Jump to content

Search the Community

Showing results for tags 'services.exe'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Nebula
    • Malwarebytes Nebula Modules
    • Malwarebytes Endpoint Security
    • Other Malwarebytes Business Products
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 11 results

  1. After launching game it crashed, after I tried to delete the folder it was open in another application. Using Process Explorer I found that it opened a schtask.exe. I looked in Task Scheduler and found a GoogleUpdateTaskMachineUAC that hasn't run yet, but it was linked to a file in Roaming/d_temp/sevices.exe with the game's logo. The game was scanned by ESET nod32 before I ran it. Malwarebytes free didn't detect anything neither did the Rootkit protection or the windows security.
  2. HI, Thanks in advance for any help. Something really strange is going on on my laptop, well has been for a while now. I thought I was being paranoid and have clean installed windows 10 to reassure myself but now things have occurred to make me think otherwise again and that whatever is on my pc has survived numerous fresh operating system installs. What's got me worried is what seems like an excessive amount of svchost.exe processes that are running (about 10). The security software I have is ESET smart security 9, Malwarebytes anti-malware premium and Malwarebytes anti-exploit premium. Neither of which on the deepest level scan is picking anything up. Changing some settings on ESET I found a way to notify about allowed startup modifications to programs, upon resetting i got about six notices all of which affecting Malwarebytes anti-malware processes... from services.exe, which made me almost convince that something was wrong. I've also tried GMER to look for rootkits as well which upon launch, alerts that system32 is in use and then upon attempting a scan, my laptop blue screen's after about 10-15 seconds. I'm really worried what is on my laptop, appreciate any help anyone can give me.
  3. Hello, I'm having a problem with my PC (clearly) and I'm in desperate need of help. Services.exe is spiking at 90% of my CPU usage. Clearly there is something wrong here, but I can't figure it out. Malwarebytes, hitman pro, Adwcleaner, Avast, and probably about 4 other anti-virus programs have not found anything wrong with my computer. I've tried replacing the file using sfc/scanfile in command prompt, and I was even desperate enough to try and delte the file all together. Luckily windows wouldn't let me as it would probably cause more damage. Can someone help me with this? I'm running a pretty old computer. Windows XP Pro service pack 3 I belive 32bit system. Thank you in advance. I work from home on this computer and I can't get anything done because services.exe is slowing my computer down so much. It took me 5 minutes just to type this!
  4. good morning everyone I'm writting becouse I found myself in a emergency with my pc. my anti virus is always detecting virus, even when I remove them, they happear again and over again, it's an endeless thing but there are 1 particular virus it says it can be removed automaticly, becouse it's a system file: Virus Win64/Patched.A c:\Windows\System32\services.exe I ran a test as the malware byte and detected 2 additional virues, but once it was required not to delte anything, becosue it would make harder to help, I didnt' take any action. I wait for help, best regards
  5. boa noite a toda a gente este é o meu primeiro post, e pouco li sobre o fórum porque me encontro numa emergência no meu pc começou-me a aparecer um série de vírus que consegui apagar, mas este Vírus Win64/Patched.A identificado, c:\Windows\System32\services.exe";"Não é possível limpar Remover manualmente" tem me dado grandes problemas.. a cada 5 minutos o pc detetam mais virus pro favor, se alguém me pudesse ajudar, agradecia muito
  6. Hi, I've been trying to find help with this. I need to use my computer for some work for some non-profits this weekend. I have Norton and have ran Malware Bytes Anti Malware. I've run the Norton Power Eraser and ZeroAcess fix and it's still there. I have multiple infected files and viruses. Zeroaccess2, Zeroaccess3, Zeroaccess, Trojan.gen.2 with desktop.ini Any assistance would be very appreciate. Thanks! Attach.txt DDS.txt
  7. Hi. Ive recently started using Norton AntiVirus and it has picked up a virus called Trojan.Zeroaccess!inf4 in services.exe. It says that I needed to remove it manually, but I don't really know how to do it. My computer is a Windows Home Premium 64 bit. Help would be much appreciated. Thank you.
  8. Greetings. My brother is having a small problem with the trojan in the title and I promised I'd help him. We would both appreciate any help. Thank you in advance! My operating system is Windows 7 Professional Version 6.1 (Build 7601: SP1) This might not be necessary, but I added the info just in case: The symptoms I've noticed so far are: I've also attached DDS.txt and Attach.txt Most posts I've read about problems similar to mine include something about DDS and some other information gathering programs. This is my first time dealing with malware this advanced and my experience with such programs is limited. Please excuse my ignorance if it becomes obvious. Please tell me if I forgot to include anything important. Thank you very much for your time, I appreciate it. Attach.txt DDS.txt
  9. Sadly, I've picked up the system32/services.exe trojan. Win7 was stuck in an automatic reboot loop until I managed to uninstall Microsoft Security Essentials recently. Now, I'm running Malwarebytes, AVG, and SpyHunter at every startup. AVG detects the infection, but can't remove it. The original problem was that I picked up the Live Security Platinum infection. I used SpyHunter to try and remedy that. Based on what I read from other posts, I ran farbar, and I'm attaching the log here. Thank you to anyone who's reading this! I've been deadling with this for over a week. Quick question: Do I need to back-up my system before continuing? FRST.txt
  10. I am working on a friend's system (Windows 7 Home Premium 64) that has Norton Antivirus on it, and the other day he downloaded an "Adobe Update" that turned out to not be an Adobe Update. I ran Malwarebytes and it identified three issues: c:\Windows\Installer\{d3ed6ce9-2bc9-d767-2346-e38c72483d20}\U\00000008. c:\Windows\Installer\{d3ed6ce9-2bc9-d767-2346-e38c72483d20}\U\000000cb. c:\Windows\Installer\{d3ed6ce9-2bc9-d767-2346-e38c72483d20}\U\80000032. I finally managed to delete those from a Command Prompt window. Now, Malwarebytes is showing that the system is clean, but Norton is showing that trojan.zeroaccess!inf4 is still alive in the services.exe I ran Farbar and then ran a services.exe on Farbar as well and am attaching both of those reports. I don't normally use Windows machines and am consequently even more behind the curve than normal. Any help is greatly appreciated, thanks. Malwarebytes Anti-Malware (Trial) 1.62.0.1300 www.malwarebytes.org Database version: v2012.08.17.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 RMM :: RMM-PC [administrator] Protection: Enabled 8/17/2012 12:12:35 AM mbam-log-2012-08-17 (00-12-35).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 206281 Time elapsed: 5 minute(s), 59 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Scan result of Farbar Recovery Scan Tool Version: 15-08-2012 Ran by SYSTEM at 17-08-2012 02:00:39 Running from E:\ Windows 7 Home Premium (X64) OS Language: English(US) The current controlset is ControlSet001 ========================== Registry (Whitelisted) ============= HKLM\...\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1812776 2009-06-25] (Synaptics Incorporated) HKLM\...\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [444416 2009-06-28] (IDT, Inc.) HKLM\...\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe [3180624 2009-07-02] (Dell Inc.) HKLM-x32\...\Run: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2009-06-25] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m [1807600 2009-11-13] () HKLM-x32\...\Run: [FATrayAlert] c:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe [95496 2009-06-24] (Sensible Vision ) HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [409744 2009-06-24] (Creative Technology Ltd) HKLM-x32\...\Run: [FAStartup] [x] HKLM-x32\...\Run: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [498160 2009-10-15] () HKLM-x32\...\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [206064 2009-05-21] (SupportSoft, Inc.) HKLM-x32\...\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin [611712 2008-08-14] (Adobe Systems Incorporated) HKLM-x32\...\Run: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [91432 2009-07-16] (CyberLink Corp.) HKLM-x32\...\Run: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [50472 2009-04-16] (CyberLink Corp.) HKLM-x32\...\Run: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [75048 2009-08-28] (cyberlink) HKLM-x32\...\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard) HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard) HKLM-x32\...\Run: [] [x] HKLM-x32\...\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.) HKLM-x32\...\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [288088 2009-11-11] (Microsoft Corporation) HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-04-08] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2012-03-27] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation) HKU\Default\...\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe [1475584 2010-11-20] (Microsoft Corporation) HKU\Default User\...\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe [1475584 2010-11-20] (Microsoft Corporation) HKU\RMM\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation) HKU\RMM\...\Run: [skype] "C:\Program Files (x86)\Skype\\Phone\Skype.exe" /nosplash /minimized [26102056 2010-04-06] (Skype Technologies S.A.) HKU\RMM\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.) HKLM\...\RunOnce: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe" [161008 2009-09-17] () HKLM-x32\...\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe [165104 2009-09-17] (Softthinks) HKLM-x32\...\RunOnce: [sTToasterLauncher] C:\program files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe [120048 2009-09-17] () Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X] Lsa: [Notification Packages] scecli FAPassSync Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\Users\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe (McAfee, Inc.) Startup: C:\Users\Default\Start Menu\Programs\Startup\Dell Dock First Run.lnk ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Default User\Start Menu\Programs\Startup\Dell Dock First Run.lnk ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\RMM\Start Menu\Programs\Startup\Dell Dock.lnk ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\RMM\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> (No File) ==================== Services (Whitelisted) ====== 2 BcmSqlStartupSvc; "C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe" [30312 2008-01-11] (Microsoft Corporation) 2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation) 3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe" [237008 2011-06-17] (McAfee, Inc.) 3 MSSQL$MSSMLBIZ; "C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ [29293408 2010-12-10] (Microsoft Corporation) 2 NIS; "C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\19.8.0.14\diMaster.dll" /prefetch:1 [309688 2012-04-12] (Symantec Corporation) 2 RapportMgmtService; "C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe" [931640 2011-11-07] (Trusteer Ltd.) 2 RichVideo; "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" [271760 2009-04-16] () 2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe [240128 2009-06-28] (IDT, Inc.) ========================== Drivers (Whitelisted) ============= 1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\BASHDefs\20120811.003\BHDrvx64.sys [1385120 2012-08-10] (Symantec Corporation) 1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1308000.00E\ccSetx64.sys [167072 2012-06-06] (Symantec Corporation) 1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-08] (Symantec Corporation) 3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-08] (Symantec Corporation) 1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\IPSDefs\20120815.002\IDSvia64.sys [509088 2012-06-14] (Symantec Corporation) 3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation) 3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\VirusDefs\20120816.021\ENG64.SYS [120440 2012-08-17] (Symantec Corporation) 3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\VirusDefs\20120816.021\EX64.SYS [2068600 2012-08-17] (Symantec Corporation) 3 netr28ux; C:\Windows\System32\DRIVERS\Dnetr28ux.sys [987648 2009-08-06] (Ralink Technology Corp.) 1 RapportCerberus_34302; \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys [397520 2011-12-15] () 1 RapportEI64; \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [55056 2011-11-07] (Trusteer Ltd.) 0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [63760 2011-11-07] (Trusteer Ltd.) 1 RapportPG64; \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [61712 2011-11-07] (Trusteer Ltd.) 1 SRTSP; C:\Windows\System32\Drivers\NISx64\1308000.00E\SRTSP64.SYS [737952 2012-07-05] (Symantec Corporation) 1 SRTSPX; C:\Windows\system32\drivers\NISx64\1308000.00E\SRTSPX64.SYS [37536 2012-07-05] (Symantec Corporation) 0 SymDS; C:\Windows\System32\drivers\NISx64\1308000.00E\SYMDS64.SYS [451192 2011-08-16] (Symantec Corporation) 0 SymEFA; C:\Windows\System32\drivers\NISx64\1308000.00E\SYMEFA64.SYS [1129120 2012-05-21] (Symantec Corporation) 3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2012-03-23] (Symantec Corporation) 1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [43640 2012-04-17] (Symantec Corporation) 1 SymIRON; C:\Windows\system32\drivers\NISx64\1308000.00E\Ironx64.SYS [190072 2012-04-17] (Symantec Corporation) 1 SymNetS; C:\Windows\System32\Drivers\NISx64\1308000.00E\SYMNETS.SYS [405624 2012-04-17] (Symantec Corporation) 2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; \??\C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [146928 2009-08-28] (CyberLink Corp.) ========================== NetSvcs (Whitelisted) =========== ============ One Month Created Files and Folders ============== 2012-08-17 01:25 - 2012-08-17 01:26 - 00000000 ____D C:\FRST 2012-08-17 00:07 - 2012-08-17 00:07 - 00003720 ____A C:\{08A08690-5029-4DD2-93BD-219B6FE370E8} 2012-08-17 00:07 - 2012-08-17 00:07 - 00000061 ____A C:\Users\RMM\Application Data\mbam.context.scan 2012-08-17 00:07 - 2012-08-17 00:07 - 00000061 ____A C:\Users\RMM\AppData\Roaming\mbam.context.scan 2012-08-16 23:04 - 2012-08-16 23:05 - 00001207 ____A C:\Users\RMM\Desktop\Elev Cmd Pmpt.lnk 2012-08-16 22:12 - 2012-08-16 22:12 - 00003792 ____A C:\{97BD8F1A-6284-481E-BBF0-E3A50C4673B4} 2012-08-16 19:16 - 2012-08-16 19:16 - 00003720 ____A C:\{8FF1BC36-C401-45AF-8BBC-2F3C0617FA76} 2012-08-16 18:28 - 2012-08-16 18:28 - 00003760 ____A C:\{9B7B57C2-6A07-42EF-B7C3-DD56177B78E2} 2012-08-16 17:24 - 2012-08-16 17:24 - 00003760 ____A C:\{38CAEDBB-D3B6-4F27-AA3F-739BAE03DD39} 2012-08-16 17:23 - 2012-08-16 17:23 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{7FEB4892-BC97-4F0C-A0C0-E61B2AFBAB3D} 2012-08-16 17:23 - 2012-08-16 17:23 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{657D4874-07E7-41D2-A920-60E2C8BD0E55} 2012-08-16 17:23 - 2012-08-16 17:23 - 00000000 ____D C:\Users\RMM\Local Settings\{7FEB4892-BC97-4F0C-A0C0-E61B2AFBAB3D} 2012-08-16 17:23 - 2012-08-16 17:23 - 00000000 ____D C:\Users\RMM\Local Settings\{657D4874-07E7-41D2-A920-60E2C8BD0E55} 2012-08-16 17:23 - 2012-08-16 17:23 - 00000000 ____D C:\Users\RMM\AppData\Local\{7FEB4892-BC97-4F0C-A0C0-E61B2AFBAB3D} 2012-08-16 17:23 - 2012-08-16 17:23 - 00000000 ____D C:\Users\RMM\AppData\Local\{657D4874-07E7-41D2-A920-60E2C8BD0E55} 2012-08-16 17:00 - 2012-08-16 17:00 - 00003792 ____A C:\{1B5ED7CC-C2F5-4D13-8AEA-C43738DBD970} 2012-08-16 16:54 - 2012-08-16 16:54 - 00003760 ____A C:\{AFC8B51A-8808-44EE-A490-57D79F83B654} 2012-08-16 16:43 - 2012-08-16 16:43 - 00003760 ____A C:\{B5E60680-26A6-414B-AC0B-EC147D941ECD} 2012-08-16 16:28 - 2012-08-16 16:28 - 00003792 ____A C:\{924A804A-642C-468C-95A8-057C39B3A191} 2012-08-16 16:26 - 2012-08-16 16:26 - 00003760 ____A C:\{C4877D03-D463-402E-9F66-E1B5EFEEC6AC} 2012-08-16 16:24 - 2012-08-16 16:24 - 00003760 ____A C:\{5E9C62BB-DC5F-44C3-9C31-AD2C4D005624} 2012-08-16 16:23 - 2012-08-16 16:23 - 00003752 ____A C:\{3E430B90-8895-43E4-A52A-6F167DFCE4E4} 2012-08-16 16:21 - 2012-08-16 16:21 - 00003760 ____A C:\{A5974494-044E-432C-A6D1-41279C05C090} 2012-08-16 16:19 - 2012-08-16 16:19 - 00003792 ____A C:\{E1616212-E3A9-488C-ACAC-BCD28FBFD2B6} 2012-08-16 16:17 - 2012-08-16 16:17 - 00003760 ____A C:\{08B1F027-9D8B-40FA-B55D-509484305936} 2012-08-16 15:12 - 2012-08-16 15:12 - 00000000 ____D C:\Users\RMM\Application Data\Malwarebytes 2012-08-16 15:12 - 2012-08-16 15:12 - 00000000 ____D C:\Users\RMM\AppData\Roaming\Malwarebytes 2012-08-16 15:12 - 2012-08-16 15:12 - 00000000 ____D C:\Users\All Users\Malwarebytes 2012-08-16 15:12 - 2012-08-16 15:12 - 00000000 ____D C:\Users\All Users\Application Data\Malwarebytes 2012-08-16 15:12 - 2012-08-16 15:12 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-08-16 15:12 - 2012-07-03 14:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-08-16 15:10 - 2012-08-16 15:11 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\RMM\Downloads\mbam-setup-1.62.0.1300.exe 2012-08-15 16:45 - 2012-08-15 19:00 - 00000476 ____A C:\Windows\Tasks\PC Utility Kit Registration3.job 2012-08-15 16:45 - 2012-08-15 16:45 - 00000000 ____D C:\Users\RMM\Application Data\PC Utility Kit 2012-08-15 16:45 - 2012-08-15 16:45 - 00000000 ____D C:\Users\RMM\Application Data\DriverCure 2012-08-15 16:45 - 2012-08-15 16:45 - 00000000 ____D C:\Users\RMM\AppData\Roaming\PC Utility Kit 2012-08-15 16:45 - 2012-08-15 16:45 - 00000000 ____D C:\Users\RMM\AppData\Roaming\DriverCure 2012-08-15 16:44 - 2012-08-16 17:20 - 00000442 ____A C:\Windows\Tasks\PC Utility Kit Update3.job 2012-08-15 16:44 - 2012-08-16 17:20 - 00000440 ____A C:\Windows\Tasks\PC Utility Kit.job 2012-08-15 16:44 - 2012-08-15 16:44 - 00001234 ____A C:\Users\RMM\Desktop\PC Utility Kit.lnk 2012-08-15 16:44 - 2012-08-15 16:44 - 00000000 ____D C:\Users\All Users\PC Utility Kit 2012-08-15 16:44 - 2012-08-15 16:44 - 00000000 ____D C:\Users\All Users\Application Data\PC Utility Kit 2012-08-15 16:44 - 2012-08-15 16:44 - 00000000 ____D C:\Program Files (x86)\PC Utility Kit 2012-08-15 16:36 - 2012-08-15 16:37 - 04765704 ____A (Red Dog Media, Inc.) C:\Users\RMM\Downloads\PC Utility Kit Installer.exe 2012-08-15 16:34 - 2012-08-15 16:34 - 00003760 ____A C:\{DB641AAF-55E2-42C9-A9ED-757B07662B39} 2012-08-15 16:06 - 2012-08-15 16:06 - 00002114 ____A C:\Users\RMM\Desktop\aswMBR.txt 2012-08-15 16:06 - 2012-08-15 16:06 - 00000512 ____A C:\Users\RMM\Desktop\MBR.dat 2012-08-15 16:02 - 2012-08-15 16:02 - 00000000 __SHD C:\Windows\ftpcache 2012-08-15 16:02 - 2012-08-15 16:02 - 00000000 ____D C:\Windows\Downloaded Installations 2012-08-15 15:47 - 2012-08-15 15:47 - 00003760 ____A C:\{1C072F82-80CD-485B-83D5-52CBA779E41A} 2012-08-15 15:45 - 2012-08-15 15:45 - 00003792 ____A C:\{FC5F50EA-8B5D-455A-893A-FFBF42C2EB25} 2012-08-15 15:38 - 2012-08-15 15:38 - 00003792 ____A C:\{7503E6A2-FC1E-4F37-98DB-F29268D1701A} 2012-08-15 15:37 - 2012-08-15 15:37 - 00003760 ____A C:\{92A78B61-AC8A-4D9B-A314-B5E6CE7F7DA1} 2012-08-15 15:31 - 2012-08-15 15:31 - 00003792 ____A C:\{AD996293-A8AB-481A-B42A-DA33FBD9C63F} 2012-08-15 15:30 - 2012-08-15 15:30 - 00003760 ____A C:\{DC8BE0B0-42F6-457C-85D7-C10A9E9D660F} 2012-08-15 15:16 - 2012-08-15 15:16 - 00000856 ____A C:\Users\RMM\Downloads\Downloads - Shortcut.lnk 2012-08-15 14:24 - 2012-08-15 14:26 - 04731392 ____A (AVAST Software) C:\Users\RMM\Downloads\aswMBR.exe 2012-08-15 14:22 - 2012-08-15 14:22 - 00003792 ____A C:\{5963860B-E195-4BBA-AB90-9B7E7C3671A7} 2012-08-15 13:42 - 2012-08-15 13:42 - 00003720 ____A C:\{4C3147A9-BC32-4899-8D6F-8A047FA0EED5} 2012-08-15 12:38 - 2012-08-15 12:38 - 00003760 ____A C:\{0CF61C86-FE61-4A64-9937-66E5919030E5} 2012-08-15 09:45 - 2012-08-15 09:45 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{A637E329-1310-49F7-8F38-4569D17FDB61} 2012-08-15 09:45 - 2012-08-15 09:45 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{9697EFFD-403C-4745-A91D-41600FE071B6} 2012-08-15 09:45 - 2012-08-15 09:45 - 00000000 ____D C:\Users\RMM\Local Settings\{A637E329-1310-49F7-8F38-4569D17FDB61} 2012-08-15 09:45 - 2012-08-15 09:45 - 00000000 ____D C:\Users\RMM\Local Settings\{9697EFFD-403C-4745-A91D-41600FE071B6} 2012-08-15 09:45 - 2012-08-15 09:45 - 00000000 ____D C:\Users\RMM\AppData\Local\{A637E329-1310-49F7-8F38-4569D17FDB61} 2012-08-15 09:45 - 2012-08-15 09:45 - 00000000 ____D C:\Users\RMM\AppData\Local\{9697EFFD-403C-4745-A91D-41600FE071B6} 2012-08-14 22:48 - 2012-08-14 22:48 - 00003792 ____A C:\{FB76A57B-1113-452C-B6B9-93F335A15D8F} 2012-08-14 22:28 - 2012-04-17 21:13 - 00043640 ___RA (Symantec Corporation) C:\Windows\System32\Drivers\SymIMV.sys 2012-08-14 22:23 - 2012-08-14 22:23 - 00003720 ____A C:\{B4109F30-66E0-49E2-B6D2-1CC0F13EA7C7} 2012-08-14 22:01 - 2012-08-14 22:01 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA% 2012-08-14 21:49 - 2012-08-14 21:49 - 00023769 ____A C:\Users\RMM\Desktop\HP Installation Failure - MSI 1603.hta 2012-08-14 21:48 - 2012-08-14 21:48 - 00000057 ____A C:\Users\All Users\Application Data\Ament.ini 2012-08-14 21:48 - 2012-08-14 21:48 - 00000057 ____A C:\Users\All Users\Ament.ini 2012-08-14 21:41 - 2012-08-14 21:42 - 54097776 ____A C:\Users\RMM\Downloads\PSB210_231.exe 2012-08-14 21:24 - 2012-08-14 21:24 - 00003760 ____A C:\{BBD3734D-E889-43B0-A857-B4CC06C8EA78} 2012-08-14 21:18 - 2012-08-14 21:18 - 00003760 ____A C:\{50FA2A9F-E2A9-4322-91ED-E81D59F4FEC5} 2012-08-14 14:31 - 2012-08-14 14:31 - 04755448 ____A C:\Users\RMM\Downloads\HPPSdr(4).exe 2012-08-14 13:54 - 2012-08-14 13:54 - 04755448 ____A C:\Users\RMM\Downloads\HPPSdr(3).exe 2012-08-14 13:53 - 2012-08-14 13:53 - 04755448 ____A C:\Users\RMM\Downloads\HPPSdr(2).exe 2012-08-14 13:35 - 2012-08-14 13:35 - 00003760 ____A C:\{ED9F493B-59B8-417B-A4DA-C0D2B8B3199B} 2012-08-14 13:25 - 2012-08-14 13:25 - 04755448 ____A C:\Users\RMM\Downloads\HPPSdr.exe 2012-08-14 13:18 - 2012-08-14 13:18 - 00003792 ____A C:\{FFDB7126-BC32-4C79-B49C-9C3E16D3B044} 2012-08-14 12:13 - 2012-08-14 12:14 - 00003760 ____A C:\{321D1C4C-872E-4658-A7D8-43653EC0844F} 2012-08-14 12:05 - 2012-08-14 12:05 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{FA1CF1D2-FD66-483E-9FA2-E72BFED0CEF4} 2012-08-14 12:05 - 2012-08-14 12:05 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{A659029B-D9FD-42A8-BE71-C9081FA369DF} 2012-08-14 12:05 - 2012-08-14 12:05 - 00000000 ____D C:\Users\RMM\Local Settings\{FA1CF1D2-FD66-483E-9FA2-E72BFED0CEF4} 2012-08-14 12:05 - 2012-08-14 12:05 - 00000000 ____D C:\Users\RMM\Local Settings\{A659029B-D9FD-42A8-BE71-C9081FA369DF} 2012-08-14 12:05 - 2012-08-14 12:05 - 00000000 ____D C:\Users\RMM\AppData\Local\{FA1CF1D2-FD66-483E-9FA2-E72BFED0CEF4} 2012-08-14 12:05 - 2012-08-14 12:05 - 00000000 ____D C:\Users\RMM\AppData\Local\{A659029B-D9FD-42A8-BE71-C9081FA369DF} 2012-08-14 11:12 - 2012-08-16 17:17 - 00000000 ____D C:\Users\RMM\Local Settings\NPE 2012-08-14 11:12 - 2012-08-16 17:17 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\NPE 2012-08-14 11:12 - 2012-08-16 17:17 - 00000000 ____D C:\Users\RMM\AppData\Local\NPE 2012-08-14 11:12 - 2012-08-14 11:12 - 02841104 ____A (Symantec Corporation) C:\Users\RMM\Downloads\NPE.exe 2012-08-14 11:06 - 2012-08-16 19:11 - 00027256 ____A (Symantec Corporation) C:\Windows\System32\Drivers\FixZeroAccess.sys 2012-08-14 11:05 - 2012-08-14 11:05 - 01805736 ____A (Symantec Corporation) C:\Users\RMM\Downloads\FixZeroAccess.exe 2012-08-14 00:04 - 2012-08-14 00:04 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{05DB830E-2A99-4969-9EA2-7F34FB8D1B3D} 2012-08-14 00:04 - 2012-08-14 00:04 - 00000000 ____D C:\Users\RMM\Local Settings\{05DB830E-2A99-4969-9EA2-7F34FB8D1B3D} 2012-08-14 00:04 - 2012-08-14 00:04 - 00000000 ____D C:\Users\RMM\AppData\Local\{05DB830E-2A99-4969-9EA2-7F34FB8D1B3D} 2012-08-13 08:45 - 2012-08-14 00:04 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{B9F73F73-B830-472A-B73C-16EFB047B9C7} 2012-08-13 08:45 - 2012-08-14 00:04 - 00000000 ____D C:\Users\RMM\Local Settings\{B9F73F73-B830-472A-B73C-16EFB047B9C7} 2012-08-13 08:45 - 2012-08-14 00:04 - 00000000 ____D C:\Users\RMM\AppData\Local\{B9F73F73-B830-472A-B73C-16EFB047B9C7} 2012-08-13 08:45 - 2012-08-13 08:45 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{89A2C94F-4866-4CC8-934D-0F92B4B76518} 2012-08-13 08:45 - 2012-08-13 08:45 - 00000000 ____D C:\Users\RMM\Local Settings\{89A2C94F-4866-4CC8-934D-0F92B4B76518} 2012-08-13 08:45 - 2012-08-13 08:45 - 00000000 ____D C:\Users\RMM\AppData\Local\{89A2C94F-4866-4CC8-934D-0F92B4B76518} 2012-08-12 11:17 - 2012-08-12 11:17 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{F6F60CF3-E7B5-4460-BA5E-7C50E4880127} 2012-08-12 11:17 - 2012-08-12 11:17 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{99FFF4B5-2A37-4FEF-9202-3C2078AB6309} 2012-08-12 11:17 - 2012-08-12 11:17 - 00000000 ____D C:\Users\RMM\Local Settings\{F6F60CF3-E7B5-4460-BA5E-7C50E4880127} 2012-08-12 11:17 - 2012-08-12 11:17 - 00000000 ____D C:\Users\RMM\Local Settings\{99FFF4B5-2A37-4FEF-9202-3C2078AB6309} 2012-08-12 11:17 - 2012-08-12 11:17 - 00000000 ____D C:\Users\RMM\AppData\Local\{F6F60CF3-E7B5-4460-BA5E-7C50E4880127} 2012-08-12 11:17 - 2012-08-12 11:17 - 00000000 ____D C:\Users\RMM\AppData\Local\{99FFF4B5-2A37-4FEF-9202-3C2078AB6309} 2012-08-11 23:14 - 2012-08-11 23:14 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{F0328180-0ECD-4A21-A37C-FF946F2765EE} 2012-08-11 23:14 - 2012-08-11 23:14 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{09554217-218F-4D25-90E4-4F81B6C0DDD5} 2012-08-11 23:14 - 2012-08-11 23:14 - 00000000 ____D C:\Users\RMM\Local Settings\{F0328180-0ECD-4A21-A37C-FF946F2765EE} 2012-08-11 23:14 - 2012-08-11 23:14 - 00000000 ____D C:\Users\RMM\Local Settings\{09554217-218F-4D25-90E4-4F81B6C0DDD5} 2012-08-11 23:14 - 2012-08-11 23:14 - 00000000 ____D C:\Users\RMM\AppData\Local\{F0328180-0ECD-4A21-A37C-FF946F2765EE} 2012-08-11 23:14 - 2012-08-11 23:14 - 00000000 ____D C:\Users\RMM\AppData\Local\{09554217-218F-4D25-90E4-4F81B6C0DDD5} 2012-08-11 17:52 - 2012-08-11 17:52 - 00000000 ___HD C:\Windows\AxInstSV 2012-08-11 11:14 - 2012-08-11 11:14 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{837D1F1C-3597-41B3-A30C-07A708DAF902} 2012-08-11 11:14 - 2012-08-11 11:14 - 00000000 ____D C:\Users\RMM\Local Settings\{837D1F1C-3597-41B3-A30C-07A708DAF902} 2012-08-11 11:14 - 2012-08-11 11:14 - 00000000 ____D C:\Users\RMM\AppData\Local\{837D1F1C-3597-41B3-A30C-07A708DAF902} 2012-08-11 11:13 - 2012-08-11 11:14 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{F882A269-9FDD-4815-A2D6-E83B1E8D84C1} 2012-08-11 11:13 - 2012-08-11 11:14 - 00000000 ____D C:\Users\RMM\Local Settings\{F882A269-9FDD-4815-A2D6-E83B1E8D84C1} 2012-08-11 11:13 - 2012-08-11 11:14 - 00000000 ____D C:\Users\RMM\AppData\Local\{F882A269-9FDD-4815-A2D6-E83B1E8D84C1} 2012-08-10 23:13 - 2012-08-10 23:13 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{119B9C3A-093C-47A5-B24A-5DE1FAD9E1E4} 2012-08-10 23:13 - 2012-08-10 23:13 - 00000000 ____D C:\Users\RMM\Local Settings\{119B9C3A-093C-47A5-B24A-5DE1FAD9E1E4} 2012-08-10 23:13 - 2012-08-10 23:13 - 00000000 ____D C:\Users\RMM\AppData\Local\{119B9C3A-093C-47A5-B24A-5DE1FAD9E1E4} 2012-08-10 09:22 - 2012-08-10 23:13 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{AC115FEE-ED27-4B62-A56E-9F59D7DCDA12} 2012-08-10 09:22 - 2012-08-10 23:13 - 00000000 ____D C:\Users\RMM\Local Settings\{AC115FEE-ED27-4B62-A56E-9F59D7DCDA12} 2012-08-10 09:22 - 2012-08-10 23:13 - 00000000 ____D C:\Users\RMM\AppData\Local\{AC115FEE-ED27-4B62-A56E-9F59D7DCDA12} 2012-08-10 09:22 - 2012-08-10 09:23 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{E9C68CDF-6D2F-4D7F-A845-31C93F6BBEB1} 2012-08-10 09:22 - 2012-08-10 09:23 - 00000000 ____D C:\Users\RMM\Local Settings\{E9C68CDF-6D2F-4D7F-A845-31C93F6BBEB1} 2012-08-10 09:22 - 2012-08-10 09:23 - 00000000 ____D C:\Users\RMM\AppData\Local\{E9C68CDF-6D2F-4D7F-A845-31C93F6BBEB1} 2012-08-09 21:18 - 2012-08-09 21:18 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{3E5898FE-CC5A-4AB8-91CB-D510FC7394D1} 2012-08-09 21:18 - 2012-08-09 21:18 - 00000000 ____D C:\Users\RMM\Local Settings\{3E5898FE-CC5A-4AB8-91CB-D510FC7394D1} 2012-08-09 21:18 - 2012-08-09 21:18 - 00000000 ____D C:\Users\RMM\AppData\Local\{3E5898FE-CC5A-4AB8-91CB-D510FC7394D1} 2012-08-09 09:18 - 2012-08-09 21:18 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{D9885B25-37DF-49CD-83DF-FBCECD18C2FB} 2012-08-09 09:18 - 2012-08-09 21:18 - 00000000 ____D C:\Users\RMM\Local Settings\{D9885B25-37DF-49CD-83DF-FBCECD18C2FB} 2012-08-09 09:18 - 2012-08-09 21:18 - 00000000 ____D C:\Users\RMM\AppData\Local\{D9885B25-37DF-49CD-83DF-FBCECD18C2FB} 2012-08-09 09:18 - 2012-08-09 09:18 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{991CF80A-6D78-4746-9592-18C07DE0D60F} 2012-08-09 09:18 - 2012-08-09 09:18 - 00000000 ____D C:\Users\RMM\Local Settings\{991CF80A-6D78-4746-9592-18C07DE0D60F} 2012-08-09 09:18 - 2012-08-09 09:18 - 00000000 ____D C:\Users\RMM\AppData\Local\{991CF80A-6D78-4746-9592-18C07DE0D60F} 2012-08-08 12:27 - 2012-08-08 12:27 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{675CBA03-E7C3-41B3-9C13-0F40A5586FFF} 2012-08-08 12:27 - 2012-08-08 12:27 - 00000000 ____D C:\Users\RMM\Local Settings\{675CBA03-E7C3-41B3-9C13-0F40A5586FFF} 2012-08-08 12:27 - 2012-08-08 12:27 - 00000000 ____D C:\Users\RMM\AppData\Local\{675CBA03-E7C3-41B3-9C13-0F40A5586FFF} 2012-08-08 12:26 - 2012-08-08 12:27 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{F60F0D4B-06AF-4DEF-8B75-8D53D5F92673} 2012-08-08 12:26 - 2012-08-08 12:27 - 00000000 ____D C:\Users\RMM\Local Settings\{F60F0D4B-06AF-4DEF-8B75-8D53D5F92673} 2012-08-08 12:26 - 2012-08-08 12:27 - 00000000 ____D C:\Users\RMM\AppData\Local\{F60F0D4B-06AF-4DEF-8B75-8D53D5F92673} 2012-08-08 00:26 - 2012-08-08 00:26 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{D67EA215-9F25-4610-9A89-FA536602AF56} 2012-08-08 00:26 - 2012-08-08 00:26 - 00000000 ____D C:\Users\RMM\Local Settings\{D67EA215-9F25-4610-9A89-FA536602AF56} 2012-08-08 00:26 - 2012-08-08 00:26 - 00000000 ____D C:\Users\RMM\AppData\Local\{D67EA215-9F25-4610-9A89-FA536602AF56} 2012-08-07 12:25 - 2012-08-08 00:26 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{76CB3C6B-97C6-4AF3-AA21-3965DBB2B1F3} 2012-08-07 12:25 - 2012-08-08 00:26 - 00000000 ____D C:\Users\RMM\Local Settings\{76CB3C6B-97C6-4AF3-AA21-3965DBB2B1F3} 2012-08-07 12:25 - 2012-08-08 00:26 - 00000000 ____D C:\Users\RMM\AppData\Local\{76CB3C6B-97C6-4AF3-AA21-3965DBB2B1F3} 2012-08-07 12:25 - 2012-08-07 12:26 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{2B39B171-CE07-41FD-BBE6-2BF2DBF389FD} 2012-08-07 12:25 - 2012-08-07 12:26 - 00000000 ____D C:\Users\RMM\Local Settings\{2B39B171-CE07-41FD-BBE6-2BF2DBF389FD} 2012-08-07 12:25 - 2012-08-07 12:26 - 00000000 ____D C:\Users\RMM\AppData\Local\{2B39B171-CE07-41FD-BBE6-2BF2DBF389FD} 2012-08-07 00:25 - 2012-08-07 00:25 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{593B54A5-82EA-44D3-BA96-2CC0017D55EF} 2012-08-07 00:25 - 2012-08-07 00:25 - 00000000 ____D C:\Users\RMM\Local Settings\{593B54A5-82EA-44D3-BA96-2CC0017D55EF} 2012-08-07 00:25 - 2012-08-07 00:25 - 00000000 ____D C:\Users\RMM\AppData\Local\{593B54A5-82EA-44D3-BA96-2CC0017D55EF} 2012-08-06 12:24 - 2012-08-07 00:25 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{91D3D61E-800A-495E-B315-62E7D04D5377} 2012-08-06 12:24 - 2012-08-07 00:25 - 00000000 ____D C:\Users\RMM\Local Settings\{91D3D61E-800A-495E-B315-62E7D04D5377} 2012-08-06 12:24 - 2012-08-07 00:25 - 00000000 ____D C:\Users\RMM\AppData\Local\{91D3D61E-800A-495E-B315-62E7D04D5377} 2012-08-06 12:24 - 2012-08-06 12:24 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{5633E9FE-3E8D-4D58-BDA8-9DC77EF82D3E} 2012-08-06 12:24 - 2012-08-06 12:24 - 00000000 ____D C:\Users\RMM\Local Settings\{5633E9FE-3E8D-4D58-BDA8-9DC77EF82D3E} 2012-08-06 12:24 - 2012-08-06 12:24 - 00000000 ____D C:\Users\RMM\AppData\Local\{5633E9FE-3E8D-4D58-BDA8-9DC77EF82D3E} 2012-08-06 00:24 - 2012-08-06 00:24 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{FDB91CF9-3094-46E1-B264-FB81B1B93C0E} 2012-08-06 00:24 - 2012-08-06 00:24 - 00000000 ____D C:\Users\RMM\Local Settings\{FDB91CF9-3094-46E1-B264-FB81B1B93C0E} 2012-08-06 00:24 - 2012-08-06 00:24 - 00000000 ____D C:\Users\RMM\AppData\Local\{FDB91CF9-3094-46E1-B264-FB81B1B93C0E} 2012-08-06 00:23 - 2012-08-06 00:24 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{3F0D996E-6247-4B0F-B818-3999076A925D} 2012-08-06 00:23 - 2012-08-06 00:24 - 00000000 ____D C:\Users\RMM\Local Settings\{3F0D996E-6247-4B0F-B818-3999076A925D} 2012-08-06 00:23 - 2012-08-06 00:24 - 00000000 ____D C:\Users\RMM\AppData\Local\{3F0D996E-6247-4B0F-B818-3999076A925D} 2012-08-05 09:40 - 2012-08-05 09:40 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{1D300A15-51E3-4990-BE39-C0CE1BD5EBC7} 2012-08-05 09:40 - 2012-08-05 09:40 - 00000000 ____D C:\Users\RMM\Local Settings\{1D300A15-51E3-4990-BE39-C0CE1BD5EBC7} 2012-08-05 09:40 - 2012-08-05 09:40 - 00000000 ____D C:\Users\RMM\AppData\Local\{1D300A15-51E3-4990-BE39-C0CE1BD5EBC7} 2012-08-05 09:39 - 2012-08-05 09:40 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{8474DDF2-EAD0-459C-B40F-B8277E36432B} 2012-08-05 09:39 - 2012-08-05 09:40 - 00000000 ____D C:\Users\RMM\Local Settings\{8474DDF2-EAD0-459C-B40F-B8277E36432B} 2012-08-05 09:39 - 2012-08-05 09:40 - 00000000 ____D C:\Users\RMM\AppData\Local\{8474DDF2-EAD0-459C-B40F-B8277E36432B} 2012-08-04 12:47 - 2012-08-04 12:48 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{463D5658-B30B-42B3-8E5D-2030832BC0E8} 2012-08-04 12:47 - 2012-08-04 12:48 - 00000000 ____D C:\Users\RMM\Local Settings\{463D5658-B30B-42B3-8E5D-2030832BC0E8} 2012-08-04 12:47 - 2012-08-04 12:48 - 00000000 ____D C:\Users\RMM\AppData\Local\{463D5658-B30B-42B3-8E5D-2030832BC0E8} 2012-08-04 12:47 - 2012-08-04 12:47 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{28F7CEF4-E731-479D-AF05-59F0ED2C2787} 2012-08-04 12:47 - 2012-08-04 12:47 - 00000000 ____D C:\Users\RMM\Local Settings\{28F7CEF4-E731-479D-AF05-59F0ED2C2787} 2012-08-04 12:47 - 2012-08-04 12:47 - 00000000 ____D C:\Users\RMM\AppData\Local\{28F7CEF4-E731-479D-AF05-59F0ED2C2787} 2012-08-04 00:47 - 2012-08-04 00:47 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{F8A91784-BA0E-48A2-B46E-0CC2988CC242} 2012-08-04 00:47 - 2012-08-04 00:47 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{DB4EA400-5C5B-4B32-B397-8DE70B21C33B} 2012-08-04 00:47 - 2012-08-04 00:47 - 00000000 ____D C:\Users\RMM\Local Settings\{F8A91784-BA0E-48A2-B46E-0CC2988CC242} 2012-08-04 00:47 - 2012-08-04 00:47 - 00000000 ____D C:\Users\RMM\Local Settings\{DB4EA400-5C5B-4B32-B397-8DE70B21C33B} 2012-08-04 00:47 - 2012-08-04 00:47 - 00000000 ____D C:\Users\RMM\AppData\Local\{F8A91784-BA0E-48A2-B46E-0CC2988CC242} 2012-08-04 00:47 - 2012-08-04 00:47 - 00000000 ____D C:\Users\RMM\AppData\Local\{DB4EA400-5C5B-4B32-B397-8DE70B21C33B} 2012-08-03 12:16 - 2012-08-03 12:16 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{6B057843-2ACA-4A9A-AE30-4DBC774971C2} 2012-08-03 12:16 - 2012-08-03 12:16 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{52D300EF-52F5-4D3B-859E-2C4631FDD93D} 2012-08-03 12:16 - 2012-08-03 12:16 - 00000000 ____D C:\Users\RMM\Local Settings\{6B057843-2ACA-4A9A-AE30-4DBC774971C2} 2012-08-03 12:16 - 2012-08-03 12:16 - 00000000 ____D C:\Users\RMM\Local Settings\{52D300EF-52F5-4D3B-859E-2C4631FDD93D} 2012-08-03 12:16 - 2012-08-03 12:16 - 00000000 ____D C:\Users\RMM\AppData\Local\{6B057843-2ACA-4A9A-AE30-4DBC774971C2} 2012-08-03 12:16 - 2012-08-03 12:16 - 00000000 ____D C:\Users\RMM\AppData\Local\{52D300EF-52F5-4D3B-859E-2C4631FDD93D} 2012-08-03 00:15 - 2012-08-03 00:16 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{4DA5AD36-5D87-47B2-BBAC-E4000FCA7BFC} 2012-08-03 00:15 - 2012-08-03 00:16 - 00000000 ____D C:\Users\RMM\Local Settings\{4DA5AD36-5D87-47B2-BBAC-E4000FCA7BFC} 2012-08-03 00:15 - 2012-08-03 00:16 - 00000000 ____D C:\Users\RMM\AppData\Local\{4DA5AD36-5D87-47B2-BBAC-E4000FCA7BFC} 2012-08-02 08:46 - 2012-08-03 00:15 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{34FFEAFE-29B4-40E4-9A72-DFCAFFA9C2E3} 2012-08-02 08:46 - 2012-08-03 00:15 - 00000000 ____D C:\Users\RMM\Local Settings\{34FFEAFE-29B4-40E4-9A72-DFCAFFA9C2E3} 2012-08-02 08:46 - 2012-08-03 00:15 - 00000000 ____D C:\Users\RMM\AppData\Local\{34FFEAFE-29B4-40E4-9A72-DFCAFFA9C2E3} 2012-08-02 08:46 - 2012-08-02 08:46 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{0940972B-E206-43CC-AC82-2E09491CA6FA} 2012-08-02 08:46 - 2012-08-02 08:46 - 00000000 ____D C:\Users\RMM\Local Settings\{0940972B-E206-43CC-AC82-2E09491CA6FA} 2012-08-02 08:46 - 2012-08-02 08:46 - 00000000 ____D C:\Users\RMM\AppData\Local\{0940972B-E206-43CC-AC82-2E09491CA6FA} 2012-08-01 13:15 - 2012-08-01 13:15 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{96EC2E17-4384-46FE-ACE0-FC5842A59C14} 2012-08-01 13:15 - 2012-08-01 13:15 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{60117C8A-9AD0-4919-B211-476FC6083680} 2012-08-01 13:15 - 2012-08-01 13:15 - 00000000 ____D C:\Users\RMM\Local Settings\{96EC2E17-4384-46FE-ACE0-FC5842A59C14} 2012-08-01 13:15 - 2012-08-01 13:15 - 00000000 ____D C:\Users\RMM\Local Settings\{60117C8A-9AD0-4919-B211-476FC6083680} 2012-08-01 13:15 - 2012-08-01 13:15 - 00000000 ____D C:\Users\RMM\AppData\Local\{96EC2E17-4384-46FE-ACE0-FC5842A59C14} 2012-08-01 13:15 - 2012-08-01 13:15 - 00000000 ____D C:\Users\RMM\AppData\Local\{60117C8A-9AD0-4919-B211-476FC6083680} 2012-08-01 00:01 - 2012-08-01 00:01 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{3F0F3C9E-6870-4426-B90A-0A1BA1346D86} 2012-08-01 00:01 - 2012-08-01 00:01 - 00000000 ____D C:\Users\RMM\Local Settings\{3F0F3C9E-6870-4426-B90A-0A1BA1346D86} 2012-08-01 00:01 - 2012-08-01 00:01 - 00000000 ____D C:\Users\RMM\AppData\Local\{3F0F3C9E-6870-4426-B90A-0A1BA1346D86} 2012-07-31 10:32 - 2012-08-01 00:01 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{B09D69B9-F64B-4E78-8659-C1535B5327E0} 2012-07-31 10:32 - 2012-08-01 00:01 - 00000000 ____D C:\Users\RMM\Local Settings\{B09D69B9-F64B-4E78-8659-C1535B5327E0} 2012-07-31 10:32 - 2012-08-01 00:01 - 00000000 ____D C:\Users\RMM\AppData\Local\{B09D69B9-F64B-4E78-8659-C1535B5327E0} 2012-07-31 10:32 - 2012-07-31 10:32 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{79207371-F4B0-42D6-90A6-6792E2B2D1F1} 2012-07-31 10:32 - 2012-07-31 10:32 - 00000000 ____D C:\Users\RMM\Local Settings\{79207371-F4B0-42D6-90A6-6792E2B2D1F1} 2012-07-31 10:32 - 2012-07-31 10:32 - 00000000 ____D C:\Users\RMM\AppData\Local\{79207371-F4B0-42D6-90A6-6792E2B2D1F1} 2012-07-30 22:31 - 2012-07-30 22:32 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{13967209-734A-46EE-8378-F75FC02BFEFB} 2012-07-30 22:31 - 2012-07-30 22:32 - 00000000 ____D C:\Users\RMM\Local Settings\{13967209-734A-46EE-8378-F75FC02BFEFB} 2012-07-30 22:31 - 2012-07-30 22:32 - 00000000 ____D C:\Users\RMM\AppData\Local\{13967209-734A-46EE-8378-F75FC02BFEFB} 2012-07-30 10:31 - 2012-07-30 22:31 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{A9B999A4-00BA-4D85-B94B-D4A4ADC08EF8} 2012-07-30 10:31 - 2012-07-30 22:31 - 00000000 ____D C:\Users\RMM\Local Settings\{A9B999A4-00BA-4D85-B94B-D4A4ADC08EF8} 2012-07-30 10:31 - 2012-07-30 22:31 - 00000000 ____D C:\Users\RMM\AppData\Local\{A9B999A4-00BA-4D85-B94B-D4A4ADC08EF8} 2012-07-30 10:31 - 2012-07-30 10:31 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{7D5DD3AC-B5EE-4962-86EA-D98BB26D8C2C} 2012-07-30 10:31 - 2012-07-30 10:31 - 00000000 ____D C:\Users\RMM\Local Settings\{7D5DD3AC-B5EE-4962-86EA-D98BB26D8C2C} 2012-07-30 10:31 - 2012-07-30 10:31 - 00000000 ____D C:\Users\RMM\AppData\Local\{7D5DD3AC-B5EE-4962-86EA-D98BB26D8C2C} 2012-07-29 22:30 - 2012-07-29 22:31 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{ED4CD015-95E9-4D1E-A1A9-15375DD5EFEB} 2012-07-29 22:30 - 2012-07-29 22:31 - 00000000 ____D C:\Users\RMM\Local Settings\{ED4CD015-95E9-4D1E-A1A9-15375DD5EFEB} 2012-07-29 22:30 - 2012-07-29 22:31 - 00000000 ____D C:\Users\RMM\AppData\Local\{ED4CD015-95E9-4D1E-A1A9-15375DD5EFEB} 2012-07-29 10:30 - 2012-07-29 22:30 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{0624BC34-907A-4F4B-9306-AE9A37580D04} 2012-07-29 10:30 - 2012-07-29 22:30 - 00000000 ____D C:\Users\RMM\Local Settings\{0624BC34-907A-4F4B-9306-AE9A37580D04} 2012-07-29 10:30 - 2012-07-29 22:30 - 00000000 ____D C:\Users\RMM\AppData\Local\{0624BC34-907A-4F4B-9306-AE9A37580D04} 2012-07-29 10:30 - 2012-07-29 10:30 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{39D7EA90-31E8-43F4-BB89-04EB06D8A4E3} 2012-07-29 10:30 - 2012-07-29 10:30 - 00000000 ____D C:\Users\RMM\Local Settings\{39D7EA90-31E8-43F4-BB89-04EB06D8A4E3} 2012-07-29 10:30 - 2012-07-29 10:30 - 00000000 ____D C:\Users\RMM\AppData\Local\{39D7EA90-31E8-43F4-BB89-04EB06D8A4E3} 2012-07-28 22:29 - 2012-07-28 22:30 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{6C4A065D-3118-420D-A326-6D4D1BAAD61F} 2012-07-28 22:29 - 2012-07-28 22:30 - 00000000 ____D C:\Users\RMM\Local Settings\{6C4A065D-3118-420D-A326-6D4D1BAAD61F} 2012-07-28 22:29 - 2012-07-28 22:30 - 00000000 ____D C:\Users\RMM\AppData\Local\{6C4A065D-3118-420D-A326-6D4D1BAAD61F} 2012-07-28 22:29 - 2012-07-28 22:29 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{3CC97B82-DAEF-4309-A3AF-A9EB65D84CA1} 2012-07-28 22:29 - 2012-07-28 22:29 - 00000000 ____D C:\Users\RMM\Local Settings\{3CC97B82-DAEF-4309-A3AF-A9EB65D84CA1} 2012-07-28 22:29 - 2012-07-28 22:29 - 00000000 ____D C:\Users\RMM\AppData\Local\{3CC97B82-DAEF-4309-A3AF-A9EB65D84CA1} 2012-07-28 10:29 - 2012-07-28 10:29 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{EBE28A12-BD75-447B-B9ED-220B04132C69} 2012-07-28 10:29 - 2012-07-28 10:29 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{51DDDA2E-2F45-467B-AA5E-9C06AF4E78B8} 2012-07-28 10:29 - 2012-07-28 10:29 - 00000000 ____D C:\Users\RMM\Local Settings\{EBE28A12-BD75-447B-B9ED-220B04132C69} 2012-07-28 10:29 - 2012-07-28 10:29 - 00000000 ____D C:\Users\RMM\Local Settings\{51DDDA2E-2F45-467B-AA5E-9C06AF4E78B8} 2012-07-28 10:29 - 2012-07-28 10:29 - 00000000 ____D C:\Users\RMM\AppData\Local\{EBE28A12-BD75-447B-B9ED-220B04132C69} 2012-07-28 10:29 - 2012-07-28 10:29 - 00000000 ____D C:\Users\RMM\AppData\Local\{51DDDA2E-2F45-467B-AA5E-9C06AF4E78B8} 2012-07-27 12:51 - 2012-07-27 12:51 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{4E0A70B0-5A67-418D-83BA-C1DE9DCAA350} 2012-07-27 12:51 - 2012-07-27 12:51 - 00000000 ____D C:\Users\RMM\Local Settings\{4E0A70B0-5A67-418D-83BA-C1DE9DCAA350} 2012-07-27 12:51 - 2012-07-27 12:51 - 00000000 ____D C:\Users\RMM\AppData\Local\{4E0A70B0-5A67-418D-83BA-C1DE9DCAA350} 2012-07-27 12:50 - 2012-07-27 12:51 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{4751DAAB-8D45-4430-A540-0FF564C9799E} 2012-07-27 12:50 - 2012-07-27 12:51 - 00000000 ____D C:\Users\RMM\Local Settings\{4751DAAB-8D45-4430-A540-0FF564C9799E} 2012-07-27 12:50 - 2012-07-27 12:51 - 00000000 ____D C:\Users\RMM\AppData\Local\{4751DAAB-8D45-4430-A540-0FF564C9799E} 2012-07-27 00:50 - 2012-07-27 00:50 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{591F3CE8-744D-43AC-8040-1E1887FDA0C5} 2012-07-27 00:50 - 2012-07-27 00:50 - 00000000 ____D C:\Users\RMM\Local Settings\{591F3CE8-744D-43AC-8040-1E1887FDA0C5} 2012-07-27 00:50 - 2012-07-27 00:50 - 00000000 ____D C:\Users\RMM\AppData\Local\{591F3CE8-744D-43AC-8040-1E1887FDA0C5} 2012-07-26 11:06 - 2012-07-27 00:50 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{BE44E587-A7D0-4EE8-A3DD-18F05C6CAA05} 2012-07-26 11:06 - 2012-07-27 00:50 - 00000000 ____D C:\Users\RMM\Local Settings\{BE44E587-A7D0-4EE8-A3DD-18F05C6CAA05} 2012-07-26 11:06 - 2012-07-27 00:50 - 00000000 ____D C:\Users\RMM\AppData\Local\{BE44E587-A7D0-4EE8-A3DD-18F05C6CAA05} 2012-07-26 11:06 - 2012-07-26 11:06 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{1ED25BEE-AFF3-4E48-979D-C3F71CD01F48} 2012-07-26 11:06 - 2012-07-26 11:06 - 00000000 ____D C:\Users\RMM\Local Settings\{1ED25BEE-AFF3-4E48-979D-C3F71CD01F48} 2012-07-26 11:06 - 2012-07-26 11:06 - 00000000 ____D C:\Users\RMM\AppData\Local\{1ED25BEE-AFF3-4E48-979D-C3F71CD01F48} 2012-07-25 23:05 - 2012-07-25 23:06 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{5D92EC0E-D32E-4FD5-B387-4455B75B147A} 2012-07-25 23:05 - 2012-07-25 23:06 - 00000000 ____D C:\Users\RMM\Local Settings\{5D92EC0E-D32E-4FD5-B387-4455B75B147A} 2012-07-25 23:05 - 2012-07-25 23:06 - 00000000 ____D C:\Users\RMM\AppData\Local\{5D92EC0E-D32E-4FD5-B387-4455B75B147A} 2012-07-25 11:05 - 2012-07-25 23:05 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{25947CF4-129E-4F04-8B7B-F5C6C1F1D290} 2012-07-25 11:05 - 2012-07-25 23:05 - 00000000 ____D C:\Users\RMM\Local Settings\{25947CF4-129E-4F04-8B7B-F5C6C1F1D290} 2012-07-25 11:05 - 2012-07-25 23:05 - 00000000 ____D C:\Users\RMM\AppData\Local\{25947CF4-129E-4F04-8B7B-F5C6C1F1D290} 2012-07-25 11:05 - 2012-07-25 11:05 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{5F3E208D-29BA-494D-9D4E-A4CDF749AC63} 2012-07-25 11:05 - 2012-07-25 11:05 - 00000000 ____D C:\Users\RMM\Local Settings\{5F3E208D-29BA-494D-9D4E-A4CDF749AC63} 2012-07-25 11:05 - 2012-07-25 11:05 - 00000000 ____D C:\Users\RMM\AppData\Local\{5F3E208D-29BA-494D-9D4E-A4CDF749AC63} 2012-07-24 23:04 - 2012-07-24 23:05 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{2A306726-00D0-455E-9D20-0F7384B484BB} 2012-07-24 23:04 - 2012-07-24 23:05 - 00000000 ____D C:\Users\RMM\Local Settings\{2A306726-00D0-455E-9D20-0F7384B484BB} 2012-07-24 23:04 - 2012-07-24 23:05 - 00000000 ____D C:\Users\RMM\AppData\Local\{2A306726-00D0-455E-9D20-0F7384B484BB} 2012-07-24 11:04 - 2012-07-24 23:04 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{D05B55E7-7005-47F3-9105-570DAD623928} 2012-07-24 11:04 - 2012-07-24 23:04 - 00000000 ____D C:\Users\RMM\Local Settings\{D05B55E7-7005-47F3-9105-570DAD623928} 2012-07-24 11:04 - 2012-07-24 23:04 - 00000000 ____D C:\Users\RMM\AppData\Local\{D05B55E7-7005-47F3-9105-570DAD623928} 2012-07-24 11:04 - 2012-07-24 11:04 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{AE4DEE3D-2C59-4223-B77C-E57733C55994} 2012-07-24 11:04 - 2012-07-24 11:04 - 00000000 ____D C:\Users\RMM\Local Settings\{AE4DEE3D-2C59-4223-B77C-E57733C55994} 2012-07-24 11:04 - 2012-07-24 11:04 - 00000000 ____D C:\Users\RMM\AppData\Local\{AE4DEE3D-2C59-4223-B77C-E57733C55994} 2012-07-23 23:03 - 2012-07-23 23:03 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{C80711FD-DE96-4198-A832-25BBA3E7E453} 2012-07-23 23:03 - 2012-07-23 23:03 - 00000000 ____D C:\Users\RMM\Local Settings\{C80711FD-DE96-4198-A832-25BBA3E7E453} 2012-07-23 23:03 - 2012-07-23 23:03 - 00000000 ____D C:\Users\RMM\AppData\Local\{C80711FD-DE96-4198-A832-25BBA3E7E453} 2012-07-23 11:03 - 2012-07-23 23:03 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{85C1CAEF-D585-4298-AFEA-069813DCACC3} 2012-07-23 11:03 - 2012-07-23 23:03 - 00000000 ____D C:\Users\RMM\Local Settings\{85C1CAEF-D585-4298-AFEA-069813DCACC3} 2012-07-23 11:03 - 2012-07-23 23:03 - 00000000 ____D C:\Users\RMM\AppData\Local\{85C1CAEF-D585-4298-AFEA-069813DCACC3} 2012-07-23 11:03 - 2012-07-23 11:03 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{90DDC845-624E-46D5-BDAD-177F007D6CB0} 2012-07-23 11:03 - 2012-07-23 11:03 - 00000000 ____D C:\Users\RMM\Local Settings\{90DDC845-624E-46D5-BDAD-177F007D6CB0} 2012-07-23 11:03 - 2012-07-23 11:03 - 00000000 ____D C:\Users\RMM\AppData\Local\{90DDC845-624E-46D5-BDAD-177F007D6CB0} 2012-07-22 23:02 - 2012-07-22 23:02 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{AD726F8B-2977-400D-AFA0-7F836174ADE3} 2012-07-22 23:02 - 2012-07-22 23:02 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{4D60AC6A-E8BF-43CE-B354-0E0063DB2E4B} 2012-07-22 23:02 - 2012-07-22 23:02 - 00000000 ____D C:\Users\RMM\Local Settings\{AD726F8B-2977-400D-AFA0-7F836174ADE3} 2012-07-22 23:02 - 2012-07-22 23:02 - 00000000 ____D C:\Users\RMM\Local Settings\{4D60AC6A-E8BF-43CE-B354-0E0063DB2E4B} 2012-07-22 23:02 - 2012-07-22 23:02 - 00000000 ____D C:\Users\RMM\AppData\Local\{AD726F8B-2977-400D-AFA0-7F836174ADE3} 2012-07-22 23:02 - 2012-07-22 23:02 - 00000000 ____D C:\Users\RMM\AppData\Local\{4D60AC6A-E8BF-43CE-B354-0E0063DB2E4B} 2012-07-22 00:41 - 2012-07-22 00:41 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{D0650365-2E00-44B3-AD69-30377163F88E} 2012-07-22 00:41 - 2012-07-22 00:41 - 00000000 ____D C:\Users\RMM\Local Settings\{D0650365-2E00-44B3-AD69-30377163F88E} 2012-07-22 00:41 - 2012-07-22 00:41 - 00000000 ____D C:\Users\RMM\AppData\Local\{D0650365-2E00-44B3-AD69-30377163F88E} 2012-07-21 12:28 - 2012-07-21 12:28 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{9E895D5D-E94D-4142-A96E-81BEC88D8855} 2012-07-21 12:28 - 2012-07-21 12:28 - 00000000 ____D C:\Users\RMM\Local Settings\{9E895D5D-E94D-4142-A96E-81BEC88D8855} 2012-07-21 12:28 - 2012-07-21 12:28 - 00000000 ____D C:\Users\RMM\AppData\Local\{9E895D5D-E94D-4142-A96E-81BEC88D8855} 2012-07-21 12:27 - 2012-07-22 00:41 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{E91597F3-A23C-4C69-BE16-D90E8E18F004} 2012-07-21 12:27 - 2012-07-22 00:41 - 00000000 ____D C:\Users\RMM\Local Settings\{E91597F3-A23C-4C69-BE16-D90E8E18F004} 2012-07-21 12:27 - 2012-07-22 00:41 - 00000000 ____D C:\Users\RMM\AppData\Local\{E91597F3-A23C-4C69-BE16-D90E8E18F004} 2012-07-21 00:27 - 2012-07-21 00:27 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{D7FBD547-B5C2-43D3-A7B2-150F850E7613} 2012-07-21 00:27 - 2012-07-21 00:27 - 00000000 ____D C:\Users\RMM\Local Settings\{D7FBD547-B5C2-43D3-A7B2-150F850E7613} 2012-07-21 00:27 - 2012-07-21 00:27 - 00000000 ____D C:\Users\RMM\AppData\Local\{D7FBD547-B5C2-43D3-A7B2-150F850E7613} 2012-07-20 11:42 - 2012-07-20 11:42 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{1A8A2434-B52F-4DB0-8A4B-C33792EA35B8} 2012-07-20 11:42 - 2012-07-20 11:42 - 00000000 ____D C:\Users\RMM\Local Settings\{1A8A2434-B52F-4DB0-8A4B-C33792EA35B8} 2012-07-20 11:42 - 2012-07-20 11:42 - 00000000 ____D C:\Users\RMM\AppData\Local\{1A8A2434-B52F-4DB0-8A4B-C33792EA35B8} 2012-07-20 11:41 - 2012-07-21 00:27 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{30D51098-FAEF-41A3-895A-0921E9930B45} 2012-07-20 11:41 - 2012-07-21 00:27 - 00000000 ____D C:\Users\RMM\Local Settings\{30D51098-FAEF-41A3-895A-0921E9930B45} 2012-07-20 11:41 - 2012-07-21 00:27 - 00000000 ____D C:\Users\RMM\AppData\Local\{30D51098-FAEF-41A3-895A-0921E9930B45} 2012-07-19 23:41 - 2012-07-19 23:41 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{2567E23A-9109-460A-91A1-C21D453DB40E} 2012-07-19 23:41 - 2012-07-19 23:41 - 00000000 ____D C:\Users\RMM\Local Settings\{2567E23A-9109-460A-91A1-C21D453DB40E} 2012-07-19 23:41 - 2012-07-19 23:41 - 00000000 ____D C:\Users\RMM\AppData\Local\{2567E23A-9109-460A-91A1-C21D453DB40E} 2012-07-19 15:52 - 2012-07-19 15:52 - 20275048 ____A (Microsoft Corporation) C:\Users\RMM\Downloads\BOIE9_ENUS_BO0085_WIN7.EXE 2012-07-19 11:40 - 2012-07-19 23:41 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{C80B05FD-6D1C-46BC-88E0-993C381DBE66} 2012-07-19 11:40 - 2012-07-19 23:41 - 00000000 ____D C:\Users\RMM\Local Settings\{C80B05FD-6D1C-46BC-88E0-993C381DBE66} 2012-07-19 11:40 - 2012-07-19 23:41 - 00000000 ____D C:\Users\RMM\AppData\Local\{C80B05FD-6D1C-46BC-88E0-993C381DBE66} 2012-07-19 11:40 - 2012-07-19 11:41 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{F1C5AD37-A60D-457E-9A80-8311F8600FA3} 2012-07-19 11:40 - 2012-07-19 11:41 - 00000000 ____D C:\Users\RMM\Local Settings\{F1C5AD37-A60D-457E-9A80-8311F8600FA3} 2012-07-19 11:40 - 2012-07-19 11:41 - 00000000 ____D C:\Users\RMM\AppData\Local\{F1C5AD37-A60D-457E-9A80-8311F8600FA3} 2012-07-18 22:48 - 2012-07-18 22:48 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{E47E6D1D-AA7C-4B94-A734-4F4B901F5DA5} 2012-07-18 22:48 - 2012-07-18 22:48 - 00000000 ____D C:\Users\RMM\Local Settings\{E47E6D1D-AA7C-4B94-A734-4F4B901F5DA5} 2012-07-18 22:48 - 2012-07-18 22:48 - 00000000 ____D C:\Users\RMM\AppData\Local\{E47E6D1D-AA7C-4B94-A734-4F4B901F5DA5} 2012-07-18 10:47 - 2012-07-18 22:48 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{777675C5-D0CC-4E85-83B8-ECC74E85B907} 2012-07-18 10:47 - 2012-07-18 22:48 - 00000000 ____D C:\Users\RMM\Local Settings\{777675C5-D0CC-4E85-83B8-ECC74E85B907} 2012-07-18 10:47 - 2012-07-18 22:48 - 00000000 ____D C:\Users\RMM\AppData\Local\{777675C5-D0CC-4E85-83B8-ECC74E85B907} 2012-07-18 10:47 - 2012-07-18 10:47 - 00000000 ____D C:\Users\RMM\Local Settings\Application Data\{B0B58347-A620-4A51-82DA-70C8A9122907} 2012-07-18 10:47 - 2012-07-18 10:47 - 00000000 ____D C:\Users\RMM\Local Settings\{B0B58347-A620-4A51-82DA-70C8A9122907} 2012-07-18 10:47 - 2012-07-18 10:47 - 00000000 ____D C:\Users\RMM\AppData\Local\{B0B58347-A620-4A51-82DA-70C8A9122907} ============ 3 Months Modified Files ======================== 2012-08-17 01:56 - 2009-07-13 23:51 - 00253218 ____A C:\Windows\setupact.log 2012-08-17 01:53 - 2010-01-26 05:29 - 00000073 ____A C:\Windows\SysWOW64\ToasterLauncherLog.log 2012-08-17 01:52 - 2010-02-27 23:06 - 00058288 ____A (Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.dll 2012-08-17 01:52 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-08-17 01:42 - 2009-07-13 23:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2012-08-17 01:42 - 2009-07-13 23:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2012-08-17 01:38 - 2009-07-14 00:13 - 00803420 ____A C:\Windows\System32\PerfStringBackup.INI 2012-08-17 01:18 - 2012-05-08 09:11 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2012-08-17 00:07 - 2012-08-17 00:07 - 00003720 ____A C:\{08A08690-5029-4DD2-93BD-219B6FE370E8} 2012-08-17 00:07 - 2012-08-17 00:07 - 00000061 ____A C:\Users\RMM\Application Data\mbam.context.scan 2012-08-17 00:07 - 2012-08-17 00:07 - 00000061 ____A C:\Users\RMM\AppData\Roaming\mbam.context.scan 2012-08-17 00:02 - 2010-01-26 06:44 - 00499516 ____A C:\Windows\PFRO.log 2012-08-16 23:05 - 2012-08-16 23:04 - 00001207 ____A C:\Users\RMM\Desktop\Elev Cmd Pmpt.lnk 2012-08-16 22:12 - 2012-08-16 22:12 - 00003792 ____A C:\{97BD8F1A-6284-481E-BBF0-E3A50C4673B4} 2012-08-16 19:16 - 2012-08-16 19:16 - 00003720 ____A C:\{8FF1BC36-C401-45AF-8BBC-2F3C0617FA76} 2012-08-16 19:11 - 2012-08-14 11:06 - 00027256 ____A (Symantec Corporation) C:\Windows\System32\Drivers\FixZeroAccess.sys 2012-08-16 18:28 - 2012-08-16 18:28 - 00003760 ____A C:\{9B7B57C2-6A07-42EF-B7C3-DD56177B78E2} 2012-08-16 17:24 - 2012-08-16 17:24 - 00003760 ____A C:\{38CAEDBB-D3B6-4F27-AA3F-739BAE03DD39} 2012-08-16 17:20 - 2012-08-15 16:44 - 00000442 ____A C:\Windows\Tasks\PC Utility Kit Update3.job 2012-08-16 17:20 - 2012-08-15 16:44 - 00000440 ____A C:\Windows\Tasks\PC Utility Kit.job 2012-08-16 17:00 - 2012-08-16 17:00 - 00003792 ____A C:\{1B5ED7CC-C2F5-4D13-8AEA-C43738DBD970} 2012-08-16 16:54 - 2012-08-16 16:54 - 00003760 ____A C:\{AFC8B51A-8808-44EE-A490-57D79F83B654} 2012-08-16 16:43 - 2012-08-16 16:43 - 00003760 ____A C:\{B5E60680-26A6-414B-AC0B-EC147D941ECD} 2012-08-16 16:28 - 2012-08-16 16:28 - 00003792 ____A C:\{924A804A-642C-468C-95A8-057C39B3A191} 2012-08-16 16:26 - 2012-08-16 16:26 - 00003760 ____A C:\{C4877D03-D463-402E-9F66-E1B5EFEEC6AC} 2012-08-16 16:24 - 2012-08-16 16:24 - 00003760 ____A C:\{5E9C62BB-DC5F-44C3-9C31-AD2C4D005624} 2012-08-16 16:23 - 2012-08-16 16:23 - 00003752 ____A C:\{3E430B90-8895-43E4-A52A-6F167DFCE4E4} 2012-08-16 16:21 - 2012-08-16 16:21 - 00003760 ____A C:\{A5974494-044E-432C-A6D1-41279C05C090} 2012-08-16 16:19 - 2012-08-16 16:19 - 00003792 ____A C:\{E1616212-E3A9-488C-ACAC-BCD28FBFD2B6} 2012-08-16 16:17 - 2012-08-16 16:17 - 00003760 ____A C:\{08B1F027-9D8B-40FA-B55D-509484305936} 2012-08-16 15:11 - 2012-08-16 15:10 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\RMM\Downloads\mbam-setup-1.62.0.1300.exe 2012-08-15 19:00 - 2012-08-15 16:45 - 00000476 ____A C:\Windows\Tasks\PC Utility Kit Registration3.job 2012-08-15 16:44 - 2012-08-15 16:44 - 00001234 ____A C:\Users\RMM\Desktop\PC Utility Kit.lnk 2012-08-15 16:37 - 2012-08-15 16:36 - 04765704 ____A (Red Dog Media, Inc.) C:\Users\RMM\Downloads\PC Utility Kit Installer.exe 2012-08-15 16:34 - 2012-08-15 16:34 - 00003760 ____A C:\{DB641AAF-55E2-42C9-A9ED-757B07662B39} 2012-08-15 16:06 - 2012-08-15 16:06 - 00002114 ____A C:\Users\RMM\Desktop\aswMBR.txt 2012-08-15 16:06 - 2012-08-15 16:06 - 00000512 ____A C:\Users\RMM\Desktop\MBR.dat 2012-08-15 15:47 - 2012-08-15 15:47 - 00003760 ____A C:\{1C072F82-80CD-485B-83D5-52CBA779E41A} 2012-08-15 15:45 - 2012-08-15 15:45 - 00003792 ____A C:\{FC5F50EA-8B5D-455A-893A-FFBF42C2EB25} 2012-08-15 15:38 - 2012-08-15 15:38 - 00003792 ____A C:\{7503E6A2-FC1E-4F37-98DB-F29268D1701A} 2012-08-15 15:37 - 2012-08-15 15:37 - 00003760 ____A C:\{92A78B61-AC8A-4D9B-A314-B5E6CE7F7DA1} 2012-08-15 15:31 - 2012-08-15 15:31 - 00003792 ____A C:\{AD996293-A8AB-481A-B42A-DA33FBD9C63F} 2012-08-15 15:30 - 2012-08-15 15:30 - 00003760 ____A C:\{DC8BE0B0-42F6-457C-85D7-C10A9E9D660F} 2012-08-15 15:16 - 2012-08-15 15:16 - 00000856 ____A C:\Users\RMM\Downloads\Downloads - Shortcut.lnk 2012-08-15 14:37 - 2009-07-14 00:10 - 01932677 ____A C:\Windows\WindowsUpdate.log 2012-08-15 14:26 - 2012-08-15 14:24 - 04731392 ____A (AVAST Software) C:\Users\RMM\Downloads\aswMBR.exe 2012-08-15 14:22 - 2012-08-15 14:22 - 00003792 ____A C:\{5963860B-E195-4BBA-AB90-9B7E7C3671A7} 2012-08-15 13:42 - 2012-08-15 13:42 - 00003720 ____A C:\{4C3147A9-BC32-4899-8D6F-8A047FA0EED5} 2012-08-15 12:38 - 2012-08-15 12:38 - 00003760 ____A C:\{0CF61C86-FE61-4A64-9937-66E5919030E5} 2012-08-15 12:18 - 2012-05-08 09:11 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2012-08-15 12:18 - 2011-06-01 20:48 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2012-08-14 22:48 - 2012-08-14 22:48 - 00003792 ____A C:\{FB76A57B-1113-452C-B6B9-93F335A15D8F} 2012-08-14 22:23 - 2012-08-14 22:23 - 00003720 ____A C:\{B4109F30-66E0-49E2-B6D2-1CC0F13EA7C7} 2012-08-14 21:49 - 2012-08-14 21:49 - 00023769 ____A C:\Users\RMM\Desktop\HP Installation Failure - MSI 1603.hta 2012-08-14 21:48 - 2012-08-14 21:48 - 00000057 ____A C:\Users\All Users\Application Data\Ament.ini 2012-08-14 21:48 - 2012-08-14 21:48 - 00000057 ____A C:\Users\All Users\Ament.ini 2012-08-14 21:42 - 2012-08-14 21:41 - 54097776 ____A C:\Users\RMM\Downloads\PSB210_231.exe 2012-08-14 21:24 - 2012-08-14 21:24 - 00003760 ____A C:\{BBD3734D-E889-43B0-A857-B4CC06C8EA78} 2012-08-14 21:18 - 2012-08-14 21:18 - 00003760 ____A C:\{50FA2A9F-E2A9-4322-91ED-E81D59F4FEC5} 2012-08-14 21:14 - 2010-02-09 03:05 - 00002503 ____A C:\Users\Public\Desktop\Norton Internet Security.lnk 2012-08-14 21:14 - 2010-02-09 03:05 - 00002503 ____A C:\Users\All Users\Desktop\Norton Internet Security.lnk 2012-08-14 14:31 - 2012-08-14 14:31 - 04755448 ____A C:\Users\RMM\Downloads\HPPSdr(4).exe 2012-08-14 13:54 - 2012-08-14 13:54 - 04755448 ____A C:\Users\RMM\Downloads\HPPSdr(3).exe 2012-08-14 13:53 - 2012-08-14 13:53 - 04755448 ____A C:\Users\RMM\Downloads\HPPSdr(2).exe 2012-08-14 13:35 - 2012-08-14 13:35 - 00003760 ____A C:\{ED9F493B-59B8-417B-A4DA-C0D2B8B3199B} 2012-08-14 13:25 - 2012-08-14 13:25 - 04755448 ____A C:\Users\RMM\Downloads\HPPSdr.exe 2012-08-14 13:18 - 2012-08-14 13:18 - 00003792 ____A C:\{FFDB7126-BC32-4C79-B49C-9C3E16D3B044} 2012-08-14 12:14 - 2012-08-14 12:13 - 00003760 ____A C:\{321D1C4C-872E-4658-A7D8-43653EC0844F} 2012-08-14 11:12 - 2012-08-14 11:12 - 02841104 ____A (Symantec Corporation) C:\Users\RMM\Downloads\NPE.exe 2012-08-14 11:05 - 2012-08-14 11:05 - 01805736 ____A (Symantec Corporation) C:\Users\RMM\Downloads\FixZeroAccess.exe 2012-07-19 15:52 - 2012-07-19 15:52 - 20275048 ____A (Microsoft Corporation) C:\Users\RMM\Downloads\BOIE9_ENUS_BO0085_WIN7.EXE 2012-07-16 17:16 - 2012-07-16 17:15 - 00002016 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk 2012-07-16 17:16 - 2012-07-16 17:15 - 00002016 ____A C:\Users\All Users\Desktop\Adobe Reader 9.lnk 2012-07-12 08:49 - 2009-07-13 23:45 - 03018408 ____A C:\Windows\System32\FNTCACHE.DAT 2012-07-11 23:55 - 2009-07-13 21:34 - 00000478 ____A C:\Windows\win.ini 2012-07-11 23:51 - 2010-02-09 01:31 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2012-07-03 14:46 - 2012-08-16 15:12 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-06-29 00:24 - 2012-06-20 21:53 - 00002096 ____A C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk 2012-06-29 00:24 - 2012-06-20 21:53 - 00002096 ____A C:\Users\All Users\Desktop\McAfee Security Scan Plus.lnk 2012-06-25 00:15 - 2010-01-26 05:13 - 00032519 ____A C:\Windows\DirectX.log 2012-06-20 07:52 - 2009-07-14 00:08 - 00032640 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2012-06-15 09:42 - 2012-06-15 09:42 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk 2012-06-15 09:42 - 2012-06-15 09:42 - 00001785 ____A C:\Users\All Users\Desktop\iTunes.lnk 2012-06-11 22:08 - 2012-07-11 23:55 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-06-09 00:43 - 2012-07-11 08:18 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll 2012-06-08 23:41 - 2012-07-11 08:18 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2012-06-08 10:59 - 2010-04-13 17:07 - 00013160 ____A (Absolute Software Corp.) C:\Windows\SysWOW64\Upgrd.exe 2012-06-08 10:59 - 2010-02-27 23:06 - 00058288 ____N (Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.exe 2012-06-06 01:06 - 2012-07-11 08:18 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll 2012-06-06 01:06 - 2012-07-11 08:18 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll 2012-06-06 01:02 - 2012-07-11 08:18 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll 2012-06-06 00:05 - 2012-07-11 08:18 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2012-06-06 00:05 - 2012-07-11 08:18 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2012-06-06 00:03 - 2012-07-11 08:18 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll 2012-06-03 23:15 - 2011-08-11 14:19 - 00001013 ____A C:\Users\RMM\Desktop\Dropbox.lnk 2012-06-02 17:19 - 2012-06-24 10:12 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll 2012-06-02 17:19 - 2012-06-24 10:12 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll 2012-06-02 17:19 - 2012-06-24 10:12 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe 2012-06-02 17:19 - 2012-06-24 10:12 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll 2012-06-02 17:19 - 2012-06-24 10:12 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll 2012-06-02 17:15 - 2012-06-24 10:12 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll 2012-06-02 17:15 - 2012-06-24 10:12 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll 2012-06-02 16:19 - 2012-06-24 10:11 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll 2012-06-02 16:15 - 2012-06-24 10:11 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe 2012-06-02 12:21 - 2012-06-02 12:21 - 00001847 ____A C:\Users\Public\Desktop\QuickTime Player.lnk 2012-06-02 12:21 - 2012-06-02 12:21 - 00001847 ____A C:\Users\All Users\Desktop\QuickTime Player.lnk 2012-06-02 07:49 - 2012-07-11 23:50 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-06-02 07:17 - 2012-07-11 23:50 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-06-02 07:12 - 2012-07-11 23:50 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-06-02 07:05 - 2012-07-11 23:50 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-06-02 07:05 - 2012-07-11 23:50 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-06-02 07:04 - 2012-07-11 23:50 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-06-02 07:04 - 2012-07-11 23:50 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-06-02 07:03 - 2012-07-11 23:50 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-06-02 07:01 - 2012-07-11 23:50 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-06-02 07:00 - 2012-07-11 23:50 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-06-02 06:59 - 2012-07-11 23:50 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-06-02 06:57 - 2012-07-11 23:50 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-06-02 06:57 - 2012-07-11 23:50 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-06-02 06:54 - 2012-07-11 23:50 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-06-02 04:07 - 2012-07-11 23:50 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2012-06-02 03:43 - 2012-07-11 23:50 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2012-06-02 03:33 - 2012-07-11 23:50 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2012-06-02 03:26 - 2012-07-11 23:50 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2012-06-02 03:25 - 2012-07-11 23:50 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2012-06-02 03:25 - 2012-07-11 23:50 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2012-06-02 03:23 - 2012-07-11 23:50 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2012-06-02 03:21 - 2012-07-11 23:50 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2012-06-02 03:20 - 2012-07-11 23:50 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2012-06-02 03:19 - 2012-07-11 23:50 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2012-06-02 03:19 - 2012-07-11 23:50 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2012-06-02 03:17 - 2012-07-11 23:50 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2012-06-02 03:16 - 2012-07-11 23:50 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2012-06-02 03:14 - 2012-07-11 23:50 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2012-06-02 00:50 - 2012-07-11 08:18 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys 2012-06-02 00:48 - 2012-07-11 08:18 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys 2012-06-02 00:48 - 2012-07-11 08:18 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys 2012-06-02 00:45 - 2012-07-11 08:18 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll 2012-06-02 00:44 - 2012-07-11 08:18 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll 2012-06-01 23:40 - 2012-07-11 08:18 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2012-06-01 23:40 - 2012-07-11 08:18 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2012-06-01 23:39 - 2012-07-11 08:18 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2012-06-01 23:34 - 2012-07-11 08:18 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll ZeroAccess: C:\Users\RMM\AppData\Local\{d3ed6ce9-2bc9-d767-2346-e38c72483d20} C:\Users\RMM\AppData\Local\{d3ed6ce9-2bc9-d767-2346-e38c72483d20}\@ C:\Users\RMM\AppData\Local\{d3ed6ce9-2bc9-d767-2346-e38c72483d20}\L C:\Users\RMM\AppData\Local\{d3ed6ce9-2bc9-d767-2346-e38c72483d20}\U ZeroAccess: C:\Windows\assembly\GAC_32\Desktop.ini ZeroAccess: C:\Windows\assembly\GAC_64\Desktop.ini ========================= Known DLLs (Whitelisted) ============ ========================= Bamital & volsnap Check ============ C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!. C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ========================= Memory info ====================== Percentage of memory in use: 9% Total physical RAM: 8156.85 MB Available physical RAM: 7351.02 MB Total Pagefile: 8155 MB Available Pagefile: 7351.45 MB Total Virtual: 8192 MB Available Virtual: 8191.91 MB ======================= Partitions ========================= 1 Drive c: (OS) (Fixed) (Total:451.07 GB) (Free:288.85 GB) NTFS 3 Drive e: () (Removable) (Total:0.48 GB) (Free:0.05 GB) FAT 4 Drive f: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:8.99 GB) NTFS ==>[system with boot components (obtained from reading drive)] 5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 465 GB 0 B Disk 1 Online 488 MB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 OEM 39 MB 31 KB Partition 2 Primary 14 GB 39 MB Partition 3 Primary 451 GB 14 GB ================================================================================== Disk: 0 Partition 1 Type : DE Hidden: Yes Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 4 FAT Partition 39 MB Healthy Hidden ================================================================================== Disk: 0 Partition 2 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 F RECOVERY NTFS Partition 14 GB Healthy ================================================================================== Disk: 0 Partition 3 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C OS NTFS Partition 451 GB Healthy ================================================================================== Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 488 MB 116 KB ================================================================================== Disk: 1 Partition 1 Type : 06 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 E FAT Removable 488 MB Healthy ================================================================================== Last Boot: 2012-08-07 10:49 ======================= End Of Log ========================== Farbar Recovery Scan Tool Version: 15-08-2012 Ran by SYSTEM at 2012-08-17 02:04:20 Running from E:\ ================== Search: "services.exe" =================== C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe [2009-07-13 18:19] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB C:\Windows\System32\services.exe [2009-07-13 18:19] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06 ====== End Of Search ======
  11. Hello, I keep getting an alert from AVG saying that a threat was detected. More specifically, it's services.exe that is infected with a "Trojan horse Droppper.Generic_c.MMI". I've been going through similar posts for a while, but can't seem to fix it and don't want to mess anything up. Any help that could be given would be greatly appreciated.. Thanks in advance!!
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.