 01776573 ____A C:\Users\Ed Greenslade\Documents\War for Westeros 5 BC.pptx 2013-06-13 03:08 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache 2013-06-13 02:12 - 2013-06-13 02:12 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{DB520329-E5C7-45E7-8974-C8F26954ED1F} 2013-06-12 08:57 - 2013-05-22 05:06 - 00367640 ____A C:\Users\Ed Greenslade\Documents\Quest of Ser Hostan Ryle.pptx 2013-06-12 06:56 - 2013-06-12 06:56 - 00361118 ____A C:\Users\Ed Greenslade\Documents\280 AL Conflict.pptx 2013-06-12 05:34 - 2013-06-02 02:54 - 00320120 ____A C:\Users\Ed Greenslade\Documents\ASOIAF maps.pptx 2013-06-12 04:43 - 2013-04-24 12:54 - 00019202 ____A C:\Users\Ed Greenslade\Documents\Character chapters.xlsx 2013-06-12 03:50 - 2012-09-10 11:59 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-06-12 03:50 - 2011-05-18 14:14 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-06-12 03:41 - 2013-06-12 03:41 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{E3D7FA79-FE17-43AE-BAB7-485033FEB4A7} 2013-06-11 13:01 - 2013-06-11 13:01 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{25472F93-2899-4F41-A657-D746E89CCD22} 2013-06-11 01:01 - 2013-06-11 01:01 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{9806C917-B29B-4850-9F9D-6712B65B24A8} 2013-06-10 03:07 - 2013-06-10 03:07 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{BD73BF6A-9CB6-4D63-AA74-6F7251EC6DA1} 2013-06-09 15:07 - 2013-06-09 15:06 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{29CB2AD0-DF06-4C83-B7B9-B8A2B6BF383B} 2013-06-09 05:54 - 2013-06-09 04:13 - 00016128 ____A C:\Users\Ed Greenslade\Documents\Icemark garrison.xlsx 2013-06-08 23:38 - 2013-06-08 23:38 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{5DD8EF6F-C18E-4C01-86D4-192C01732652} 2013-06-08 08:13 - 2013-06-08 08:12 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{5B79D989-46FA-401F-94FD-FF0C80A97A66} 2013-06-08 06:08 - 2013-06-17 16:17 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-06-08 06:07 - 2013-06-17 16:17 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-06-08 06:06 - 2013-06-17 16:17 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-06-08 06:06 - 2013-06-17 16:17 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-06-08 06:06 - 2013-06-17 16:17 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-06-08 04:28 - 2013-06-17 16:17 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-06-08 03:42 - 2013-06-17 16:17 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-06-08 03:40 - 2013-06-17 16:17 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-06-08 03:40 - 2013-06-17 16:17 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-06-08 03:40 - 2013-06-17 16:17 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-06-08 03:40 - 2013-06-17 16:17 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-06-08 03:13 - 2013-06-17 16:17 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-06-07 17:46 - 2013-06-07 17:46 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{CD852BE4-0E6D-4481-93A9-76B90E2EED65} 2013-06-07 03:48 - 2013-06-07 03:48 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{C9912FD3-AA12-4E58-8B57-C9EDFAE4C56A} 2013-06-06 15:19 - 2013-06-06 15:18 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{AE6374EE-C260-41E6-B481-21F8A0975160} 2013-06-06 00:20 - 2013-06-06 00:20 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{28B40AF9-CBEB-4D95-AFDD-AEAE5B693125} Files to move or delete: ==================== C:\ProgramData\yamyfrjfqokbmciyuyu.bat C:\ProgramData\yamyfrjfqokbmciyuyu.reg ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= ==================== Memory info =========================== Percentage of memory in use: 17% Total physical RAM: 3893.86 MB Available physical RAM: 3206.27 MB Total Pagefile: 3892.01 MB Available Pagefile: 3287.2 MB Total Virtual: 8192 MB Available Virtual: 8191.85 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:75.3 GB) (Free:3.07 GB) NTFS (Disk=0 Partition=2) Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:27.93 GB) NTFS (Disk=0 Partition=4) Drive f: (Lexar) (Removable) (Total:14.61 GB) (Free:14.58 GB) FAT32 (Disk=1 Partition=1) Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Drive y: () (Fixed) (Total:0.2 GB) (Free:0.15 GB) NTFS (Disk=0 Partition=1) ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119 GB) (Disk ID: 8BDC9C39) Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=75 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended) Partition 4: (Not Active) - (Size=15 GB) - (Type=12) ======================================================== Disk: 1 (Size: 15 GB) (Disk ID: 7198AF08) Partition 1: (Not Active) - (Size=15 GB) - (Type=0B) Last Boot: 2013-07-03 01:43 ==================== End Of Log ============================

Thank you for all your help

The scan didn't turn up anything...

Yep, just as normal. Still running the scan.

esult of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-06-2013 02 Ran by SYSTEM at 2013-06-01 16:59:23 Run:1 Running from F:\ Boot Mode: Recovery ============================================== HKEY_USERS\Ed Greenslade\Software\Microsoft\Windows\CurrentVersion\Run\\Ocura => Value deleted successfully. C:\Users\Ed Greenslade\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk => Moved successfully. C:\PROGRA~3\6zfowwi.dat => Moved successfully. C:\Users\Ed Greenslade\AppData\Roaming\Akigy\eknua.exe => File/Directory not found. C:\ProgramData\iwwofz6.js => Moved successfully. C:\ProgramData\iwwofz6.pad => Moved successfully. C:\Users\Ed Greenslade\5254009.dll => Moved successfully. C:\ProgramData\6zfowwi.dat => File/Directory not found. C:\ProgramData\iwwofz6.reg => Moved successfully. C:\ProgramData\iwwofz6.bat => Moved successfully. C:\ProgramData\rundll32.exe => Moved successfully. C:\Users\Ed Greenslade\5254009.dll => File/Directory not found. C:\Users\Ed Greenslade\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk => File/Directory not found. C:\ProgramData\7bgf.pad => Moved successfully. C:\ProgramData\qci.pad => Moved successfully. C:\Users\Ed Greenslade\AppData\Local\{decbe39e-ba29-3c94-db23-29eb10efbeb4} => Moved successfully. ==== End of Fixlog ====

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-06-2013 02 Ran by SYSTEM on 01-06-2013 15:35:32 Running from F:\ Windows 7 Home Premium (X64) OS Language: English(US) Internet Explorer Version 9 Boot Mode: Recovery The current controlset is ControlSet001 ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log. ==================== Registry (Whitelisted) ================== HKLM\...\Run: [igfxTray] DOWS\SYSTEM32\IGFXTRAY.EXE [x] HKLM\...\Run: [HotKeysCmds] DOWS\SYSTEM32\HKCMD.EXE [x] HKLM\...\Run: [Persistence] DOWS\SYSTEM32\IGFXPERS.EXE [x] HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11465832 2010-09-14] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3 [2122344 2010-09-14] (Realtek Semiconductor) HKLM\...\Run: [synTPEnh] H.EXE [x] HKLM\...\Run: [TpShocks] DOWS\SYSTEM32\TPSHOCKS.EXE [x] HKLM\...\Run: [EnergyUtility] T\UTILITY.EXE [x] HKLM\...\Run: [Energy Management] T.EXE [x] HKLM-x32\...\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation) HKLM-x32\...\Run: [332BigDog] C:\Program Files (x86)\USB Camera2\VM332_STI.EXE [536576 2010-01-19] (Vimicro) HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1486392 2011-04-05] (McAfee, Inc.) HKLM-x32\...\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [3122528 2011-04-04] (Lenovo) HKLM-x32\...\Run: [uCam_Menu] "C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0" [222504 2009-05-19] (CyberLink Corp.) HKLM-x32\...\Run: [YouCam Mirror Tray icon] "C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s [171104 2010-06-30] (CyberLink Corp.) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [] [x] HKLM-x32\...\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [887976 2011-08-23] (Ask) HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [3524536 2012-07-15] (Samsung Electronics Co., Ltd.) HKU\Ed Greenslade\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation) HKU\Ed Greenslade\...\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup [x] HKU\Ed Greenslade\...\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [21432 2012-07-15] () HKU\Ed Greenslade\...\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload [975800 2012-07-15] (Samsung) HKU\Ed Greenslade\...\Run: [spotify Web Helper] "C:\Users\Ed Greenslade\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1104384 2013-05-29] (Spotify Ltd) HKU\Ed Greenslade\...\Run: [Ocura] "C:\Users\Ed Greenslade\AppData\Roaming\Akigy\eknua.exe" [x] HKU\Ed Greenslade\...\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18678376 2013-04-19] (Skype Technologies S.A.) HKU\Ed Greenslade\...\Run: [spotify] "C:\Users\Ed Greenslade\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart [4657152 2013-05-29] (Spotify Ltd) Startup: C:\ProgramData\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\Users\Ed Greenslade\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk ShortcutTarget: msconfig.lnk -> C:\PROGRA~3\6zfowwi.dat (?????????? ??????????) Startup: C:\Users\Ed Greenslade\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\Ed Greenslade\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TimeLeft.lnk ShortcutTarget: TimeLeft.lnk -> C:\Program Files (x86)\TimeLeft3\TimeLeft.exe (NesterSoft Inc.) SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No File SSODL-x32: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No File ==================== Services (Whitelisted) ================= S2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [903456 2010-04-20] (Broadcom Corporation.) S2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.) S2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.) S2 mcmscsvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.) S2 McNaiAnn; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.) S2 McNASvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.) S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [509416 2010-10-07] (McAfee, Inc.) S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.) S2 McProxy; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [355440 2010-03-10] (McAfee, Inc.) S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [200056 2011-04-14] (McAfee, Inc.) S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [245352 2011-04-14] (McAfee, Inc.) S2 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [149032 2011-04-14] (McAfee, Inc.) S2 SpyHunter 4 Service; C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [1025408 2013-05-07] (Enigma Software Group USA, LLC.) ==================== Drivers (Whitelisted) ==================== S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [63056 2011-04-14] (McAfee, Inc.) S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] () S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [121376 2011-04-14] (McAfee, Inc.) S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [190520 2011-04-14] (McAfee, Inc.) S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [441840 2011-04-14] (McAfee, Inc.) S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [530304 2011-04-14] (McAfee, Inc.) S1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [75160 2011-04-14] (McAfee, Inc.) S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [94992 2011-04-14] (McAfee, Inc.) S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [283744 2011-04-14] (McAfee, Inc.) S3 ssudobex; C:\Windows\System32\DRIVERS\ssudobex.sys [203320 2012-05-20] (DEVGURU Co., LTD.(www.devguru.co.kr)) S3 BcmSqlStartupSvc; S3 IGRS; S2 IviRegMgr; S2 ReadyComm.DirectRouter; S2 RichVideo; S3 SQLWriter; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-06-01 05:59 - 2013-06-01 05:59 - 20967560 ____A (Microsoft Corporation) C:\Users\Ed Greenslade\Downloads\Windows-KB890830-x64-V4.20.exe 2013-06-01 05:59 - 2013-05-03 07:15 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-06-01 05:40 - 2013-06-01 05:40 - 01916164 ____A (Farbar) C:\Users\Ed Greenslade\Downloads\FRST64.exe 2013-06-01 05:40 - 2013-06-01 05:40 - 01916164 ____A (Farbar) C:\Users\Ed Greenslade\Downloads\FRST64 (1).exe 2013-06-01 05:40 - 2013-06-01 05:40 - 00000000 ____D C:\FRST 2013-06-01 00:58 - 2013-06-01 00:58 - 00044544 ____A (Microsoft Corporation) C:\ProgramData\rundll32.exe 2013-06-01 00:58 - 2013-06-01 00:58 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{E7A4768A-1F7C-4E48-832B-BEA73E3475DC} 2013-06-01 00:20 - 2013-06-01 00:20 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{D50A387C-FFE2-4817-806A-6716A0D099A0} 2013-05-31 04:51 - 2013-05-31 04:55 - 00000000 ____D C:\ProgramData\HitmanPro 2013-05-31 04:07 - 2013-05-31 04:07 - 00002274 ____A C:\Users\Ed Greenslade\Desktop\SpyHunter.lnk 2013-05-31 04:07 - 2013-05-31 04:07 - 00000000 ____D C:\Windows\E63D89610BA94CF39E94407ACA42846C.TMP 2013-05-31 04:07 - 2013-05-31 04:07 - 00000000 ____D C:\sh4ldr 2013-05-31 04:07 - 2013-05-31 04:07 - 00000000 ____D C:\Program Files\Enigma Software Group 2013-05-31 04:07 - 2012-06-22 03:01 - 00022704 ____A C:\Windows\System32\Drivers\EsgScanner.sys 2013-05-31 04:06 - 2013-05-31 04:06 - 00728960 ____A (Enigma Software Group USA, LLC.) C:\Users\Ed Greenslade\Downloads\SpyHunter-Installer.exe 2013-05-31 03:22 - 2013-05-31 03:22 - 00002660 ____A C:\ProgramData\iwwofz6.js 2013-05-31 03:09 - 2013-06-01 06:21 - 95023320 ___AT C:\ProgramData\iwwofz6.pad 2013-05-31 03:09 - 2013-05-31 03:09 - 00172032 ____A (?????????? ??????????) C:\Users\Ed Greenslade\5254009.dll 2013-05-31 03:09 - 2013-05-31 03:09 - 00172032 ____A (?????????? ??????????) C:\ProgramData\6zfowwi.dat 2013-05-31 03:09 - 2013-05-31 03:09 - 00000153 ____A C:\ProgramData\iwwofz6.reg 2013-05-31 03:09 - 2013-05-31 03:09 - 00000057 ____A C:\ProgramData\iwwofz6.bat 2013-05-31 02:57 - 2013-05-31 02:57 - 00000165 ___AH C:\Users\Ed Greenslade\Documents\~$Trouble.pptx 2013-05-31 01:33 - 2013-05-31 01:34 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{4BD53E11-6FE2-4EC7-97A5-1C47931F3D1F} 2013-05-29 23:11 - 2013-05-29 23:12 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{39A1CDE8-CC9D-4BD8-832D-71771F2379D7} 2013-05-29 14:06 - 2013-06-01 01:20 - 00014997 ____A C:\Users\Ed Greenslade\Documents\Ser Hostan's quests characters.xlsx 2013-05-29 04:46 - 2013-05-29 04:46 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{DA202AD3-3C0B-44A3-A170-C71347899D83} 2013-05-28 11:19 - 2013-05-28 11:19 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{0E20A0DE-EEB4-4B0E-89BE-59A0AAF6177A} 2013-05-27 21:19 - 2013-05-27 21:19 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{5A93BC65-1CF5-4900-973C-72677A364CA9} 2013-05-27 03:57 - 2013-05-27 03:57 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{B4372928-ECFC-4891-BF78-EB0F725EFAA7} 2013-05-26 15:56 - 2013-05-26 15:56 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{A4CE8ACE-42FD-42D4-96DE-237B3EF224A2} 2013-05-26 03:56 - 2013-05-26 03:56 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{190DC953-2C1E-4FB7-A6A0-590C992BC71C} 2013-05-25 14:32 - 2013-05-25 14:33 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{8602A731-8F00-4024-A034-96EE7B45AB85} 2013-05-25 00:14 - 2013-05-25 00:14 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{63435647-0CB4-4605-AE87-BDFE7B6A8EF0} 2013-05-24 09:36 - 2013-05-24 09:36 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{4EEA30E9-87EE-426E-8500-C7C1908F20AA} 2013-05-22 14:57 - 2013-05-23 16:05 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{83AB37D9-8980-44A8-AA8B-7711C83020B2} 2013-05-22 06:15 - 2013-05-23 08:35 - 00011058 ____A C:\Users\Ed Greenslade\Documents\Fitness.xlsx 2013-05-22 05:06 - 2013-06-01 01:24 - 00320096 ____A C:\Users\Ed Greenslade\Documents\Quest of Ser Hostan Ryle.pptx 2013-05-22 02:49 - 2013-05-22 02:49 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{54D3AF44-FEB8-41D9-AF15-C138AE3145DE} 2013-05-21 05:59 - 2013-05-21 05:59 - 01506664 ____A C:\Users\Ed Greenslade\Documents\Westeros regions.pptx 2013-05-21 04:02 - 2013-05-21 04:02 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{84BBB858-FDDA-431A-AF98-CB41B5C5EE13} 2013-05-20 03:25 - 2013-05-20 03:25 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{6F1E06D7-1932-410D-9BF4-4A222C3213BD} 2013-05-18 07:00 - 2013-05-18 07:00 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{2B450DD6-CC37-4AB6-AAE9-E4A18E02C177} 2013-05-17 19:00 - 2013-05-17 19:00 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{61CC37F3-F9B6-438D-B7CD-A4B8C99726CD} 2013-05-17 06:00 - 2013-05-17 06:00 - 00012735 ____A C:\Users\Ed Greenslade\Documents\Star Trek chronology.xlsx 2013-05-17 04:55 - 2013-05-17 04:55 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{528A79E7-A322-4372-8285-F234F73FE3E1} 2013-05-16 08:19 - 2013-05-16 08:19 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{EB592538-CFE8-4D54-9D2B-65531BD63032} 2013-05-15 18:00 - 2013-05-15 18:00 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{7CFB57EF-413A-48B8-B775-DB54A508B52F} 2013-05-15 05:15 - 2013-04-09 22:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys 2013-05-15 05:15 - 2013-04-09 22:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys 2013-05-15 05:15 - 2013-04-09 19:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2013-05-15 05:15 - 2011-02-03 03:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll 2013-05-15 05:14 - 2013-02-26 20:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2013-05-15 05:14 - 2013-02-26 20:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll 2013-05-15 05:14 - 2013-02-26 20:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2013-05-15 05:13 - 2013-03-18 21:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll 2013-05-15 05:13 - 2013-03-18 21:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll 2013-05-15 05:13 - 2013-02-26 22:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe 2013-05-15 05:13 - 2013-02-26 21:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll 2013-05-15 05:13 - 2013-02-26 21:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll 2013-05-15 05:13 - 2013-02-26 21:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll 2013-05-15 05:13 - 2013-02-26 21:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 19231232 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 15404032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 14323712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-05-15 03:29 - 2013-05-15 03:29 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-05-15 03:29 - 2013-05-15 03:29 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 02242048 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 01767424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2013-05-15 03:29 - 2013-05-15 03:29 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2013-05-15 03:29 - 2013-05-15 03:29 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat 2013-05-15 03:29 - 2013-05-15 03:29 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat 2013-05-15 03:29 - 2013-05-15 03:29 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 01130496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe 2013-05-15 03:29 - 2013-05-15 03:29 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec 2013-05-15 03:29 - 2013-05-15 03:29 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2013-05-15 03:29 - 2013-05-15 03:29 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2013-05-15 03:29 - 2013-05-15 03:29 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe 2013-05-15 03:29 - 2013-05-15 03:29 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe 2013-05-15 03:29 - 2013-05-15 03:29 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe 2013-05-15 03:29 - 2013-05-15 03:29 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe 2013-05-15 03:29 - 2013-05-15 03:29 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2013-05-15 03:29 - 2013-05-15 03:29 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe 2013-05-15 03:29 - 2013-05-15 03:29 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe 2013-05-15 03:29 - 2013-05-15 03:29 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx 2013-05-15 03:29 - 2013-05-15 03:29 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe 2013-05-15 03:29 - 2013-05-15 03:29 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-05-15 03:29 - 2013-05-15 03:29 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2013-05-15 03:29 - 2013-05-15 03:29 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2013-05-15 03:29 - 2013-05-15 03:29 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe 2013-05-15 03:29 - 2013-05-15 03:29 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2013-05-15 03:29 - 2013-05-15 03:29 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe 2013-05-15 03:29 - 2013-05-15 03:29 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2013-05-15 03:28 - 2013-05-15 03:28 - 03928064 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll 2013-05-15 03:28 - 2013-05-15 03:28 - 03419136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll 2013-05-15 03:28 - 2013-05-15 03:28 - 02776576 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll 2013-05-15 03:28 - 2013-05-15 03:28 - 02565120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll 2013-05-15 03:28 - 2013-05-15 03:28 - 02284544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll 2013-05-15 03:28 - 2013-05-15 03:28 - 01988096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll 2013-05-15 03:28 - 2013-05-15 03:28 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll 2013-05-15 03:28 - 2013-05-15 03:28 - 01682432 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll 2013-05-15 03:28 - 2013-05-15 03:28 - 01643520 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll 2013-05-15 03:28 - 2013-05-15 03:28 - 01504768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll 2013-05-15 03:28 - 2013-05-15 03:28 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll 2013-05-15 03:28 - 2013-05-15 03:28 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2013-05-15 03:28 - 2013-05-15 03:28 - 01238528 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll 2013-05-15 03:28 - 2013-05-15 03:28 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2013-05-15 03:28 - 2013-05-15 03:28 - 01175552 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll 2013-05-15 03:28 - 2013-05-15 03:28 - 01158144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll 2013-05-15 03:28 - 2013-05-15 03:28 - 01080832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll 2013-05-15 03:28 - 2013-05-15 03:28 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll 2013-05-15 03:28 - 2013-05-15 03:28 - 00604160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll 2013-05-15 03:28 - 2013-05-15 03:28 - 00522752 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll 2013-05-15 03:28 - 2013-05-15 03:28 - 00465920 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll 2013-05-15 03:28 - 2013-05-15 03:28 - 00417792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll 2013-05-15 03:28 - 2013-05-15 03:28 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll 2013-05-15 03:28 - 2013-05-15 03:28 - 00363008 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll 2013-05-15 03:28 - 2013-05-15 03:28 - 00333312 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll 2013-05-15 03:28 - 2013-05-15 03:28 - 00296960 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll 2013-05-15 03:28 - 2013-05-15 03:28 - 00293376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll 2013-05-15 03:28 - 2013-05-15 03:28 - 00249856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll 2013-05-15 03:28 - 2013-05-15 03:28 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll 2013-05-15 03:28 - 2013-05-15 03:28 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll 2013-05-15 03:28 - 2013-05-15 03:28 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll 2013-05-15 03:28 - 2013-05-15 03:28 - 00207872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll 2013-05-15 03:28 - 2013-05-15 03:28 - 00194560 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll 2013-05-15 03:28 - 2013-05-15 03:28 - 00187392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll 2013-05-15 03:28 - 2013-05-15 03:28 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll 2013-05-15 03:28 - 2013-05-15 03:28 - 00010752 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll 2013-05-15 03:28 - 2013-05-15 03:28 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll 2013-05-15 03:28 - 2013-05-15 03:28 - 00009728 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-05-15 03:28 - 2013-05-15 03:28 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-05-15 03:28 - 2013-05-15 03:28 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-05-15 03:28 - 2013-05-15 03:28 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-05-15 03:28 - 2013-05-15 03:28 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-05-15 03:28 - 2013-05-15 03:28 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-05-15 03:28 - 2013-05-15 03:28 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll 2013-05-15 03:28 - 2013-05-15 03:28 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll 2013-05-15 03:28 - 2013-05-15 03:28 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-05-15 03:28 - 2013-05-15 03:28 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-05-15 03:28 - 2013-05-15 03:28 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll 2013-05-15 03:28 - 2013-05-15 03:28 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-05-15 03:28 - 2013-05-15 03:28 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll 2013-05-15 03:28 - 2013-05-15 03:28 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-05-15 03:28 - 2013-05-15 03:28 - 00002560 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-05-15 03:28 - 2013-05-15 03:28 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-05-15 03:26 - 2013-05-15 03:32 - 00007985 ____A C:\Windows\IE10_main.log 2013-05-15 02:14 - 2013-06-01 06:21 - 00000000 ____A C:\ProgramData\as98213.txt 2013-05-15 02:14 - 2013-05-15 02:16 - 95023320 ___AT C:\ProgramData\7bgf.pad 2013-05-15 01:11 - 2013-05-15 01:11 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{EDBCC149-87B0-4B4B-80E6-4938D000719D} 2013-05-14 01:10 - 2013-05-14 13:11 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{DE3E432A-3662-4BAF-A748-4374DCA95F18} 2013-05-13 12:57 - 2013-05-13 12:57 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{2EC165C3-E00E-4089-83F7-9BD592AA78D8} 2013-05-13 12:21 - 2013-05-13 12:21 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{F0577328-6280-4E4A-A6D7-77CB5F6D2650} 2013-05-12 23:44 - 2013-05-12 23:45 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{2D6B9FE1-920F-4AC9-9B06-B0D8425130BB} 2013-05-12 08:05 - 2013-05-12 08:06 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{D39B8DA9-1E3E-49DC-BA5A-994BCE3CE5BD} 2013-05-11 15:47 - 2013-05-11 15:47 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{A20ACEEA-5B58-4D5F-8716-DF54CB0A0ABF} 2013-05-11 00:07 - 2013-05-11 00:07 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{B3591A58-449F-4653-965F-FBA4D10DCDF8} 2013-05-10 00:52 - 2013-05-10 00:52 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{E9B654EB-073C-463B-8034-372182100BB0} 2013-05-09 07:00 - 2013-05-09 07:01 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{4B0BCBFB-3A5D-45AE-80C9-87163716C47B} 2013-05-08 01:55 - 2013-05-08 01:55 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{947870B9-EAEB-4A6A-879A-F0244CD61ED6} 2013-05-07 13:30 - 2013-05-07 13:30 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{64EBDC34-F988-47DD-AE7E-1DF698E889E7} 2013-05-07 00:27 - 2013-05-07 00:27 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{12B279EC-FA1E-4D7F-9B04-D38F65C30BAA} 2013-05-05 23:53 - 2013-05-05 23:53 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{24A96180-9784-47FB-9B40-C172934EAFAD} 2013-05-04 02:13 - 2013-05-07 03:22 - 00206253 ____A C:\Users\Ed Greenslade\Documents\Three houses family trees.pptx 2013-05-04 01:03 - 2013-05-10 06:32 - 00025564 ____A C:\Users\Ed Greenslade\Documents\Three houses characteristics.xlsx 2013-05-04 00:02 - 2013-05-04 00:02 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{57A38ACD-447B-4742-98B7-2FD8B51E34A0} 2013-05-03 13:08 - 2013-05-03 13:08 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{69E2E97C-9390-41EB-9DED-A546572C8D45} 2013-05-03 06:04 - 2013-05-03 07:25 - 00012057 ____A C:\Users\Ed Greenslade\Documents\House Greenslade characteristics.xlsx 2013-05-03 01:08 - 2013-05-03 01:08 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{0B0A8FD2-6C52-49EB-91DF-F4E25D1B01A7} ==================== One Month Modified Files and Folders ======= 2013-06-01 06:27 - 2009-07-13 21:13 - 00779306 ____A C:\Windows\System32\PerfStringBackup.INI 2013-06-01 06:24 - 2011-12-09 02:21 - 00001828 ____A C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk 2013-06-01 06:21 - 2013-05-31 03:09 - 95023320 ___AT C:\ProgramData\iwwofz6.pad 2013-06-01 06:21 - 2013-05-15 02:14 - 00000000 ____A C:\ProgramData\as98213.txt 2013-06-01 06:21 - 2011-05-23 03:20 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-06-01 06:21 - 2011-05-19 09:26 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Roaming\Skype 2013-06-01 06:21 - 2011-05-18 14:50 - 00000000 ____D C:\Users\Ed Greenslade\Tracing 2013-06-01 06:21 - 2011-05-18 14:36 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Roaming\Spotify 2013-06-01 06:21 - 2011-05-18 12:22 - 23095325 ____A C:\FaceProv.log 2013-06-01 06:21 - 2011-04-04 07:29 - 00000000 ____D C:\ProgramData\VeriFace 2013-06-01 06:20 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-06-01 06:20 - 2009-07-13 20:51 - 00151549 ____A C:\Windows\setupact.log 2013-06-01 05:59 - 2013-06-01 05:59 - 20967560 ____A (Microsoft Corporation) C:\Users\Ed Greenslade\Downloads\Windows-KB890830-x64-V4.20.exe 2013-06-01 05:59 - 2012-07-09 15:51 - 00000000 ____D C:\Windows\System32\MpEngineStore 2013-06-01 05:40 - 2013-06-01 05:40 - 01916164 ____A (Farbar) C:\Users\Ed Greenslade\Downloads\FRST64.exe 2013-06-01 05:40 - 2013-06-01 05:40 - 01916164 ____A (Farbar) C:\Users\Ed Greenslade\Downloads\FRST64 (1).exe 2013-06-01 05:40 - 2013-06-01 05:40 - 00000000 ____D C:\FRST 2013-06-01 05:32 - 2011-04-04 07:11 - 01141368 ____A C:\Windows\WindowsUpdate.log 2013-06-01 02:13 - 2011-05-23 03:20 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-06-01 01:50 - 2012-09-10 11:59 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-06-01 01:24 - 2013-05-22 05:06 - 00320096 ____A C:\Users\Ed Greenslade\Documents\Quest of Ser Hostan Ryle.pptx 2013-06-01 01:20 - 2013-05-29 14:06 - 00014997 ____A C:\Users\Ed Greenslade\Documents\Ser Hostan's quests characters.xlsx 2013-06-01 01:05 - 2009-07-13 20:45 - 00013632 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-06-01 01:05 - 2009-07-13 20:45 - 00013632 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-06-01 00:58 - 2013-06-01 00:58 - 00044544 ____A (Microsoft Corporation) C:\ProgramData\rundll32.exe 2013-06-01 00:58 - 2013-06-01 00:58 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{E7A4768A-1F7C-4E48-832B-BEA73E3475DC} 2013-06-01 00:58 - 2011-05-17 20:16 - 00048076 ____A C:\Windows\PFRO.log 2013-06-01 00:20 - 2013-06-01 00:20 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{D50A387C-FFE2-4817-806A-6716A0D099A0} 2013-05-31 04:57 - 2013-03-06 01:43 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-05-31 04:55 - 2013-05-31 04:51 - 00000000 ____D C:\ProgramData\HitmanPro 2013-05-31 04:34 - 2011-09-23 13:17 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-05-31 04:07 - 2013-05-31 04:07 - 00002274 ____A C:\Users\Ed Greenslade\Desktop\SpyHunter.lnk 2013-05-31 04:07 - 2013-05-31 04:07 - 00000000 ____D C:\Windows\E63D89610BA94CF39E94407ACA42846C.TMP 2013-05-31 04:07 - 2013-05-31 04:07 - 00000000 ____D C:\sh4ldr 2013-05-31 04:07 - 2013-05-31 04:07 - 00000000 ____D C:\Program Files\Enigma Software Group 2013-05-31 04:06 - 2013-05-31 04:06 - 00728960 ____A (Enigma Software Group USA, LLC.) C:\Users\Ed Greenslade\Downloads\SpyHunter-Installer.exe 2013-05-31 03:58 - 2011-05-18 14:36 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\Spotify 2013-05-31 03:22 - 2013-05-31 03:22 - 00002660 ____A C:\ProgramData\iwwofz6.js 2013-05-31 03:09 - 2013-05-31 03:09 - 00172032 ____A (?????????? ??????????) C:\Users\Ed Greenslade\5254009.dll 2013-05-31 03:09 - 2013-05-31 03:09 - 00172032 ____A (?????????? ??????????) C:\ProgramData\6zfowwi.dat 2013-05-31 03:09 - 2013-05-31 03:09 - 00000153 ____A C:\ProgramData\iwwofz6.reg 2013-05-31 03:09 - 2013-05-31 03:09 - 00000057 ____A C:\ProgramData\iwwofz6.bat 2013-05-31 03:09 - 2011-05-18 12:23 - 00000000 ____D C:\users\Ed Greenslade 2013-05-31 02:57 - 2013-05-31 02:57 - 00000165 ___AH C:\Users\Ed Greenslade\Documents\~$Trouble.pptx 2013-05-31 01:34 - 2013-05-31 01:33 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{4BD53E11-6FE2-4EC7-97A5-1C47931F3D1F} 2013-05-29 23:12 - 2013-05-29 23:11 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{39A1CDE8-CC9D-4BD8-832D-71771F2379D7} 2013-05-29 04:46 - 2013-05-29 04:46 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{DA202AD3-3C0B-44A3-A170-C71347899D83} 2013-05-28 11:19 - 2013-05-28 11:19 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{0E20A0DE-EEB4-4B0E-89BE-59A0AAF6177A} 2013-05-27 21:19 - 2013-05-27 21:19 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{5A93BC65-1CF5-4900-973C-72677A364CA9} 2013-05-27 15:35 - 2012-06-24 03:53 - 86245893 ____A C:\Users\Ed Greenslade\Documents\Trouble.pptx 2013-05-27 03:57 - 2013-05-27 03:57 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{B4372928-ECFC-4891-BF78-EB0F725EFAA7} 2013-05-26 15:56 - 2013-05-26 15:56 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{A4CE8ACE-42FD-42D4-96DE-237B3EF224A2} 2013-05-26 04:46 - 2012-09-07 13:13 - 00011267 ____A C:\Users\Ed Greenslade\Documents\Alcohol rankings.xlsx 2013-05-26 04:03 - 2013-04-24 12:54 - 00019199 ____A C:\Users\Ed Greenslade\Documents\Character chapters.xlsx 2013-05-26 03:56 - 2013-05-26 03:56 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{190DC953-2C1E-4FB7-A6A0-590C992BC71C} 2013-05-25 14:33 - 2013-05-25 14:32 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{8602A731-8F00-4024-A034-96EE7B45AB85} 2013-05-25 14:33 - 2011-05-19 09:25 - 00000000 ___RD C:\Program Files (x86)\Skype 2013-05-25 14:33 - 2011-05-18 14:48 - 00000000 ____D C:\ProgramData\Skype 2013-05-25 02:39 - 2011-08-20 02:50 - 00000000 ____D C:\Users\Ed Greenslade\Documents\Youcam 2013-05-25 00:14 - 2013-05-25 00:14 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{63435647-0CB4-4605-AE87-BDFE7B6A8EF0} 2013-05-24 09:36 - 2013-05-24 09:36 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{4EEA30E9-87EE-426E-8500-C7C1908F20AA} 2013-05-23 16:05 - 2013-05-22 14:57 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{83AB37D9-8980-44A8-AA8B-7711C83020B2} 2013-05-23 08:35 - 2013-05-22 06:15 - 00011058 ____A C:\Users\Ed Greenslade\Documents\Fitness.xlsx 2013-05-22 02:49 - 2013-05-22 02:49 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{54D3AF44-FEB8-41D9-AF15-C138AE3145DE} 2013-05-21 05:59 - 2013-05-21 05:59 - 01506664 ____A C:\Users\Ed Greenslade\Documents\Westeros regions.pptx 2013-05-21 04:02 - 2013-05-21 04:02 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{84BBB858-FDDA-431A-AF98-CB41B5C5EE13} 2013-05-20 03:25 - 2013-05-20 03:25 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{6F1E06D7-1932-410D-9BF4-4A222C3213BD} 2013-05-18 07:00 - 2013-05-18 07:00 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{2B450DD6-CC37-4AB6-AAE9-E4A18E02C177} 2013-05-17 19:00 - 2013-05-17 19:00 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{61CC37F3-F9B6-438D-B7CD-A4B8C99726CD} 2013-05-17 06:00 - 2013-05-17 06:00 - 00012735 ____A C:\Users\Ed Greenslade\Documents\Star Trek chronology.xlsx 2013-05-17 04:55 - 2013-05-17 04:55 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{528A79E7-A322-4372-8285-F234F73FE3E1} 2013-05-16 10:36 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache 2013-05-16 08:19 - 2013-05-16 08:19 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{EB592538-CFE8-4D54-9D2B-65531BD63032} 2013-05-15 18:00 - 2013-05-15 18:00 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{7CFB57EF-413A-48B8-B775-DB54A508B52F} 2013-05-15 17:59 - 2009-07-13 20:45 - 00357200 ____A C:\Windows\System32\FNTCACHE.DAT 2013-05-15 05:10 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK 2013-05-15 05:10 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR 2013-05-15 05:10 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\zh-HK 2013-05-15 05:10 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\tr-TR 2013-05-15 05:10 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions 2013-05-15 03:32 - 2013-05-15 03:26 - 00007985 ____A C:\Windows\IE10_main.log 2013-05-15 03:29 - 2013-05-15 03:29 - 19231232 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 15404032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 14323712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-05-15 03:29 - 2013-05-15 03:29 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-05-15 03:29 - 2013-05-15 03:29 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 02242048 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 01767424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2013-05-15 03:29 - 2013-05-15 03:29 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2013-05-15 03:29 - 2013-05-15 03:29 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat 2013-05-15 03:29 - 2013-05-15 03:29 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat 2013-05-15 03:29 - 2013-05-15 03:29 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 01130496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe 2013-05-15 03:29 - 2013-05-15 03:29 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec 2013-05-15 03:29 - 2013-05-15 03:29 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2013-05-15 03:29 - 2013-05-15 03:29 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2013-05-15 03:29 - 2013-05-15 03:29 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe 2013-05-15 03:29 - 2013-05-15 03:29 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe 2013-05-15 03:29 - 2013-05-15 03:29 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe 2013-05-15 03:29 - 2013-05-15 03:29 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe 2013-05-15 03:29 - 2013-05-15 03:29 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2013-05-15 03:29 - 2013-05-15 03:29 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe 2013-05-15 03:29 - 2013-05-15 03:29 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe 2013-05-15 03:29 - 2013-05-15 03:29 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx 2013-05-15 03:29 - 2013-05-15 03:29 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe 2013-05-15 03:29 - 2013-05-15 03:29 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-05-15 03:29 - 2013-05-15 03:29 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2013-05-15 03:29 - 2013-05-15 03:29 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2013-05-15 03:29 - 2013-05-15 03:29 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll 2013-05-15 03:29 - 2013-05-15 03:29 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe 2013-05-15 03:29 - 2013-05-15 03:29 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2013-05-15 03:29 - 2013-05-15 03:29 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe 2013-05-15 03:29 - 2013-05-15 03:29 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2013-05-15 03:28 - 2013-05-15 03:28 - 03928064 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll 2013-05-15 03:28 - 2013-05-15 03:28 - 03419136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll 2013-05-15 03:28 - 2013-05-15 03:28 - 02776576 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll 2013-05-15 03:28 - 2013-05-15 03:28 - 02565120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll 2013-05-15 03:28 - 2013-05-15 03:28 - 02284544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll 2013-05-15 03:28 - 2013-05-15 03:28 - 01988096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll 2013-05-15 03:28 - 2013-05-15 03:28 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll 2013-05-15 03:28 - 2013-05-15 03:28 - 01682432 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll 2013-05-15 03:28 - 2013-05-15 03:28 - 01643520 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll 2013-05-15 03:28 - 2013-05-15 03:28 - 01504768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll 2013-05-15 03:28 - 2013-05-15 03:28 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll 2013-05-15 03:28 - 2013-05-15 03:28 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2013-05-15 03:28 - 2013-05-15 03:28 - 01238528 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll 2013-05-15 03:28 - 2013-05-15 03:28 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2013-05-15 03:28 - 2013-05-15 03:28 - 01175552 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll 2013-05-15 03:28 - 2013-05-15 03:28 - 01158144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll 2013-05-15 03:28 - 2013-05-15 03:28 - 01080832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll 2013-05-15 03:28 - 2013-05-15 03:28 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll 2013-05-15 03:28 - 2013-05-15 03:28 - 00604160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll 2013-05-15 03:28 - 2013-05-15 03:28 - 00522752 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll 2013-05-15 03:28 - 2013-05-15 03:28 - 00465920 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll 2013-05-15 03:28 - 2013-05-15 03:28 - 00417792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll 2013-05-15 03:28 - 2013-05-15 03:28 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll 2013-05-15 03:28 - 2013-05-15 03:28 - 00363008 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll 2013-05-15 03:28 - 2013-05-15 03:28 - 00333312 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll 2013-05-15 03:28 - 2013-05-15 03:28 - 00296960 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll 2013-05-15 03:28 - 2013-05-15 03:28 - 00293376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll 2013-05-15 03:28 - 2013-05-15 03:28 - 00249856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll 2013-05-15 03:28 - 2013-05-15 03:28 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll 2013-05-15 03:28 - 2013-05-15 03:28 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll 2013-05-15 03:28 - 2013-05-15 03:28 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll 2013-05-15 03:28 - 2013-05-15 03:28 - 00207872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll 2013-05-15 03:28 - 2013-05-15 03:28 - 00194560 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll 2013-05-15 03:28 - 2013-05-15 03:28 - 00187392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll 2013-05-15 03:28 - 2013-05-15 03:28 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll 2013-05-15 03:28 - 2013-05-15 03:28 - 00010752 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll 2013-05-15 03:28 - 2013-05-15 03:28 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll 2013-05-15 03:28 - 2013-05-15 03:28 - 00009728 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-05-15 03:28 - 2013-05-15 03:28 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-05-15 03:28 - 2013-05-15 03:28 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-05-15 03:28 - 2013-05-15 03:28 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-05-15 03:28 - 2013-05-15 03:28 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-05-15 03:28 - 2013-05-15 03:28 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-05-15 03:28 - 2013-05-15 03:28 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll 2013-05-15 03:28 - 2013-05-15 03:28 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll 2013-05-15 03:28 - 2013-05-15 03:28 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-05-15 03:28 - 2013-05-15 03:28 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-05-15 03:28 - 2013-05-15 03:28 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll 2013-05-15 03:28 - 2013-05-15 03:28 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-05-15 03:28 - 2013-05-15 03:28 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll 2013-05-15 03:28 - 2013-05-15 03:28 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-05-15 03:28 - 2013-05-15 03:28 - 00002560 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-05-15 03:28 - 2013-05-15 03:28 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-05-15 02:50 - 2012-09-10 11:59 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-05-15 02:50 - 2011-05-18 14:14 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-05-15 02:19 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\Offline Web Pages 2013-05-15 02:19 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration 2013-05-15 02:19 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\L2Schemas 2013-05-15 02:19 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat 2013-05-15 02:19 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared 2013-05-15 02:16 - 2013-05-15 02:14 - 95023320 ___AT C:\ProgramData\7bgf.pad 2013-05-15 01:11 - 2013-05-15 01:11 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{EDBCC149-87B0-4B4B-80E6-4938D000719D} 2013-05-14 13:11 - 2013-05-14 01:10 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{DE3E432A-3662-4BAF-A748-4374DCA95F18} 2013-05-13 12:57 - 2013-05-13 12:57 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{2EC165C3-E00E-4089-83F7-9BD592AA78D8} 2013-05-13 12:28 - 2013-01-14 17:39 - 00000000 ____D C:\Users\Ed Greenslade\Documents\Writing 2013-05-13 12:28 - 2011-09-24 07:31 - 00094613 ____A C:\Users\Ed Greenslade\Desktop\Financial record.xlsx 2013-05-13 12:21 - 2013-05-13 12:21 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{F0577328-6280-4E4A-A6D7-77CB5F6D2650} 2013-05-12 23:45 - 2013-05-12 23:44 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{2D6B9FE1-920F-4AC9-9B06-B0D8425130BB} 2013-05-12 08:06 - 2013-05-12 08:05 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{D39B8DA9-1E3E-49DC-BA5A-994BCE3CE5BD} 2013-05-11 15:47 - 2013-05-11 15:47 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{A20ACEEA-5B58-4D5F-8716-DF54CB0A0ABF} 2013-05-11 00:07 - 2013-05-11 00:07 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{B3591A58-449F-4653-965F-FBA4D10DCDF8} 2013-05-10 06:32 - 2013-05-04 01:03 - 00025564 ____A C:\Users\Ed Greenslade\Documents\Three houses characteristics.xlsx 2013-05-10 00:52 - 2013-05-10 00:52 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{E9B654EB-073C-463B-8034-372182100BB0} 2013-05-09 07:01 - 2013-05-09 07:00 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{4B0BCBFB-3A5D-45AE-80C9-87163716C47B} 2013-05-08 01:55 - 2013-05-08 01:55 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{947870B9-EAEB-4A6A-879A-F0244CD61ED6} 2013-05-08 00:28 - 2011-09-23 13:17 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\Microsoft Help 2013-05-07 13:30 - 2013-05-07 13:30 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{64EBDC34-F988-47DD-AE7E-1DF698E889E7} 2013-05-07 03:22 - 2013-05-04 02:13 - 00206253 ____A C:\Users\Ed Greenslade\Documents\Three houses family trees.pptx 2013-05-07 00:27 - 2013-05-07 00:27 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{12B279EC-FA1E-4D7F-9B04-D38F65C30BAA} 2013-05-06 05:10 - 2013-05-01 06:22 - 00012744 ____A C:\Users\Ed Greenslade\Documents\House descendency.xlsx 2013-05-05 23:53 - 2013-05-05 23:53 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{24A96180-9784-47FB-9B40-C172934EAFAD} 2013-05-04 01:45 - 2011-08-21 15:23 - 00068648 ____A C:\Users\Ed Greenslade\Documents\ASOIAF names.xlsx 2013-05-04 00:02 - 2013-05-04 00:02 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{57A38ACD-447B-4742-98B7-2FD8B51E34A0} 2013-05-03 13:08 - 2013-05-03 13:08 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{69E2E97C-9390-41EB-9DED-A546572C8D45} 2013-05-03 07:25 - 2013-05-03 06:04 - 00012057 ____A C:\Users\Ed Greenslade\Documents\House Greenslade characteristics.xlsx 2013-05-03 07:15 - 2013-06-01 05:59 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-05-03 01:08 - 2013-05-03 01:08 - 00000000 ____D C:\Users\Ed Greenslade\AppData\Local\{0B0A8FD2-6C52-49EB-91DF-F4E25D1B01A7} ZeroAccess: C:\Users\Ed Greenslade\AppData\Local\{decbe39e-ba29-3c94-db23-29eb10efbeb4} C:\Users\Ed Greenslade\AppData\Local\{decbe39e-ba29-3c94-db23-29eb10efbeb4}\@ C:\Users\Ed Greenslade\AppData\Local\{decbe39e-ba29-3c94-db23-29eb10efbeb4}\L C:\Users\Ed Greenslade\AppData\Local\{decbe39e-ba29-3c94-db23-29eb10efbeb4}\U C:\Users\Ed Greenslade\AppData\Local\{decbe39e-ba29-3c94-db23-29eb10efbeb4}\L\1afb2d56 Files to move or delete: ==================== C:\ProgramData\rundll32.exe C:\Users\Ed Greenslade\5254009.dll C:\Users\Ed Greenslade\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\msconfig.lnk C:\ProgramData\6zfowwi.dat C:\ProgramData\7bgf.pad C:\ProgramData\iwwofz6.bat C:\ProgramData\iwwofz6.pad C:\ProgramData\iwwofz6.reg C:\ProgramData\qci.pad ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= ==================== Memory info =========================== Percentage of memory in use: 17% Total physical RAM: 3893.86 MB Available physical RAM: 3227.88 MB Total Pagefile: 3892.01 MB Available Pagefile: 3286.11 MB Total Virtual: 8192 MB Available Virtual: 8191.88 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:75.3 GB) (Free:6.64 GB) NTFS (Disk=0 Partition=2) Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:27.93 GB) NTFS (Disk=0 Partition=4) Drive f: (Lexar) (Removable) (Total:14.61 GB) (Free:14.58 GB) FAT32 (Disk=1 Partition=1) Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Drive y: () (Fixed) (Total:0.2 GB) (Free:0.15 GB) NTFS (Disk=0 Partition=1) ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119 GB) (Disk ID: 8BDC9C39) Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=75 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended) Partition 4: (Not Active) - (Size=15 GB) - (Type=12) ======================================================== Disk: 1 (Size: 15 GB) (Disk ID: 7198AF08) Partition 1: (Not Active) - (Size=15 GB) - (Type=0B) Last Boot: 2013-05-23 16:04 ==================== End Of Log ============================