Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92790 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Keylogger, KernelMode Rootkit SSDT hooks have plagued my PC since June

Windows redirect SSDT keylogger rootkits active ssdt hooks rootkit redirecting windows directori

  • This topic is locked This topic is locked
35 replies to this topic

#16 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 12 December 2014 - 08:47 PM

Hi BrotherPorter ,

Good luck with the weather, and post the log when you are able to.
OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.

    Advertisements

Register to Remove


#17 BrotherPorter

BrotherPorter

    Authentic Member

  • Authentic Member
  • PipPip
  • 24 posts

Posted 13 December 2014 - 10:55 AM

it says my post was too long; I don't have the tdss log and I don't know why because I know I put it on my flash drive but they are online with me here at library because screen popped earlier. sorryf or posting dism, if i had read ur post on



#18 BrotherPorter

BrotherPorter

    Authentic Member

  • Authentic Member
  • PipPip
  • 24 posts

Posted 13 December 2014 - 10:56 AM

SecureAnywhere Scan Log (Version v8.0.6.28)
Log saved at Fri 2014-12-12 05:58:53
 
v8.0.6.28
Windows 7 Service Pack 1 (Build 7601) 32bit (Hostname: MONK - Local IP: )
Scan Started: Fri 2014-12-12 05:54:44
[U] c:\program files\creative\sound blaster x-fi go pro\volume panel\ctaudmon.dll [MD5: 6E91FA5552EA494B302965164BAAC28E] [Flags: 00000400.10307]
[U] c:\program files\keyscrambler\x64\keyscramblerie.dll [MD5: 2735647BE767891092F1E640CCF660C1] [Flags: 00011400.3308]
[U] c:\program files\creative\sound blaster x-fi go pro\audiocs\ctaudmon.dll [MD5: 6E91FA5552EA494B302965164BAAC28E] [Flags: 00000400.10307]
[X] c:\windows\system32\spool\drivers\w32x86\3\cnmsqbv.dll [MD5: 1DD109C70F6A229D8BDC8B2A500AEF54] [Flags: 00000400.10826]
[U] c:\windows\system32\freeotfecypheraes_gladman.sys [MD5: D74BA750BD14438F92C38605C6F7FDBD] [Flags: 00080401.7847]
[U] c:\program files\keyscrambler\driverinstaller.exe [MD5: 94538E204E722B3A790A3E986ED2A6D3] [Flags: 00001400.3297]
[X] c:\program files\google\chrome\application\39.0.2171.95\libegl.dll [MD5: 8216E260B703E4C7529E09223C505876] [Flags: 00001400.10834]
[U] c:\windows\system32\freeotfecypherblowfish.sys [MD5: C2D17B3CD673DA94C3BB35EFADF6F201] [Flags: 00080401.7877]
[U] c:\windows\system32\freeotfecypheraes_ltc.sys [MD5: 83D8CEB38406565248AD4D974C77A051] [Flags: 00080401.7887]
[U] c:\windows\system32\freeotfe.sys [MD5: F9F089ABDC10CED295BC05E7D1779D98] [Flags: 00080401.7836]
[U] c:\windows\system32\freeotfecyphercast5.sys [MD5: D2D61587BB4F02E728423111691A5139] [Flags: 00080401.7870]
[U] c:\windows\system32\freeotfecyphercast6_gladman.sys [MD5: C3ABBDAB78F94653D7C88E7594090E1C] [Flags: 00080401.7839]
[U] c:\windows\system32\freeotfecyphermars_gladman.sys [MD5: 796E664402C3F6B95419804E9E292699] [Flags: 00080401.7854]
[U] c:\windows\system32\freeotfecypherrc6_ltc.sys [MD5: D91BD70DF21A2FC9AD86D94CCF7B97D0] [Flags: 00080401.7859]
[U] c:\program files\keyscrambler\keyscrambler.exe [MD5: 77C980C97A17D31B21CCCD3F2ED823CB] [Flags: 10181510.3307]
[U] c:\windows\system32\freeotfecypherdes.sys [MD5: 53753A3EF11E892F001E4DEA74BF556F] [Flags: 00080401.7869]
[U] c:\windows\system32\freeotfecypherserpent_gladman.sys [MD5: F9FFB8F8E4BBE1CE7DF65884B9B80AA9] [Flags: 00080401.7851]
[U] c:\windows\system32\freeotfecyphertwofish_ltc.sys [MD5: 7194E78D7B96BA3E3F08361DA7A0F3CE] [Flags: 00080401.7848]
[U] c:\windows\system32\freeotfehashmd.sys [MD5: 91B27E7E1DECDAA83DAE79BA49A99649] [Flags: 00080401.7865]
[U] c:\windows\system32\freeotfehashripemd.sys [MD5: 2F6B9FA4EB4E53720484E6FD4D8D6F8F] [Flags: 00080401.7880]
[U] c:\windows\system32\freeotfehashsha.sys [MD5: 0D872DAA85AAD172223B2EF8FAF09A7C] [Flags: 00080401.7885]
[U] c:\windows\system32\freeotfehashwhirlpool.sys [MD5: 1F601BF0B40BC10BAE69E676DC54B0EC] [Flags: 00080401.7857]
[U] c:\users\monk\desktop\frst.exe [MD5: EA9CBFA15966E46F004F76E7D7B4E2F9] [Flags: 18080C01.10363]
[U] c:\windows\system32\freeotfehashtiger.sys [MD5: E13238B84D76FF9FB1835588C863B64D] [Flags: 00080401.7856]
[U] c:\users\monk\desktop\securitycheck.exe [MD5: 76C4D0DBFBB8A134E16F7A4ABBDC7E26] [Flags: 002A0C00.8391]
[U] c:\program files\creative\sound blaster x-fi go pro\sound blaster\sbmcplugin.ocx [MD5: 50EDE9924CBCE66511DD0754A0F52FC5] [Flags: 00000400.10335]
[U] c:\windows\system32\lnkprotect.dll [MD5: 41F540C372042F6E4FE010DD3B22C8D7] [Flags: 00081400.3535]
[X] c:\windows\system32\systempropertiesremote.exe [MD5: AE8D597C94F84FDDFE80747B941615CC] [Flags: 00000400.10829]
[X] c:\windows\winsxs\x86_microsoft-windows-f..utilityexfatlibrary_31bf3856ad364e35_6.1.7600.16385_none_29d5bb009f94011b\uexfat.dll [MD5: 432EA9855BB4091172B72EA44B9627D7] [Flags: 00000400.10827]
[X] c:\program files\google\chrome\application\39.0.2171.95\chrome_elf.dll [MD5: 649AA174D5798B17439EB877B12E6FA3] [Flags: 00001400.10830]
[E] c:\users\monk\appdata\local\microsoft\windows\temporary internet files\content.ie5\nqbdvsdw\keyscrambler_setup[1].exe [MD5: 3A7017EBE6EA6DE75D237932DF6EA866] [Flags: 00080100.3161]
[X] c:\program files\google\chrome\application\39.0.2171.95\ffmpegsumo.dll [MD5: 685642623E6AAECA417301EA4AC8124B] [Flags: 00001400.10837]
[U] c:\users\monk\appdata\local\ie tab\7.12.10.1\ietabhelper.exe [MD5: D8B52A89CA45C380A8189D1BAEEC9C0F] [Flags: 00001401.10454]
[E] c:\users\monk\desktop\free_download_setup.exe [MD5: BBE03422FB56EF90D4E112D8273B8FF4] [Flags: 40081100.2859]
[X] c:\program files\installshield installation information\{7cfa46e3-cc2f-4355-82ae-6012dc3633fd}\issetup.dll [MD5: D1DC49480C499DB10F8893D47F018147] [Flags: 08000400.10828]
[X] c:\program files\common files\system\ado\msjro.dll [MD5: 3B5116838A330132D406353E2BCBFB6F] [Flags: 00000400.10839]
[X] c:\program files\google\chrome\application\39.0.2171.95\libglesv2.dll [MD5: 0C1E0E2C32FA30370A6F8C9FCA122548] [Flags: 00001400.10833]
[X] c:\program files\google\chrome\application\39.0.2171.95\pdf.dll [MD5: 9F5F88548AFF90D80A656652172F7449] [Flags: 00001400.10835]
[X] c:\program files\google\chrome\application\39.0.2171.95\libpeerconnection.dll [MD5: 0F02448D17B890E79DDFE3EA51A05ECC] [Flags: 00001400.10836]
[X] c:\programdata\microsoft\windows\start menu\desktop.ini
[X] c:\programdata\microsoft\windows\start menu\programs\accessories\accessibility\desktop.ini
[X] c:\programdata\microsoft\windows\start menu\programs\accessories\windows powershell\desktop.ini
[X] c:\programdata\microsoft\windows\start menu\programs\keyscrambler\keyscrambler user manual.url
[X] c:\programdata\microsoft\windows\start menu\programs\keyscrambler\qfx software homepage.url
[X] c:\programdata\microsoft\windows\start menu\programs\maintenance\desktop.ini
[X] c:\programdata\microsoft\windows\start menu\programs\mozbackup\homepage.url
[X] c:\programdata\microsoft\windows\start menu\programs\mozbackup\support.url
[U] c:\program files\tracker software\pdf viewer\pdfxcview.exe [MD5: CE4C4E99A1D7CFC72C1351DC8EE6A526] [Flags: 001A1400.3577]
[X] c:\programdata\microsoft\windows\start menu\programs\startup\desktop.ini
[X] c:\users\monk\appdata\roaming\microsoft\windows\start menu\desktop.ini
[X] c:\users\monk\appdata\roaming\microsoft\windows\start menu\programs\accessories\accessibility\desktop.ini
[X] c:\users\monk\appdata\roaming\microsoft\windows\start menu\programs\accessories\desktop.ini
[X] c:\users\monk\appdata\roaming\microsoft\windows\start menu\programs\administrative tools\desktop.ini
[X] c:\users\monk\appdata\roaming\microsoft\windows\start menu\programs\desktop.ini
[X] c:\users\monk\appdata\roaming\microsoft\windows\start menu\programs\maintenance\desktop.ini
[X] c:\users\monk\appdata\roaming\microsoft\windows\start menu\programs\openoffice 4.1.1\desktop.ini
[X] c:\users\monk\appdata\roaming\microsoft\windows\start menu\programs\startup\desktop.ini
[X] c:\users\monk\appdata\roaming\microsoft\windows\sendto\desktop (create shortcut).desklink
[X] c:\users\monk\appdata\roaming\microsoft\windows\sendto\desktop.ini
[X] c:\users\monk\desktop\desktop.ini
[X] c:\users\public\desktop\desktop.ini
[X] c:\program files\desktop.ini
[X] c:\windows\temp\fwtsqmfile00.sqm
[X] c:\windows\temp\zlt0603a.tmp
[X] c:\autoexec.bat
[X] c:\config.sys
[X] c:\tdsskiller.3.0.0.41_08.12.2014_12.31.02_log.txt
[X] c:\program files\creative\sound blaster x-fi go pro\sound blaster\sound blaster.mcl
[X] c:\program files\google\chrome\application\39.0.2171.95\chrome.dll [MD5: E00DE70E27713260B12B67E9BFFB78EB] [Flags: 00001400.10831]
[X] c:\program files\google\chrome\application\39.0.2171.95\chrome_child.dll [MD5: AC9F025D821A40F31DBFFDE53CC06FED] [Flags: 00001400.10832]
[X] c:\windows\panther\contents1.dir
[X] c:\windows\softwaredistribution\download\10e36514582b1ad9bc53af09c42a127b\cbshandler\state
[X] c:\users\monk\appdata\local\microsoft\windows sidebar\cache\168522d5-1082-4df2-b2f6-9185c31f9472\globalcachecleanup.xml
[X] c:\users\monk\appdata\roaming\thunderbird\profiles\nj1jebh7.default\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103}\components\libical.manifest
[X] c:\programdata\microsoft\windows\wer\reportqueue\appcrash_zaprivacyservice_7cfb2a6f19efaa7b2d04a9673d0b09f6b22dc_cab_09bca830\wer97fb.tmp.hdmp
[X] c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7600.16385_none_fde3cf3dd3e16d0d\autoexec.bat
[X] c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7600.16385_none_fde3cf3dd3e16d0d\config.sys
[X] c:\windows\winsxs\x86_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_6.1.7601.18512_none_d3b70289afa0d233\basealtgr_rtl.xml
[X] c:\users\monk\ntuser.ini
[X] c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.1.7601.18150_none_0d41cdd2ad80020d\connectionmanager_dmr.xml
[X] c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.1.7601.18150_none_0d41cdd2ad80020d\renderingcontrol.xml
[X] c:\windows\winsxs\x86_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_4db0b909695af8f9\1px.gif
[X] c:\users\monk\appdata\roaming\microsoft\protect\credhist
[X] c:\users\monk\appdata\roaming\microsoft\protect\s-1-5-21-3795844004-4128841395-3337064661-1000\preferred
[X] c:\windows\winsxs\x86_microsoft-windows-sendmail_31bf3856ad364e35_6.1.7600.16385_none_5abfd0847d56c34e\desktop (create shortcut).desklink
[X] c:\windows\winsxs\backup\x86_microsoft-windows-sendmail_31bf3856ad364e35_6.1.7600.16385_none_5abfd0847d56c34e_desktopcreateshortcut.desklink_c68aef56
[X] c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\sendto\desktop (create shortcut).desklink
[X] c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\sendto\desktop (create shortcut).desklink
[X] c:\users\default\appdata\roaming\microsoft\windows\sendto\desktop (create shortcut).desklink
[X] c:\windows\winsxs\x86_presentationcore_31bf3856ad364e35_6.1.7601.18140_none_ae13ecdeee527603\presentationfontcache.exe.config
[X] c:\users\public\desktop.ini
[X] c:\windows\winsxs\x86_microsoft-windows-coreos_31bf3856ad364e35_6.1.7601.17787_none_271105689cc96a2c\system.ini
[X] c:\windows\system.ini
[X] c:\windows\win.ini
[X] c:\windows\winsxs\x86_mscorlib_b77a5c561934e089_6.1.7601.18523_none_9c13fa477dfdc7d5\big5.nlp
[X] c:\windows\winsxs\x86_mscorlib_b77a5c561934e089_6.1.7601.18529_none_9c1371977dfe619b\bopomofo.nlp
[X] c:\windows\winsxs\x86_mscorlib_b77a5c561934e089_6.1.7601.18523_none_9c13fa477dfdc7d5\ksc.nlp
[X] c:\windows\winsxs\x86_mscorlib_b77a5c561934e089_6.1.7601.18529_none_9c1371977dfe619b\normidna.nlp
[X] c:\windows\winsxs\x86_mscorlib_b77a5c561934e089_6.1.7601.18523_none_9c13fa477dfdc7d5\normnfc.nlp
[X] c:\windows\winsxs\x86_mscorlib_b77a5c561934e089_6.1.7601.18523_none_9c13fa477dfdc7d5\normnfd.nlp
[X] c:\windows\winsxs\x86_mscorlib_b77a5c561934e089_6.1.7601.18529_none_9c1371977dfe619b\normnfkc.nlp
[X] c:\windows\winsxs\x86_mscorlib_b77a5c561934e089_6.1.7601.18529_none_9c1371977dfe619b\normnfkd.nlp
[X] c:\windows\winsxs\x86_mscorlib_b77a5c561934e089_6.1.7601.18523_none_9c13fa477dfdc7d5\prc.nlp
[X] c:\windows\winsxs\x86_mscorlib_b77a5c561934e089_6.1.7601.18523_none_9c13fa477dfdc7d5\prcp.nlp
[X] c:\windows\winsxs\x86_mscorlib_b77a5c561934e089_6.1.7601.21890_none_854d97b7979e8fd4\sortkey.nlp
[X] c:\windows\winsxs\x86_mscorlib_b77a5c561934e089_6.1.7601.21890_none_854d97b7979e8fd4\sorttbls.nlp
[X] c:\windows\winsxs\x86_mscorlib_b77a5c561934e089_6.1.7601.18523_none_9c13fa477dfdc7d5\xjis.nlp
[X] c:\windows\assembly\gac_32\policy.1.0.microsoft.interop.security.azroles\6.1.7600.16385__31bf3856ad364e35\microsoft.interop.security.azroles.config
[X] c:\windows\winsxs\x86_microsoft-windows-iesecuritydiagnostic_31bf3856ad364e35_6.1.7601.17514_none_966c784e660840ee\iesecurity_troubleshooter.ps1
[X] c:\windows\winsxs\x86_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_8.0.7600.16385_none_51b70586ec78a39f\desktop.ini
[X] c:\windows\downloaded program files\desktop.ini
[X] c:\windows\winsxs\x86_microsoft-windows-fontext_31bf3856ad364e35_6.1.7601.17514_none_a08d026e51df6429\desktop.ini
[X] c:\windows\fonts\desktop.ini
[X] c:\windows\system32\logfiles\scm\ecb37f60-9c84-439e-93f0-2d55209b0857
[X] c:\windows\fonts\segoeuil.ttf
[X] c:\windows\winsxs\x86_microsoft-windows-font-truetype-segoeui_31bf3856ad364e35_6.1.7601.18528_none_d2bc881870836261\seguisb.ttf
[X] c:\windows\softwaredistribution\download\6fdad897547bb2dbe6c1a642c91183d7\cbshandler\state
[X] c:\windows\system32\logfiles\scm\193992db-1d52-430a-92e7-fe24ea19b319
[X] c:\users\monk\appdata\roaming\canon\ij scan utility\uiver.dat
[X] c:\windows\softwaredistribution\download\3446268c9e8251887fa99848ee18bc3b\cbshandler\state
[X] c:\windows\system32\logfiles\scm\3ba278ed-55a3-46ee-8ddd-efb109fdd01a
[X] c:\windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.1.7601.17755_none_6e06592f705d8a33\apps.inf
[X] c:\windows\winsxs\x86_microsoft-windows-ie-f12-provider_31bf3856ad364e35_11.2.9600.17239_none_618c277ac61f3107\microsoft-windows-ie-f12-provider.ptxml
[X] c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17239_none_999215667ec933c9\microsoft-windows-ie-htmlrendering.ptxml
[X] c:\windows\inf\setupapi.app.log
[X] c:\windows\inf\.net clr data\0000\_dataperfcounters_d.ini
[X] c:\windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7601.18523_en-us_057e393cf09ba4c2\_dataperfcounters_d.ini
[X] c:\windows\inf\.net clr networking\0000\_networkingperfcounters_d.ini
[X] c:\windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7601.18523_en-us_057e393cf09ba4c2\_networkingperfcounters_d.ini
[X] c:\windows\inf\.net data provider for oracle\0000\_dataoracleclientperfcounters_shared12_neutral_d.ini
[X] c:\windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7601.18523_en-us_057e393cf09ba4c2\_dataoracleclientperfcounters_shared12_neutral_d.ini
[X] c:\windows\inf\.net data provider for sqlserver\0000\_dataperfcounters_shared12_neutral_d.ini
[X] c:\windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7601.18523_en-us_057e393cf09ba4c2\_dataperfcounters_shared12_neutral_d.ini
[X] c:\windows\inf\.netframework\0000\corperfmonsymbols_d.ini
[X] c:\windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7601.18523_en-us_057e393cf09ba4c2\corperfmonsymbols_d.ini
[X] c:\windows\winsxs\x86_wcf-m_tx_bridge_perf_c_ini_31bf3856ad364e35_6.1.7600.16385_none_80559eec8f97c5f8\_transactionbridgeperfcounters_d.ini
[X] c:\windows\inf\msdtc bridge 3.0.0.0\0409\_transactionbridgeperfcounters_d.ini
[X] c:\windows\winsxs\x86_wcf-m_svc_mod_end_perf_ini_31bf3856ad364e35_6.1.7600.16385_none_ca93e046eeb1a109\_servicemodelendpointperfcounters_d.ini
[X] c:\windows\inf\servicemodelendpoint 3.0.0.0\0409\_servicemodelendpointperfcounters_d.ini
[X] c:\windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_ini_31bf3856ad364e35_6.1.7600.16385_none_c338d04090ac9e87\_servicemodeloperationperfcounters_d.ini
[X] c:\windows\inf\servicemodeloperation 3.0.0.0\0409\_servicemodeloperationperfcounters_d.ini
[X] c:\windows\winsxs\x86_wcf-m_svc_mod_svc_perf_ini_31bf3856ad364e35_6.1.7600.16385_none_7a7a5603ee075acc\_servicemodelserviceperfcounters_d.ini
[X] c:\windows\inf\servicemodelservice 3.0.0.0\0409\_servicemodelserviceperfcounters_d.ini
[X] c:\windows\winsxs\x86_wcf-m_smsvchost_perf_c_ini_31bf3856ad364e35_6.1.7600.16385_none_340ce7386d830990\_smsvchostperfcounters_d.ini
[X] c:\windows\inf\smsvchost 3.0.0.0\0409\_smsvchostperfcounters_d.ini
[X] c:\windows\winsxs\x86_wwf-perfcnt_ini_31bf3856ad364e35_6.1.7600.16385_none_739abb4d5ca4ee30\perfcounters_d.ini
[X] c:\windows\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.1.7600.16385_en-us_bb39ab2582dc79f6\perfcounters_d.ini
[X] c:\windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_7.0.7600.16808_none_738a02977c8563e7\idxcntrs.ini
[X] c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_11.2.9600.17501_none_b58e487176b8743c\windows feed discovered.wav
[X] c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_11.2.9600.17501_none_b58e487176b8743c\windows information bar.wav
[X] c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_11.2.9600.17501_none_b58e487176b8743c\windows navigation start.wav
[X] c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_11.2.9600.17501_none_b58e487176b8743c\windows pop-up blocked.wav
[X] c:\windows\winsxs\x86_microsoft-windows-s..-soundthemes-garden_31bf3856ad364e35_6.1.7600.16385_none_9b86239a5d28cceb\desktop.ini
[X] c:\windows\winsxs\x86_microsoft-windows-s..dthemes-calligraphy_31bf3856ad364e35_6.1.7600.16385_none_6521e04384521cc6\desktop.ini
[X] c:\windows\winsxs\x86_netfx-aspnet_webadmin_b03f5f7f11d50a3a_6.1.7600.16385_none_b462020700d120ce\webadminnonavbar.master
[X] c:\windows\microsoft.net\framework\v2.0.50727\asp.netwebadminfiles\webadminnonavbar.master
[X] c:\windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.1.7600.16385_none_834696a6d561afb1\deselectedtab_1x1.gif
[X] c:\windows\microsoft.net\framework\v2.0.50727\asp.netwebadminfiles\images\deselectedtab_1x1.gif
[X] c:\windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.1.7600.16385_none_834696a6d561afb1\selectedtab_1x1.gif
[X] c:\windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.1.7600.16385_none_834696a6d561afb1\security_watermark.jpg
[X] c:\windows\microsoft.net\framework\v2.0.50727\asp.netwebadminfiles\images\selectedtab_1x1.gif
[X] c:\windows\microsoft.net\framework\v2.0.50727\asp.netwebadminfiles\images\security_watermark.jpg
[X] c:\windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.1.7600.16385_none_834696a6d561afb1\unselectedtab_leftcorner.gif
[X] c:\windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.1.7600.16385_none_834696a6d561afb1\selectedtab_leftcorner.gif
[X] c:\windows\microsoft.net\framework\v2.0.50727\asp.netwebadminfiles\images\unselectedtab_leftcorner.gif
[X] c:\windows\microsoft.net\framework\v2.0.50727\asp.netwebadminfiles\images\selectedtab_leftcorner.gif
[X] c:\windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.1.7600.16385_none_834696a6d561afb1\unselectedtab_rightcorner.gif
[X] c:\windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.1.7600.16385_none_834696a6d561afb1\selectedtab_rightcorner.gif
[X] c:\windows\microsoft.net\framework\v2.0.50727\asp.netwebadminfiles\images\unselectedtab_rightcorner.gif
[X] c:\windows\microsoft.net\framework\v2.0.50727\asp.netwebadminfiles\images\selectedtab_rightcorner.gif
[X] c:\windows\winsxs\x86_microsoft-windows-ie-offlinefavorites_31bf3856ad364e35_8.0.7600.16385_none_7bbc80532a0f1e83\desktop.ini
[X] c:\windows\offline web pages\desktop.ini
[X] c:\windows\winsxs\x86_microsoft-windows-n..sh-helper.resources_31bf3856ad364e35_6.1.7600.16385_en-us_e80dca824dc2435c\rules.system.nettrace.xml
[X] c:\windows\winsxs\x86_microsoft-windows-n..sh-helper.resources_31bf3856ad364e35_6.1.7600.16385_en-us_e80dca824dc2435c\report.system.nettrace.xml
[X] c:\program files\creative\sound blaster x-fi go pro\program\support\i386\setup.ini
[X] c:\program files\creative\sound blaster x-fi go pro\program\support\amd64\setup.ini
[X] c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_0b0e4b4025cf4049\x86_installed
[X] c:\windows\setup\state\state.ini
[X] c:\windows\system32\desktop.ini
[X] c:\windows\system32\mapisvc.inf
[X] c:\windows\system32\noise.tha
[X] c:\windows\system32\pcl.sep
[X] c:\windows\system32\pscript.sep
[X] c:\windows\system32\restartmanageruninstall.mof
[X] c:\users\monk\music\itunes\sentinel
[X] c:\users\monk\appdata\local\microsoft\windows\explorer\thumbcache_1024.db
[X] c:\users\monk\appdata\local\microsoft\windows\explorer\thumbcache_sr.db
[X] c:\users\monk\appdata\local\google\chrome\user data\default\extensions\gighmmpiobklfepjocnamgkkbiglidom\2.14.4_0\chrome_oauth_receiver.js
[X] c:\windows\winsxs\x86_microsoft-windows-w..for-management-core_31bf3856ad364e35_6.1.7601.17514_none_cc6cdf4b0b49e560\winrm.cmd
[X] c:\windows\winsxs\x86_microsoft-windows-w..for-management-core_31bf3856ad364e35_6.1.7601.18619_none_cc71cbdb0b457adb\wsmanconfig_schema.xml
[X] c:\windows\system32\driverstore\filerepository\brmfcmf.inf_x86_neutral_33717b093227cd8c\brmfbidi.ini
[X] c:\windows\winsxs\x86_ntprint.inf_31bf3856ad364e35_6.1.7600.16385_none_3ad6f3251c0676a9\i386\msxpsinc.ppd
[X] c:\windows\system32\driverstore\filerepository\prnbr002.inf_x86_neutral_1d14699bf2d4d936\i386\brci06a.ini
[X] c:\windows\system32\driverstore\filerepository\prnbr003.inf_x86_neutral_21c4516754f2bda5\i386\brmw2.ini
[X] c:\windows\system32\driverstore\filerepository\prnbr003.inf_x86_neutral_21c4516754f2bda5\i386\brpt2.ini
[X] c:\windows\system32\driverstore\filerepository\prnbr004.inf_x86_neutral_a976dec554a0be13\i386\brci08a.ini
[X] c:\windows\system32\driverstore\filerepository\prnbr005.inf_x86_neutral_407befecac90c7f1\i386\brci08b.ini
[X] c:\windows\system32\driverstore\filerepository\prnbr009.inf_x86_neutral_3f6b69c8d1091fd8\i386\brci14a.ini
[X] c:\windows\system32\driverstore\filerepository\prnep003.inf_x86_neutral_342be98eb74e1449\i386\ep0lb030.ini
[X] c:\windows\system32\driverstore\filerepository\prnep003.inf_x86_neutral_342be98eb74e1449\i386\ep0lb040.ini
[X] c:\windows\system32\driverstore\filerepository\prnfx002.inf_x86_neutral_f83f67e1c22e557b\i386\fxuccm01.ini
[X] c:\windows\system32\driverstore\filerepository\prnge001.inf_x86_neutral_51cbe14e4cdde8c2\i386\tty.ini
[X] c:\windows\system32\driverstore\filerepository\prnkm003.inf_x86_neutral_ea465b3729b37f54\i386\kop5650x.ini
[X] c:\windows\system32\driverstore\filerepository\prnkm003.inf_x86_neutral_ea465b3729b37f54\i386\kop4650x.ini
[X] c:\windows\system32\driverstore\filerepository\prnkm003.inf_x86_neutral_ea465b3729b37f54\i386\kom4650x.ini
[X] c:\windows\system32\driverstore\filerepository\prnkm003.inf_x86_neutral_ea465b3729b37f54\i386\koc650x.ini
[X] c:\windows\system32\driverstore\filerepository\prnkm003.inf_x86_neutral_ea465b3729b37f54\i386\koc451x.ini
[X] c:\windows\system32\driverstore\filerepository\prnkm003.inf_x86_neutral_ea465b3729b37f54\i386\koc353x.ini
[X] c:\windows\winsxs\x86_prnlx00x.inf_31bf3856ad364e35_6.1.7600.16385_none_10ff6ae0ebfde27e\i386\lxkps.ini
[X] c:\windows\winsxs\x86_prnlx00y.inf_31bf3856ad364e35_6.1.7600.16385_none_11887d16051c1ee7\i386\lxkxl.ini
[X] c:\windows\winsxs\x86_microsoft-windows-p..g-xpsdocumentwriter_31bf3856ad364e35_6.1.7601.17514_none_24e008d5c14862bc\mxdwdui.ini
[X] c:\windows\system32\spool\drivers\w32x86\3\mxdwdui.ini
[X] c:\windows\system32\driverstore\filerepository\prnms001.inf_x86_neutral_1dd3de102185d5d9\mxdwdui.ini
[X] c:\windows\system32\driverstore\filerepository\prnok002.inf_x86_neutral_436ff5d24333cca0\i386\okdtuver.gpd
[X] c:\windows\system32\driverstore\filerepository\prnod002.inf_x86_neutral_c36a5fe1ac15a734\i386\okdtever.gpd
[X] c:\windows\system32\driverstore\filerepository\prnok002.inf_x86_neutral_436ff5d24333cca0\i386\okmlivu.gpd
[X] c:\windows\winsxs\x86_prnrc00a.inf_31bf3856ad364e35_6.1.7600.16385_none_dde1186f40843b2e\i386\riares17.ini
[X] c:\windows\winsxs\x86_prnrc00a.inf_31bf3856ad364e35_6.1.7600.16385_none_dde1186f40843b2e\i386\riares27.ini
[X] c:\windows\winsxs\x86_prnrc00c.inf_31bf3856ad364e35_6.1.7600.16385_none_def33cd972c0b400\i386\ricohps7.ini
[X] c:\windows\winsxs\x86_prnsa002.inf_31bf3856ad364e35_6.1.7600.16385_none_a6848f451d050fc0\i386\smpicfg2.ini
[X] c:\windows\winsxs\x86_prnsa002.inf_31bf3856ad364e35_6.1.7600.16385_none_a6848f451d050fc0\i386\smpicfg3.ini
[X] c:\windows\winsxs\x86_prnso002.inf_31bf3856ad364e35_6.1.7600.16385_none_e57e4519b998adb2\i386\sodpp2.ini
[X] c:\windows\system32\driverstore\filerepository\tsprint.inf_x86_neutral_c48d421ad2c1e3e3\tsprint-pipelineconfig.xml
[X] c:\windows\system32\logfiles\scm\05ee699f-ab25-42d8-8781-558c5d1d2fad
[X] c:\windows\system32\logfiles\scm\071d41b6-8806-4eb0-b661-6cb67be6e86e
[X] c:\windows\system32\logfiles\scm\0d9b5d92-3a22-486d-a887-3aa21597cf27
[X] c:\windows\system32\logfiles\scm\0e12083c-0335-49db-9542-ba1ec6d83ecc
[X] c:\windows\system32\logfiles\scm\1ec9510d-a439-4950-9399-b6399edf9ea7
[X] c:\windows\system32\logfiles\scm\2375f586-1009-41fb-b54e-30d8af2b781d
[X] c:\windows\system32\logfiles\scm\24fa84a0-e087-48ec-bc51-2b9c4c815d78
[X] c:\windows\system32\logfiles\scm\2bd05ba6-988d-4bd3-a9cd-9a39f80af524
[X] c:\windows\system32\logfiles\scm\2c59ecaf-3a27-4640-9f4b-519b05bdd70f
[X] c:\windows\system32\logfiles\scm\367f930a-a3db-4112-b1f1-50e92a171c88
[X] c:\windows\system32\logfiles\scm\4040e761-8758-4007-b2fe-142b24bf4b16
[X] c:\windows\system32\logfiles\scm\50fb5a03-0e1e-48de-b8a1-bee9d7d2cd0f
[X] c:\windows\system32\logfiles\scm\5b184694-64c3-4633-94c5-945b3fa561d6
[X] c:\windows\system32\logfiles\scm\5c2c622f-70e9-4194-a7da-033e827365ad
[X] c:\windows\system32\logfiles\scm\6375cc1c-d975-48d2-9cd5-63db19b10d4a
[X] c:\windows\system32\logfiles\scm\60158c7a-6808-42cd-95ee-afd9a57925db
[X] c:\windows\system32\logfiles\scm\6aef0c98-2cb4-4b67-8c70-4c977c7355cc
[X] c:\windows\system32\logfiles\scm\6b7ac694-8d6d-481b-9dd8-2a3a741ada6d
[X] c:\windows\system32\logfiles\scm\731e9c62-95b5-4c8c-ab64-4cc591c9ff5b
[X] c:\windows\system32\logfiles\scm\73259f86-29d6-42ff-b1e7-634f6e40d4f8
[X] c:\windows\system32\logfiles\scm\7d3c7871-a917-4ef0-82e8-5f0a96423051
[X] c:\windows\system32\logfiles\scm\8905ecd8-016f-4dc2-90e6-a5f1fa6a841a
[X] c:\windows\system32\logfiles\scm\9334c323-f100-4656-9ba0-e4aa69c0f9c2
[X] c:\windows\system32\logfiles\scm\9b75c702-ea13-406a-badb-6c588ee4375b
[X] c:\windows\system32\logfiles\scm\9efacbe6-a797-4905-a0c6-014cd3000dbb
[X] c:\windows\system32\logfiles\scm\9f54b95f-5096-4803-ae61-e9b3ac5b616d
[X] c:\windows\system32\logfiles\scm\a1cfa52f-06f2-418d-addb-cd6456d66f43
[X] c:\windows\system32\logfiles\scm\a2cfb6f3-b3ae-4971-8e29-c415be22d2e5
[X] c:\windows\system32\logfiles\scm\a316e645-1c56-45a6-bd6a-7dca79778090
[X] c:\windows\system32\logfiles\scm\a6394592-54ce-4e93-8d64-1a068f462632
[X] c:\windows\system32\logfiles\scm\ab771a9f-fb0f-4fa1-8b5f-48186615901e
[X] c:\windows\system32\logfiles\scm\b9bee219-c29e-4310-819c-147a5a0e045e
[X] c:\windows\system32\logfiles\scm\f1369a11-e983-4458-b390-712efa1cba44
[X] c:\windows\system32\logfiles\scm\de8bae53-2809-4f75-85ef-427d364b9b2c
[X] c:\windows\system32\logfiles\scm\bba67ad0-4ba0-4b44-827b-ff419b70c057
[X] c:\windows\system32\logfiles\scm\c90440a0-6d8f-423f-8f42-83eef05ce708
[X] c:\windows\system32\logfiles\scm\d21f6024-191f-4454-bbbc-09a650da2549
[X] c:\windows\system32\logfiles\scm\d622195c-d680-4fea-9c56-59660c7c9e94
[X] c:\windows\system32\logfiles\scm\d8bb5b7f-d0ca-4f67-a3d7-73e1d05f63da
[X] c:\windows\system32\logfiles\scm\de8699d2-8a05-42f7-8a85-5162af47d26a
[X] c:\windows\system32\logfiles\scm\e6f3a527-8b0b-43fa-94eb-584032761924
[X] c:\windows\system32\logfiles\scm\e79b2998-8f63-451a-a56d-26edc0a5098a
[X] c:\windows\system32\logfiles\scm\e8164c0d-216c-4b6b-9eb8-31bf958b8014
[X] c:\windows\system32\logfiles\scm\f93c7104-998a-4a38-b935-775a3138b3c3
[X] c:\windows\system32\logfiles\scm\ffb8486a-9861-4b82-be38-c7f8fb1b6605
[X] c:\windows\system32\microsoft\protect\s-1-5-18\user\preferred
[X] c:\windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.1.7601.17514_none_04801f69e1dbd8e6\microsoft-windows-iis-clientcertificatemappingauthentication-deployment-dl.man
[X] c:\windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.1.7601.17514_none_04801f69e1dbd8e6\microsoft-windows-iis-iiscertificatemappingauthentication-deployment-dl.man
[X] c:\windows\winsxs\x86_microsoft-windows-m..eplacementmanifests_31bf3856ad364e35_6.1.7601.17514_none_fdfbc5f949b9a49e\application-experience-program-compatibility-assistant-replacement.man
[X] c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.1.7600.21448_none_307c24713ff6619a\aaclient.mof
[X] c:\windows\system32\.crusader
[X] c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17940_none_a82d8b59bb293454\lsasrv.mof
[X] c:\windows\winsxs\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_11.2.9600.17501_none_e612d2b497305811\msfeeds.mof
[X] c:\windows\winsxs\x86_microsoft-windows-t..minalservicesclient_31bf3856ad364e35_6.1.7600.21448_none_4e6a6a499b65bb1b\mstsc.mof
[X] c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.1.7600.21448_none_307c24713ff6619a\mstscax.mof
[X] c:\windows\winsxs\x86_wcf-m_sm_mof_31bf3856ad364e35_6.1.7601.18523_none_c66d4ffdde703ef5\servicemodel.mof.uninstall
[X] c:\windows\system32\wbem\tspkg.mof
[X] c:\windows\winsxs\x86_microsoft-windows-coreusermodepnp_31bf3856ad364e35_6.1.7601.17621_none_78fb463d8b38df23\umpnpmgr.mof
[X] c:\windows\winsxs\x86_microsoft-windows-profsvc_31bf3856ad364e35_6.1.7600.17014_none_fbd2404093c8e658\userprofilewmiprovider.mof
[X] c:\windows\winsxs\x86_microsoft-windows-wdf-kernellibrary_31bf3856ad364e35_6.1.7600.17013_none_767300c37f08da42\wdf01000uninstall.mof
[X] c:\windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.1.7600.17184_none_41d58a5422919ce8\wgxinstalledgame.mof
[X] c:\windows\winsxs\x86_microsoft-windows-p..talcontrolssettings_31bf3856ad364e35_6.1.7600.17184_none_f3c1abbd70c40069\wpcuninst.mof
[X] c:\windows\winsxs\x86_microsoft-windows-d..frameworks-usermode_31bf3856ad364e35_6.1.7600.17013_none_9d3179155660574a\wudfxuninstall.mof
[X] c:\windows\winsxs\x86_microsoft-windows-t..tivexcore.resources_31bf3856ad364e35_7.1.7601.16398_en-us_66e72c066fe44655\aaclient.mfl
[X] c:\windows\winsxs\x86_microsoft-windows-t..cesclient.resources_31bf3856ad364e35_7.1.7601.18581_en-us_67c6d3ce5782b13c\mstsc.mfl
[X] c:\windows\winsxs\x86_microsoft-windows-t..tivexcore.resources_31bf3856ad364e35_7.2.7601.18361_en-us_2f2f39790e9dcd84\mstscax.mfl
[X] c:\windows\system32\wbem\en-us\wscenter.mfl
[X] c:\windows\winsxs\x86_microsoft-windows-authentication-authui_31bf3856ad364e35_6.1.7601.22843_none_0e6300c36ce0e937\authui.ptxml
[X] c:\windows\winsxs\x86_microsoft-windows-d..frameworks-usermode_31bf3856ad364e35_6.1.7600.17013_none_9d3179155660574a\driverframeworks-usermode.ptxml
[X] c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.1.7601.18150_none_0d41cdd2ad80020d\prod_wmpplayer.ptxml
[X] c:\windows\winsxs\x86_microsoft-windows-profsvc_31bf3856ad364e35_6.1.7600.17014_none_fbd2404093c8e658\profsvc.ptxml
[X] c:\windows\winsxs\x86_microsoft-windows-timedate_31bf3856ad364e35_6.1.7600.16940_none_8fa8cc3b250187e3\timedate.ptxml
[X] c:\users\monk\appdata\local\google\chrome\user data\chrome_shutdown_ms.txt
[X] c:\windows\winsxs\x86_microsoft-windows-tapisetup_31bf3856ad364e35_6.1.7600.16385_none_69c980e6fc7d9b52\tsec.ini
[X] c:\windows\tapi\tsec.ini
[X] c:\windows\tasks\sa.dat
[X] c:\windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7601.22733_en-us_05fd080209c15da4\_networkingperfcounters_d.ini
[X] c:\windows\winsxs\x86_microsoft-windows-coreos_31bf3856ad364e35_6.1.7601.17787_none_271105689cc96a2c\win.ini
[X] c:\windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7601.22733_en-us_05fd080209c15da4\_dataperfcounters_shared12_neutral_d.ini
[X] c:\windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7601.22733_en-us_05fd080209c15da4\_dataoracleclientperfcounters_shared12_neutral_d.ini
[X] c:\windows\inf\.net data provider for sqlserver\0409\_dataperfcounters_shared12_neutral_d.ini
[X] c:\windows\inf\.net data provider for oracle\0409\_dataoracleclientperfcounters_shared12_neutral_d.ini
[X] c:\users\monk\appdata\roaming\thunderbird\profiles\nj1jebh7.default\traits.dat
[X] c:\windows\winsxs\x86_mscorlib_b77a5c561934e089_6.1.7601.18529_none_9c1371977dfe619b\ksc.nlp
[X] c:\users\monk\appdata\roaming\thunderbird\profiles\nj1jebh7.default\imapmail\imap-mail.outlook.com\msgfilterrules.dat
[X] c:\windows\winsxs\x86_mscorlib_b77a5c561934e089_6.1.7601.18529_none_9c1371977dfe619b\prc.nlp
[X] c:\windows\winsxs\x86_mscorlib_b77a5c561934e089_6.1.7601.18529_none_9c1371977dfe619b\normnfc.nlp
[X] c:\windows\winsxs\x86_mscorlib_b77a5c561934e089_6.1.7601.18529_none_9c1371977dfe619b\normnfd.nlp
[X] c:\windows\winsxs\x86_mscorlib_b77a5c561934e089_6.1.7601.18529_none_9c1371977dfe619b\prcp.nlp
[X] c:\windows\winsxs\x86_mscorlib_b77a5c561934e089_6.1.7601.18529_none_9c1371977dfe619b\xjis.nlp
[X] c:\windows\winsxs\x86_mscorlib_b77a5c561934e089_6.1.7601.18529_none_9c1371977dfe619b\big5.nlp
[X] c:\users\monk\appdata\roaming\thunderbird\profiles\nj1jebh7.default\mail\local folders\msgfilterrules.dat
[X] c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7600.17034_none_10f4bbc015fe69dd\administration.config
[X] c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7600.17034_none_10f4bbc015fe69dd\appcmd.xml
[X] c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7600.17034_none_10f4bbc015fe69dd\applicationhost.config
[X] c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7600.17034_none_10f4bbc015fe69dd\ftp_schema.xml
[X] c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7600.17034_none_10f4bbc015fe69dd\redirection.config
[X] c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7600.17034_none_10f4bbc015fe69dd\rscaext.xml
[X] c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7600.17034_none_10f4bbc015fe69dd\webdav_schema.xml
[X] c:\windows\winsxs\x86_microsoft-windows-msmq-triggers-service_31bf3856ad364e35_6.1.7600.16385_none_27fcd9fd1e58c523\mqtgsvc.exe.cfg
[X] c:\windows\winsxs\x86_microsoft-windows-rascmak_31bf3856ad364e35_6.1.7600.16385_none_1062b6b4da087467\template.cmp
[X] c:\windows\winsxs\x86_microsoft-windows-s..ccessagent-binaries_31bf3856ad364e35_6.1.7600.16385_none_de06b4fbd5b45f78\read me.url
[X] c:\windows\winsxs\x86_subsystem-for-unix-based-applications_31bf3856ad364e35_6.1.7601.17514_none_75efc1b14e31b4e4\download.url
[X] c:\windows\servicing\sessions\sessions.xml
[X] c:\windows\servicing\sessions\sessions.back.xml
[X] c:\windows\panther\contents0.dir
[X] c:\windows\inf\setupapi.dev.log
[X] c:\users\monk\appdata\roaming\thunderbird\profiles\nj1jebh7.default\telemetry.shutdowntime.txt
[X] c:\program files\common files\apple\mobile device support\com.apple.safari.client.resources\english.lproj\localizable.strings
[X] c:\program files\common files\apple\mobile device support\com.apple.outlook.client.resources\english.lproj\localizable.strings
[X] c:\program files\creative\shared files\software update\config.ini
[X] c:\windows\system32\logfiles\scm\cd1fc6c6-59d0-4e0b-8a07-f9dee0491150
[X] c:\windows\system32\logfiles\scm\b3acb81a-50df-446d-9a9c-c1c67d816217
[X] c:\windows\system32\logfiles\scm\d858ab27-f2e8-4156-924b-572921ebab59
[X] c:\windows\system32\logfiles\scm\a3eab81c-c016-4d13-abfc-08c84f7244f5
[X] c:\windows\system32\logfiles\scm\fe6954ba-583f-490d-888f-6edc5b3d3e9d
[X] c:\windows\system32\logfiles\scm\cfa4a40e-6529-4308-a470-5c6afec89406
[X] c:\windows\system32\logfiles\scm\d572be1f-6109-4c3a-839b-95b07f202376
[X] c:\windows\system32\logfiles\scm\5e63e77b-af15-43d1-bf72-c2c720272a39
[X] c:\windows\system32\logfiles\scm\7b3bcbf1-6021-4704-88ba-90a4456b47bb
[X] c:\windows\system32\logfiles\scm\ff495215-21be-4b27-a04e-62577881c217
[X] c:\windows\system32\logfiles\scm\9d3cb83e-25ca-4a5e-9c54-aca402ddceef
[X] c:\windows\system32\logfiles\scm\3ad7f5c3-bb77-4487-a6d6-ced4298801bc
[X] c:\windows\system32\logfiles\scm\c50ab0f6-6952-444a-bdd4-89a53a5c5ad6
[X] c:\windows\system32\logfiles\scm\bb6309f4-df0a-4579-a7d3-82f790efe1e0
[X] c:\windows\system32\logfiles\scm\9c26b03c-f6f8-4d33-8cc6-9f923f4c36be
[X] c:\windows\system32\logfiles\scm\835c877d-9488-403c-b840-79851b923c9e
[X] c:\windows\system32\logfiles\scm\12d95382-0af2-4029-91e0-9aa838fbff2b
[X] c:\windows\system32\logfiles\scm\2975fb21-ee21-44be-bef7-5745e815e077
[X] c:\windows\system32\logfiles\scm\ae58ddbe-a5bc-4b1d-9afe-2075122dbd7d
[X] c:\windows\system32\logfiles\scm\10953616-8bd1-4301-af05-e0bf0e1666b8
[X] c:\windows\system32\logfiles\scm\7ef2e74c-6c77-49b7-be3f-c335b4bec3bd
[X] c:\windows\system32\logfiles\scm\8af5ee4f-b185-4c2f-9842-dbde1be05faa
[X] c:\windows\system32\logfiles\scm\97953dac-9e3c-4f91-a27e-395f5420d6e2
[X] c:\windows\system32\logfiles\scm\4e37e08a-34f2-44cd-8053-21809af0e55b
[X] c:\windows\system32\logfiles\scm\8052b741-e1bb-450d-8a01-750e2fbc7ebf
[X] c:\windows\system32\logfiles\scm\af4bae72-b899-4083-b410-2d76f657a662
[X] c:\windows\system32\logfiles\scm\a15b90b7-8c6d-4aff-b6ef-fb177d09c8a0
[X] c:\windows\system32\logfiles\scm\be696351-ba09-440c-91de-105fa2e48ef7
[X] c:\program files\creative\sound blaster x-fi go pro\volume panel\theme\default\loadfailed.str
[X] c:\users\monk\appdata\local\google\chrome\user data\default\extensions\okfhiodnpcnnnpgbjbhfebjnbagmfhab\2.5.5_0\reenter_password14.js
[X] c:\programdata\microsoft\rac\statedata\racmetadata.dat
[X] c:\windows\system32\logfiles\scm\925c4096-657a-40ea-8577-9e025be83e1e
[X] c:\windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7601.18523_en-us_a2c5e0da97c46aff\_servicemodeloperationperfcounters_d.ini
[X] c:\programdata\checkpoint\zonealarm\logs\zalog.txt
[X] c:\windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7601.18523_en-us_a2c5e0da97c46aff\_servicemodelserviceperfcounters_d.ini
[X] c:\windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7601.18523_en-us_a2c5e0da97c46aff\_transactionbridgeperfcounters_d.ini
[X] c:\windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7601.18523_en-us_a2c5e0da97c46aff\_servicemodelendpointperfcounters_d.ini
[X] c:\users\monk\appdata\locallow\microsoft\silverlight\is\etia343n.iqx\qq2rmsiw.plt\1\g\susquuv41low2fs1nblvzukcfg2ayghm33jak1knwm5ruwwpqnaaahfa\quota.dat
[X] c:\windows\system32\logfiles\wmi\rtbackup\etwrteventlog-security.etl
[X] c:\users\monk\appdata\roaming\thunderbird\crash reports\installtime20141012121702
[X] c:\windows\ctfile.rfc
[X] c:\program files\installshield installation information\{fccda302-32d9-4ae7-a094-4be677554f26}\reginfo.log
[X] c:\program files\creative\sound blaster x-fi go pro\console launcher 3\entertainment console\theme\entertainment\loadfa.str
[X] c:\windows\softwaredistribution\download\ab154afb81af7a657445a2a21e226942\cbshandler\state
[X] c:\users\monk\appdata\local\microsoft\windows\wer\erc\viewedids.resp
[X] c:\windows\system32\microsoft\protect\s-1-5-18\preferred
[X] c:\users\monk\appdata\local\thunderbird\updates\d78bf5dd33499ec2\active-update.xml
[X] c:\programdata\microsoft\windows\drm\blackbox.bin
[X] c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows media\12.0\wmsdknsd.xml
[X] c:\windows\system32\microsoft\protect\s-1-5-19\preferred
[X] c:\programdata\microsoft\crypto\rsa\s-1-5-18\5d91c0b736f4f8dbdd317cf8a037fced_20378b63-26c4-4805-8ee7-3e7e5aad1371
[X] c:\programdata\microsoft\crypto\rsa\s-1-5-18\6d14e4b1d8ca773bab785d1be032546e_20378b63-26c4-4805-8ee7-3e7e5aad1371
[X] c:\users\monk\appdata\local\lptmp1129086521\changemasterpw5.js
[X] c:\users\monk\appdata\local\lptmp1129086521\cmenu-vista-bg.gif
[X] c:\users\monk\appdata\local\lptmp1129086521\create_account4.js
[X] c:\users\monk\appdata\local\lptmp1129086521\dot_for_ie.gif
[X] c:\users\monk\appdata\local\lptmp1129086521\formfill1.js
[X] c:\users\monk\appdata\local\lptmp1129086521\lp_toolstrip17.js
[X] c:\users\monk\appdata\local\lptmp1129086521\lp_toolstrip46.js
[X] c:\users\monk\appdata\local\lptmp1129086521\menu.css
[X] c:\users\monk\appdata\local\lptmp1129086521\omnikey3.js
[X] c:\users\monk\appdata\local\lptmp1129086521\popover7.js
[X] c:\users\monk\appdata\local\lptmp1129086521\reenter_password14.js
[X] c:\users\monk\appdata\local\lptmp1129086521\site11.js
[X] c:\users\monk\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3795844004-4128841395-3337064661-1000\94fadf6a4130b109428117d68c6a3b38_20378b63-26c4-4805-8ee7-3e7e5aad1371
[X] c:\windows\softwaredistribution\download\076bef812c06898d47485ebc00e521a2\cbshandler\state
[X] c:\programdata\creative\product registration\reg.txt
[X] c:\users\monk\appdata\local\google\chrome\user data\default\sync extension settings\laankejkbhbdhmipfmgcngdelahlfoji\current
[X] c:\windows\system32\logfiles\scm\06c7d21b-2d00-452d-a86a-440334ae9d17
[X] c:\users\monk\appdata\roaming\thunderbird\profiles\nj1jebh7.default\virtualfolders.dat
[X] c:\users\monk\appdata\local\google\chrome\user data\default\indexeddb\http_www.netflix.com_0.indexeddb.leveldb\current
[X] c:\users\monk\appdata\local\google\chrome\user data\default\file system\plugins\origins\current
[X] c:\users\monk\appdata\local\google\chrome\user data\default\file system\plugins\000\application_x-ppapi-widevine-cdm\paths\current
[X] c:\windows\softwaredistribution\download\ff274b8b194c07645106a9ad6074d826\cbshandler\state
[X] c:\users\monk\appdata\local\google\chrome\user data\default\pepper data\shockwave flash\writableroot\#sharedobjects\chu3npxa\www.bluehost.com\media\shared\general\trackr.swf\v.sol
[X] c:\windows\softwaredistribution\download\562886972203267fe525e1c83cd8eee1\cbshandler\state
[X] c:\windows\softwaredistribution\download\c73563bd686e9b444dfb981e6cd1606e\cbshandler\state
[X] c:\users\monk\appdata\local\google\chrome\user data\default\file system\plugins\origins\log.old
[X] c:\program files\installshield installation information\{fccda302-32d9-4ae7-a094-4be677554f26}\install.log
[X] c:\windows\softwaredistribution\download\e3df115ccf0fd246c2177d9a8d35c625\cbshandler\state
[X] c:\program files\installshield installation information\{23a1be2a-32d5-4232-b375-ab805b50774b}\install.log
[X] c:\windows\system32\logfiles\scm\528976db-41a8-48e3-aa0a-d768bb182081
[X] c:\windows\softwaredistribution\download\b7d25cb014efc78834cfbc2541761b64\cbshandler\state
[X] c:\program files\installshield installation information\{aaef329e-f353-46c9-933d-24a571986093}\install.log
[X] c:\windows\installer\$patchcache$\managed\271d3094bccdf293393a43acd974efd3\cachesize.txt
[X] c:\users\monk\appdata\local\google\chrome\user data\default\extensions\cknebhggccemgcnbidipinkifmmegdel\3.3_0\js\prefdone.js
[X] c:\users\monk\appdata\local\google\chrome\user data\default\file system\plugins\000\application_x-ppapi-widevine-cdm\paths\log.old
[X] c:\users\monk\appdata\local\google\chrome\user data\default\extensions\cknebhggccemgcnbidipinkifmmegdel\3.3_0\js\content\override.js
[X] c:\windows\softwaredistribution\download\8acb7fdbdb1218c2498573ecfd520d7d\cbshandler\state
[X] c:\users\monk\appdata\local\google\chrome\user data\default\pepper data\shockwave flash\writableroot\#sharedobjects\chu3npxa\entitlement.auth.adobe.com\authorization_access.sol
[X] c:\users\monk\appdata\local\google\chrome\user data\default\extensions\okfhiodnpcnnnpgbjbhfebjnbagmfhab\2.5.5_0\changemasterpw5.js
[X] c:\users\monk\appdata\local\google\chrome\user data\default\extensions\okfhiodnpcnnnpgbjbhfebjnbagmfhab\2.5.5_0\cmenu-vista-bg.gif
[X] c:\users\monk\appdata\local\google\chrome\user data\widevinecdm\1.4.6.703\manifest.fingerprint
[X] c:\users\monk\appdata\local\google\chrome\user data\widevinecdm\1.4.6.703\_platform_specific\win_x86\cdmadapterversion
[X] c:\users\monk\appdata\local\google\chrome\user data\default\extensions\okfhiodnpcnnnpgbjbhfebjnbagmfhab\2.5.5_0\create_account4.js
[X] c:\users\monk\appdata\local\google\chrome\user data\evwhitelist\4\manifest.fingerprint
[X] c:\users\monk\appdata\local\google\chrome\user data\default\extensions\okfhiodnpcnnnpgbjbhfebjnbagmfhab\2.5.5_0\dot_for_ie.gif
[X] c:\users\monk\appdata\roaming\thunderbird\profiles\nj1jebh7.default\times.json
[X] c:\programdata\checkpoint\zonealarm\logs\fwdbglog.txt
[X] c:\windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a0a0b4109acccb2a\_transactionbridgeperfcounters_d.ini
[X] c:\users\monk\appdata\local\google\chrome\user data\default\session storage\current
[X] c:\windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a0a0b4109acccb2a\_servicemodelendpointperfcounters_d.ini
[X] c:\windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a0a0b4109acccb2a\_servicemodeloperationperfcounters_d.ini
[X] c:\windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a0a0b4109acccb2a\_servicemodelserviceperfcounters_d.ini
[X] c:\users\monk\appdata\local\google\chrome\user data\default\extensions\okfhiodnpcnnnpgbjbhfebjnbagmfhab\2.5.5_0\formfill1.js
[X] c:\users\monk\appdata\local\google\chrome\user data\pnacl\0.1.0.13769\manifest.fingerprint
[X] c:\users\monk\appdata\local\google\chrome\user data\default\file system\001\p\paths\current
[X] c:\users\monk\appdata\roaming\thunderbird\profiles\nj1jebh7.default\imapmail\imap.googlemail.com\inbox-3.sbd\2f521d99.sbd\adea54a7.sbd\simon &- jeremy.sbd\memberspeed
[G] c:\windows\system32\dxgi.dll [MD5: D4F264FE23F8953D840904418220C15E] [Flags: 00000000.4662]
[G] c:\windows\system32\dmocx.dll [MD5: EB7B4563D6D20FC663F15FE8581D0BF2] [Flags: 40000000.564]
[G] c:\windows\system32\iconcodecservice.dll [MD5: 523CF74A52C9A1762DA8B83AEE734498] [Flags: 40000000.829]
[G] c:\windows\system32\ipnathlp.dll [MD5: D1A079A0DE2EA524513B6930C24527A2] [Flags: 40000000.875]
[G] c:\windows\system32\windowscodecsext.dll [MD5: 62A6EB5771580CAE445804389F3F7432] [Flags: 00000000.4659]
[G] c:\windows\system32\perfdisk.dll [MD5: B92E9318F7E4AEF633B8EC3A873565AF] [Flags: 40000000.1536]
[G] c:\windows\system32\cnc_bvc.dll [MD5: 437E4B36A8C25E86CB2D87B3BA86414C] [Flags: 00000000.4651]
[G] c:\windows\system32\drivers\nvm62x32.sys [MD5: B5E37E31C053BC9950455A257526514B] [Flags: 00080400.9918]
[G] c:\windows\system32\sstpsvc.dll [MD5: D318F23BE45D5E3A107469EB64815B50] [Flags: 40000000.1911]
[G] c:\windows\system32\xolehlp.dll [MD5: 9D6AA2ADD3F704134EE89C1E58BDFD1B] [Flags: 40000000.2320]
[G] c:\program files\google\update\1.3.25.11\googlecrashhandler.exe [MD5: CB8C1CC4F46FBAC78150754D77460C73] [Flags: 00101000.3329]
[G] c:\program files\mozilla thunderbird\msvcp100.dll [MD5: 03E9314004F504A14A61C3D364B62F66] [Flags: 00001000.3965]
[G] c:\windows\system32\drivers\vsdatant.sys [MD5: 8AEDAF658E36A863DDAA06A79FADECB0] [Flags: 00001000.3518]
[G] c:\windows\microsoft.net\framework\v4.0.30319\wpf\presentationnative_v0400.dll [MD5: AE839020FEE052598F096942C8002C73] [Flags: 00001000.8836]
[G] c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll [MD5: EDB57065790B62EF83BE117AD3EDFDE2] [Flags: 40000000.2716]
[G] c:\windows\helppane.exe [MD5: 2FF3A32F01DF61836FED59D441D8B9DF] [Flags: 50100000.82]
[G] c:\windows\system32\notepad.exe [MD5: D378BFFB70923139D6A4F546864AA61C] [Flags: 40100000.83]
[G] c:\program files\checkpoint\zonealarm\scheduler.dll [MD5: D052EEC9C460A1619F10706D3D59690E] [Flags: 00001000.3509]
[G] c:\program files\checkpoint\zonealarm\vsdb.dll [MD5: 3F34B93F64389C8295144CDA855FAF4A] [Flags: 00001000.3515]
[G] c:\program files\ipod\bin\ipodservice.resources\ipodservice.dll [MD5: CDDBB0C0106C9E6EB6841E69444760FA] [Flags: 00001000.9392]
[G] c:\windows\system32\nsi.dll [MD5: 6377051C63D5552A311935C67E9FDFDC] [Flags: 40000000.1459]
[G] c:\windows\system32\aepic.dll [MD5: FC455888F04CD3B5285168DEFB90C55F] [Flags: 00000000.10428]
[G] c:\program files\superantispyware\sas_enum_cookies.exe [MD5: E5B19F06B5105B110255C7A4A87DB307] [Flags: 00101000.9914]
[G] c:\windows\system32\drivers\nx6000.sys [MD5: 7A0F9CBDBDB135113B9A3C138E20C85D] [Flags: 00001000.8376]
[G] c:\windows\system32\ksppld32.dll [MD5: 23353D6841AECA053197445885F67B77] [Flags: 00000000.10345]
[G] c:\program files\ipod\bin\ipodservice.resources\en.lproj\ipodservicelocalized.dll [MD5: 88F237D6BC0ECC93300AD2891B0C689C] [Flags: 00001000.9379]
[G] c:\windows\microsoft.net\framework\v4.0.30319\wpf\wpfgfx_v0400.dll [MD5: 76C2A3B47FE220E027697CDEF63A72C9] [Flags: 00001000.8786]
[G] c:\program files\itunes\ituneshelper.resources\en.lproj\ituneshelperlocalized.dll [MD5: C65439FC97BE565644D20A159AA38C4A] [Flags: 00001000.9462]
[G] c:\program files\itunes\ituneshelper.resources\ituneshelper.dll [MD5: 0750F7CC03CCAA673270DF11600CCAD6] [Flags: 00001000.9475]
[G] c:\program files\itunes\ituneshelper.dll [MD5: 536A4997067287E261D904E33F253578] [Flags: 00001000.9453]
[G] c:\windows\assembly\nativeimages_v4.0.30319_32\windowsbase\94bbd298ec8575f3c6151a59538a109c\windowsbase.ni.dll [MD5: 22EDF349ABFB29E711E51DB0295A25DE] [Flags: 00000000.8670]
[G] c:\windows\system32\ksapo32.dll [MD5: A0AE91FF79DA41B16A4623C6E166CF9B] [Flags: 00000000.10348]
[G] c:\windows\system32\dpx.dll [MD5: 0C0DF0F05BAEA320FA301F34E256E08B] [Flags: 00000400.4554]
[G] c:\windows\system32\adsnt.dll [MD5: B7D2873EC0487646CCDF740AF748852C] [Flags: 40000000.198]
[G] c:\windows\system32\t2embed.dll [MD5: 6B140B1382F1FE04BA57B196AEB19725] [Flags: 00000000.4502]
[G] c:\windows\system32\pnidui.dll [MD5: 3D6F22551D422F97AACB0BB927E4C846] [Flags: 00000000.4445]
[G] c:\windows\system32\apds.dll [MD5: 7D44EE5DBCC3A6E90EB60EDF72B66D99] [Flags: 40000000.257]
[G] c:\windows\system32\ifmon.dll [MD5: 019C500DBD380CBAFE5417DE8CD267F2] [Flags: 40000000.847]
[G] c:\windows\system32\printfilterpipelineprxy.dll [MD5: 7DF79C77C79FA04DFF150857E53F02A6] [Flags: 40000000.1588]
[G] c:\windows\system32\perfctrs.dll [MD5: EDD2AD141DEBD425D74A52A4D7BE6AC4] [Flags: 40000000.1535]
[G] c:\windows\system32\ole2nls.dll [MD5: 32CFCC848A57F87638E31E8735515F80] [Flags: 40000000.1491]
[G] c:\windows\system32\ole2disp.dll [MD5: EB38BE7D7CF9EC15442A9D24CB39A2AC] [Flags: 40000000.1490]
[G] c:\windows\system32\reg.exe [MD5: D69A9ABBB0D795F21995C2F48C1EB560] [Flags: 40000000.1678]
[G] c:\windows\system32\printfilterpipelinesvc.exe [MD5: 57CA8BEFC6F5AC166CC7160D7792D7C2] [Flags: 40000000.1590]
[G] c:\windows\system32\wcnapi.dll [MD5: C7D5B4171C77DD0B26C5571E7777C355] [Flags: 40000000.2093]
[G] c:\windows\regedit.exe [MD5: 8A4883F5E7AC37444F23279239553878] [Flags: 40000000.85]
[G] c:\windows\system32\cmdrtr.dll.tmp [MD5: FE02416988970A924C302C8E448BB703] [Flags: 00000000.3077]
[G] c:\windows\system32\xmlprovi.dll [MD5: 84785AC06DE6734B4881C839367FE319] [Flags: 40000000.2319]
[G] c:\windows\system32\icmui.dll [MD5: 0096686EB2ACDB36184F49A10652E5FE] [Flags: 40000000.828]
[G] c:\windows\system32\kbdtajik.dll [MD5: 566925A00B8F439D6155F023E9494DEB] [Flags: 00000000.6202]
[G] c:\windows\system32\kbdturme.dll [MD5: BDEB4A838DA1E2D9C9631298FA3D58C5] [Flags: 00000000.4360]
[G] c:\program files\checkpoint\install\install.exe [MD5: 434AAC2219D9573E8FFBB7F946D204BE] [Flags: 00001000.3414]
[G] c:\windows\system32\shsetup.dll [MD5: 5E6E37DC2EFE39EC146271E22A16844F] [Flags: 00000000.4494]
[G] c:\windows\system32\msdtctm.dll [MD5: C43580971DE309516BAFC30DE736C147] [Flags: 00000000.6459]
[G] c:\windows\system32\dxptaskringtone.dll [MD5: 1078F4A06BE5DACDC8429215ADAE8104] [Flags: 00000000.6491]
[G] c:\windows\system32\wmpencen.dll [MD5: 80C5342074711F098A00F71FFF262B3B] [Flags: 00000000.6488]
[G] c:\windows\system32\sound.drv [MD5: 028A1F74926DC3DF2D9629EDC9AEBAFB] [Flags: 40000000.180]
[G] c:\windows\system32\system.drv [MD5: 4A00D59AE6D75BDFC2C8E5182C4B1376] [Flags: 40000000.181]
[G] c:\windows\system32\timer.drv [MD5: 9E7425234ADDEDABC7BF7ADDAFD72FD9] [Flags: 40000000.182]
[G] c:\windows\system32\adsmsext.dll [MD5: D73E4CF4AA1B674F522C995174900076] [Flags: 40000000.197]
[G] c:\windows\system32\iisrstap.dll [MD5: 9DDC99B7B0A004EE28B2EDE5F9C708D6] [Flags: 00000000.10068]
[G] c:\windows\system32\drivers\hitmanpro37.sys [MD5: B3635FD088BA2F6F03A276A961BE6ED2] [Flags: 00001000.3537]
[G] c:\program files\creative\sound blaster x-fi go pro\program\setup.exe [MD5: 74E9631EF29A97C9512C809996D8AD14] [Flags: 00000000.3054]
[G] c:\users\monk\appdata\local\temp\hitmanpro.exe [MD5: BD6C3071F98A563989F99AC61BDDC925] [Flags: 10101000.3534]
[G] c:\windows\assembly\nativeimages_v4.0.30319_32\system.windows.forms\db563d596d76daed04e9b5d25b2f4cb9\system.windows.forms.ni.dll [MD5: 4E886667DD5BC1B44E280404310443C2] [Flags: 00000000.9173]
[G] c:\windows\assembly\nativeimages_v4.0.30319_32\presentationcore\006d28e7c86f3e70db90ce06ea2f33fb\presentationcore.ni.dll [MD5: F27763800CE191CB5EFF9AE204B2338C] [Flags: 00000000.9171]
[G] c:\windows\system32\sdiageng.dll [MD5: B45934FDAEB1710CEC3D8F797FD481CA] [Flags: 40000000.1754]
[G] c:\windows\system32\locator.exe [MD5: 94D36C0E44677DD26981D2BFEEF2A29D] [Flags: 40000000.1149]
[G] c:\windows\system32\snmptrap.exe [MD5: 6A984831644ECA1A33FFEAE4126F4F37] [Flags: 40000000.1815]
[G] c:\windows\system32\ui0detect.exe [MD5: 8344FD4FCE927880AA1AA7681D4927E5] [Flags: 40000000.2006]
[G] c:\windows\system32\jscript9.dll [MD5: F728E7E9937117E0F32F39840EB6D737] [Flags: 00000000.10437]
[G] c:\windows\system32\vds.exe [MD5: C3CD30495687C2A2F66A65CA6FD89BE9] [Flags: 00000000.5105]
[G] c:\windows\assembly\nativeimages_v4.0.30319_32\presentatio5ae0f00f#\3646375313dd2b8e3afecbf945960336\presentationframework.ni.dll [MD5: 98AF3A8430A1D01A14F2F8C48C03013B] [Flags: 00000000.9172]
[G] c:\windows\system32\vssvc.exe [MD5: 209A3B1901B83AEB8527ED211CCE9E4C] [Flags: 00100000.5156]
[G] c:\windows\system32\wbem\wmiapsrv.exe [MD5: 6EB6B66517B048D87DC1856DDF1F4C3F] [Flags: 40100000.2693]
[G] c:\program files\windows media player\wmpnetwk.exe [MD5: 3B40D3A61AA8C21B88AE57C58AB3122E] [Flags: 10100000.4613]
[G] c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7600.16385_none_0935b76c289e0fd5\drupdate.dll [MD5: 4CCF86AAD1B67168FB51A477307EC288] [Flags: 40000000.2786]
[G] c:\windows\winsxs\x86_microsoft-windows-riched32_31bf3856ad364e35_6.1.7601.17514_none_9f081dc1e0ddbddb\riched20.dll [MD5: 102CF6879887BBE846A00C459E6D4ABC] [Flags: 00000000.4505]
[G] c:\windows\winsxs\x86_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_4b094ff5d572404f\swprv.dll [MD5: A28BD92DF340E57B024BA433165D34D7] [Flags: 40000000.1922]
[G] c:\windows\winsxs\x86_microsoft-windows-virtualdiskapilibrary_31bf3856ad364e35_6.1.7600.16385_none_ed38f66d69c578dc\virtdisk.dll [MD5: 88C170086371CC5716010AF223F6F780] [Flags: 40000000.2075]
[G] c:\windows\system32\vss_ps.dll [MD5: 5A8BF4E8810541C23F4067536FB48CA3] [Flags: 40000000.2081]
[G] c:\windows\system32\wpc.dll [MD5: 43C9CF6825CEA58F1815B7C3DBBB385C] [Flags: 00000000.9101]
[G] c:\windows\system32\drivers\diskdump.sys [MD5: 5FB4F271032B6435F3B2252F577A4815] [Flags: 00001000.9176]
[G] c:\windows\system32\drivers\dxgkrnl.sys [MD5: 3583A5A8CC2E682BFFBD4630D0FEC08B] [Flags: 00001000.9177]
[G] c:\windows\system32\drivers\dxgmms1.sys [MD5: 0EC652D17AB4607745FB4E6958E8FAB6] [Flags: 00001000.9178]
[G] c:\windows\system32\drivers\ndiswan.sys [MD5: 38FBE267E7E6983311179230FACB1017] [Flags: 00000000.4264]
[G] c:\windows\system32\drivers\rdpwd.sys [MD5: CD9214A6AE17D188D17C3CF8CB9CC693] [Flags: 00000000.9179]
[G] c:\windows\system32\drivers\storport.sys [MD5: F1A449D762657230629D8BFC107ABC14] [Flags: 00001000.9180]
[G] c:\windows\system32\drivers\wimmount.sys [MD5: 5CF95B35E59E2A38023836FFF31BE64C] [Flags: 40001000.2595]
[G] c:\windows\system32\remotepg.dll [MD5: 292F2FA57EB9B773DA1C15AFCC4A4F90] [Flags: 00000000.4330]
[G] c:\windows\system32\riched32.dll [MD5: B5506B451BFE7148ECA7056BDA2970BD] [Flags: 00000000.4344]
[G] c:\windows\system32\srrstr.dll [MD5: E2864DF592832883151A8D5500A7EAAA] [Flags: 00000000.5000]
[G] c:\windows\system32\useraccountcontrolsettings.dll [MD5: ACA1F50844E08F3F5178E8FF3F21FBC2] [Flags: 00000000.6330]
[G] c:\windows\microsoft.net\framework\v2.0.50727\aspnet_state.exe [MD5: 4DFB39347CE1E8E51AD2D8B124C9D7FA] [Flags: 00001000.9103]
[G] c:\windows\microsoft.net\framework\v3.0\wpf\presentationfontcache.exe [MD5: E56F39F6B7FDA0AC77A79B0FD3DE1A2F] [Flags: 40001000.95]
[G] c:\windows\microsoft.net\framework\v4.0.30319\setupcache\v4.5.50938\setup.exe [MD5: 1DA103F2CF6BBF961FF51E8A1C01C725] [Flags: 10001000.8024]
[X] c:\users\monk\appdata\roaming\thunderbird\profiles\nj1jebh7.default\imapmail\imap.googlemail.com\inbox-3
[X] c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_7.2.7601.22562_none_ebe62f1f66e466c3\mstscax.mof
[X] c:\windows\winsxs\x86_microsoft-windows-t..tivexcore.resources_31bf3856ad364e35_7.2.7601.16415_en-us_2f6979b30e717110\mstscax.mfl
[X] c:\windows\winsxs\x86_microsoft-windows-r..s-regkeys-component_31bf3856ad364e35_7.1.7601.18465_none_22d0e8d4f11faff1\terminalserver-winip.admx
[X] c:\users\monk\appdata\local\google\chrome\user data\default\extensions\okfhiodnpcnnnpgbjbhfebjnbagmfhab\2.5.5_0\lp_toolstrip17.js
[X] c:\users\monk\appdata\local\google\chrome\user data\default\extensions\okfhiodnpcnnnpgbjbhfebjnbagmfhab\2.5.5_0\lp_toolstrip46.js
[X] c:\users\monk\appdata\local\google\chrome\user data\default\extensions\okfhiodnpcnnnpgbjbhfebjnbagmfhab\2.5.5_0\menu.css
[X] c:\users\monk\appdata\local\google\chrome\user data\default\extensions\okfhiodnpcnnnpgbjbhfebjnbagmfhab\2.5.5_0\omnikey3.js
[X] c:\users\monk\appdata\local\google\chrome\user data\default\extensions\okfhiodnpcnnnpgbjbhfebjnbagmfhab\2.5.5_0\popover7.js
[X] c:\users\monk\appdata\local\google\chrome\user data\default\extensions\okfhiodnpcnnnpgbjbhfebjnbagmfhab\2.5.5_0\site11.js
[X] c:\windows\winsxs\x86_mscorlib_b77a5c561934e089_6.1.7601.18529_none_9c1371977dfe619b\sortkey.nlp
[X] c:\users\monk\appdata\local\google\chrome\user data\default\extensions\laankejkbhbdhmipfmgcngdelahlfoji\1.5.7_0\readme.md
[X] c:\users\monk\appdata\local\google\chrome\user data\default\web applications\_crx_aohghmighlieiainnegkcijnfilokake\google docs.ico.md5
[X] c:\users\monk\appdata\local\google\chrome\user data\default\local extension settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\current
[X] c:\windows\softwaredistribution\download\68a932b7d968000f163a56fce4f1c00f\cbshandler\state
[X] c:\users\monk\appdata\local\google\chrome\user data\default\pepper data\shockwave flash\writableroot\#sharedobjects\chu3npxa\s.ytimg.com\sounddata.sol
[X] c:\windows\winsxs\x86_mscorlib_b77a5c561934e089_6.1.7601.18529_none_9c1371977dfe619b\sorttbls.nlp
[X] c:\users\monk\appdata\local\google\chrome\user data\default\sync data\syncdata.sqlite3
[X] c:\programdata\apple computer\itunes\sc info\sc info.txt
[X] c:\users\monk\appdata\local\google\chrome\user data\default\extensions\phjkepckmcnjohilmbjlcoblenhgpjmo\1.0_0\iptools.js
[X] c:\users\monk\appdata\roaming\openoffice\4\user\extensions\tmp\extensions.pmap
[X] c:\windows\microsoft.net\framework\v1.1.4322\asp.netclientfiles\smartnav.htm
[X] c:\windows\microsoft.net\framework\v1.1.4322\1033\setupenu2.txt
[X] c:\windows\microsoft.net\framework\v1.1.4322\1033\setupenu1.txt
[X] c:\program files\installshield installation information\{fbff2411-d066-4d24-bce0-893086009e1b}\install.log
[X] c:\windows\winsxs\x86_microsoft-windows-d..frameworks-usermode_31bf3856ad364e35_6.1.7601.17803_none_9f22cfcb537e712a\driverframeworks-usermode.ptxml
[X] c:\program files\installshield installation information\{12321490-f573-4815-b6cc-7abef18c9ac4}\install.log
[X] c:\windows\microsoft.net\framework\v4.0.30319\asp.netwebadminfiles\images\deselectedtab_1x1.gif
[X] c:\users\monk\appdata\local\google\chrome\user data\default\pepper data\shockwave flash\writableroot\#sharedobjects\chu3npxa\player.ooyala.com\auth.sol
[X] c:\users\monk\appdata\local\google\chrome\user data\default\pepper data\shockwave flash\writableroot\#sharedobjects\chu3npxa\player.ooyala.com\auth_id.sol
[X] c:\windows\winsxs\x86_microsoft-windows-wdf-kernellibrary_31bf3856ad364e35_6.1.7601.17803_none_786457797c26f422\wdf01000uninstall.mof
[X] c:\users\monk\appdata\local\google\chrome\user data\default\extensions\mlomiejdfkolichcflejclcbmpeaniij\5.4.1_0\data\images\page_controls\sprite.conf
[X] c:\users\monk\appdata\local\google\chrome\user data\default\extensions\mlomiejdfkolichcflejclcbmpeaniij\5.4.1_0\data\images\panel\footer\sprite.conf
[X] c:\users\monk\appdata\local\google\chrome\user data\default\extensions\mlomiejdfkolichcflejclcbmpeaniij\5.4.1_0\data\images\panel\header\sprite.conf
[X] c:\users\monk\appdata\local\google\chrome\user data\default\extensions\mlomiejdfkolichcflejclcbmpeaniij\5.4.1_0\data\images\panel\settings\sprite.conf
[X] c:\users\monk\appdata\local\google\chrome\user data\default\extensions\mlomiejdfkolichcflejclcbmpeaniij\5.4.1_0\data\images\panel\tracker\sprite.conf
[X] c:\users\monk\appdata\local\google\chrome\user data\default\extensions\mlomiejdfkolichcflejclcbmpeaniij\5.4.1_0\data\images\panel\tutorial\tutorial_sprites\sprite.conf
[X] c:\users\monk\appdata\local\google\chrome\user data\default\extensions\mlomiejdfkolichcflejclcbmpeaniij\5.4.1_0\license
[X] c:\users\monk\appdata\roaming\thunderbird\crash reports\installtime20141127140543
[X] c:\windows\softwaredistribution\download\c86244f34e58ec764e05aa7a7a00819c\cbshandler\state
[X] c:\users\monk\appdata\local\google\chrome\user data\default\extensions\cknebhggccemgcnbidipinkifmmegdel\3.3_0\xml\default.xml
[X] c:\users\monk\appdata\local\google\chrome\user data\default\extensions\cknebhggccemgcnbidipinkifmmegdel\3.3_0\images\blank.gif
[X] c:\users\monk\appdata\local\google\chrome\user data\default\extensions\cknebhggccemgcnbidipinkifmmegdel\3.3_0\images\bullet.gif
[X] c:\users\monk\appdata\local\google\chrome\user data\default\file system\000\p\paths\log
[X] c:\users\monk\appdata\local\google\chrome\user data\default\extensions\cknebhggccemgcnbidipinkifmmegdel\3.3_0\css\content\override.css
[X] c:\users\monk\appdata\local\google\chrome\user data\default\file system\000\p\paths\manifest-000002
[X] c:\users\monk\appdata\local\google\chrome\user data\default\file system\000\p\paths\current
[X] c:\users\monk\appdata\local\google\chrome\user data\default\file system\000\p\.usage
[X] c:\users\monk\appdata\roaming\microsoft\internet explorer\quick launch\user pinned\implicitappshortcuts\9d91276b0be3e46b\desktop.ini
[X] c:\users\monk\appdata\local\google\chrome\user data\default\extensions\djejicklhojeokkfmdelnempiecmdomj\1.95.22_0\css\apps\apps-common\images\viewport_bg_dots.gif
[X] c:\users\monk\appdata\local\google\chrome\user data\default\web applications\_crx_djejicklhojeokkfmdelnempiecmdomj\lucidchart diagrams - desktop.ico.md5
[X] c:\windows\softwaredistribution\download\67c9fb2eeef4671a4afb5167c11eb4f2\cbshandler\state
[X] c:\users\monk\appdata\local\google\chrome\user data\default\extensions\cfnpidifppmenkapgihekkeednfoenal\0.2.20_0\get_started\images\lightbox-blank.gif
[X] c:\users\monk\appdata\local\google\chrome\user data\default\extensions\cfnpidifppmenkapgihekkeednfoenal\0.2.20_0\img\feedback_o_layer.png
[X] c:\users\monk\appdata\local\google\chrome\user data\default\file system\001\p\.usage
[X] c:\users\monk\appdata\local\google\chrome\user data\default\pepper data\shockwave flash\writableroot\#sharedobjects\chu3npxa\www.hulu.com\ovpmetricsprovider.sol
[X] c:\users\monk\appdata\local\google\chrome\user data\default\pepper data\shockwave flash\writableroot\#sharedobjects\chu3npxa\ssl.p.jwpcdn.com\com.longtailvideo.jwplayer.sol
[X] c:\programdata\checkpoint\zonealarm\logs\tvdebug.log
[X] c:\program files\checkpoint\zonealarm\diagnostics\cp_ini\cpinfoblank.ini
[X] c:\programdata\checkpoint\zonealarm\data\vsconfig.tmp
[X] c:\program files\checkpoint\zonealarm\help\arrowdown.gif
[X] c:\program files\checkpoint\zonealarm\help\arrowright.gif
[X] c:\programdata\microsoft\crypto\rsa\s-1-5-18\4eccd106f69e31c1b12304e5463bb71d_20378b63-26c4-4805-8ee7-3e7e5aad1371
[X] c:\windows\softwaredistribution\download\aba352669c959bb47f28796eb29f2f15\cbshandler\state
[X] c:\windows\softwaredistribution\download\6f481fd49009bf2c236c0ce2a90bc7b1\cbshandler\state
[X] c:\windows\softwaredistribution\download\8d4a9f1c6b9f593c0101f66020f33d5b\cbshandler\state
[X] c:\windows\softwaredistribution\download\460bd04033c6fc5510e5f0581e7cbbcb\cbshandler\state
[X] c:\users\monk\appdata\local\google\chrome\user data\default\gcm store\current
[X] c:\users\monk\appdata\local\google\chrome\user data\default\extension state\current
[X] c:\users\monk\appdata\local\google\chrome\user data\default\sync extension settings\bkkbcggnhapdmkeljlodobbkopceiche\current
[X] c:\windows\softwaredistribution\download\3d70b46759231efdf509451013587466\cbshandler\state
[X] c:\users\monk\appdata\local\google\chrome\user data\default\indexeddb\chrome-extension_mefgmmbdailogpfhfblcnnjfmnpnmdfa_0.indexeddb.leveldb\current
[X] c:\users\monk\appdata\local\google\chrome\user data\default\file system\origins\current
[X] c:\users\monk\appdata\local\google\chrome\user data\default\sync extension settings\lijicndbkjoplmhnclmoahmcaffaeapp\current
[X] c:\users\monk\appdata\local\google\chrome\user data\default\indexeddb\https_www.netflix.com_0.indexeddb.leveldb\current
[X] c:\users\monk\appdata\local\microsoft\internet explorer\domstore\iuzompoq\www.google[1].xml
[X] c:\windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7601.18523_en-us_a2c5e0da97c46aff\_smsvchostperfcounters_d.ini
[X] c:\windows\microsoft.net\framework\v4.0.30319\ngen_service.old.log
[X] c:\users\monk\appdata\local\google\chrome\user data\default\extensions\mefgmmbdailogpfhfblcnnjfmnpnmdfa\2.9.3_0\scripts-core\init-background.js
[X] c:\users\monk\appdata\local\google\chrome\user data\default\extensions\mefgmmbdailogpfhfblcnnjfmnpnmdfa\2.9.3_0\styles\theme-light.css
[X] c:\windows\softwaredistribution\download\c913f0455ea1bdbbf9f88349d6831516\cbshandler\state
[X] c:\users\monk\appdata\local\google\chrome\user data\default\pepper data\shockwave flash\writableroot\#sharedobjects\chu3npxa\entitlement.auth.adobe.com\social_data.sol
[X] c:\windows\softwaredistribution\download\596f403461605fb7641413dc77d8f3e8\cbshandler\state
[X] c:\users\monk\appdata\local\google\chrome\user data\default\pepper data\shockwave flash\writableroot\#sharedobjects\chu3npxa\www.hulu.com\newsiteplayer_volume.sol
[X] c:\nvidia\displaydriver\340.52\win8_winvista_win7\english\gfexperience.nvstreamsrv\amd64\server\steam_appid.txt
[X] c:\nvidia\displaydriver\340.52\win8_winvista_win7\english\gfexperience.nvstreamsrv\steamlauncher\steam_appid.txt
[X] c:\nvidia\displaydriver\340.52\win8_winvista_win7\english\gfexperience.nvstreamsrv\x86\server\steam_appid.txt
[X] c:\windows\softwaredistribution\download\fce24dba18cebaf6d645f784f2b7e79f\cbshandler\state
[X] c:\users\monk\appdata\local\microsoft\internet explorer\domstore\xdz4eumj\www.yahoo[1].xml
[X] c:\users\monk\appdata\local\microsoft\internet explorer\domstore\3i4e85uu\ad.doubleclick[1].xml
[X] c:\users\monk\appdata\local\microsoft\internet explorer\domstore\cru8c0pv\googleads.g.doubleclick[1].xml
[X] c:\users\monk\appdata\locallow\microsoft\silverlight\is\etia343n.iqx\qq2rmsiw.plt\1\s\bdgfajif4tsk2xgqkjspp1wa0lsvp0csud5afwqo42qaxx1y3jaaaega\f\slplayer\gpua.json
[X] c:\users\monk\appdata\local\microsoft\internet explorer\domstore\iuzompoq\bh.contextweb[1].xml
[X] c:\users\monk\appdata\locallow\microsoft\silverlight\is\etia343n.iqx\qq2rmsiw.plt\1\s\bdgfajif4tsk2xgqkjspp1wa0lsvp0csud5afwqo42qaxx1y3jaaaega\id.dat
[X] c:\users\monk\appdata\locallow\microsoft\silverlight\is\etia343n.iqx\qq2rmsiw.plt\1\s\bdgfajif4tsk2xgqkjspp1wa0lsvp0csud5afwqo42qaxx1y3jaaaega\group.dat
[X] c:\users\monk\appdata\locallow\microsoft\silverlight\is\etia343n.iqx\qq2rmsiw.plt\1\g\bdgfajif4tsk2xgqkjspp1wa0lsvp0csud5afwqo42qaxx1y3jaaaega\used.dat
[X] c:\users\monk\appdata\locallow\microsoft\silverlight\is\etia343n.iqx\qq2rmsiw.plt\1\g\bdgfajif4tsk2xgqkjspp1wa0lsvp0csud5afwqo42qaxx1y3jaaaega\id.dat
[X] c:\users\monk\appdata\locallow\microsoft\silverlight\is\etia343n.iqx\qq2rmsiw.plt\1\g\bdgfajif4tsk2xgqkjspp1wa0lsvp0csud5afwqo42qaxx1y3jaaaega\quota.dat
[X] c:\users\monk\appdata\locallow\microsoft\silverlight\is\etia343n.iqx\qq2rmsiw.plt\1\s\ixlvwfia5nv50mwi1jdvturdwolt1bupud12ckuxjcmqbzgqueaaagga\id.dat
[X] c:\users\monk\appdata\locallow\microsoft\silverlight\is\etia343n.iqx\qq2rmsiw.plt\1\s\ixlvwfia5nv50mwi1jdvturdwolt1bupud12ckuxjcmqbzgqueaaagga\group.dat
[X] c:\users\monk\appdata\locallow\microsoft\silverlight\is\etia343n.iqx\qq2rmsiw.plt\1\s\ixlvwfia5nv50mwi1jdvturdwolt1bupud12ckuxjcmqbzgqueaaagga\f\n
[X] c:\users\monk\appdata\locallow\microsoft\silverlight\is\etia343n.iqx\qq2rmsiw.plt\1\g\ixlvwfia5nv50mwi1jdvturdwolt1bupud12ckuxjcmqbzgqueaaagga\used.dat
[X] c:\users\monk\appdata\locallow\microsoft\silverlight\is\etia343n.iqx\qq2rmsiw.plt\1\g\ixlvwfia5nv50mwi1jdvturdwolt1bupud12ckuxjcmqbzgqueaaagga\id.dat
[X] c:\users\monk\appdata\locallow\microsoft\silverlight\is\etia343n.iqx\qq2rmsiw.plt\1\g\ixlvwfia5nv50mwi1jdvturdwolt1bupud12ckuxjcmqbzgqueaaagga\quota.dat
[X] c:\users\monk\desktop\mbar\master.conf
[X] c:\programdata\apple\apple application support\kdrl\lskd.rl
[X] c:\users\monk\appdata\roaming\openoffice\4\user\uno_packages\cache\uno_packages\sv5se8n.tmp_\dict-en.oxt\readme_en_gb_thes.txt
[X] c:\users\monk\appdata\roaming\openoffice\4\user\extensions\bak\extensions.pmap
[X] c:\users\monk\appdata\roaming\openoffice\4\user\extensions\bak\extensions\sv5sdi8.tmp_\dict-en.oxt\readme_en_gb_thes.txt
[X] c:\users\monk\appdata\roaming\thunderbird\profiles\nj1jebh7.default\crashes\store.json.mozlz4
[X] c:\users\monk\appdata\roaming\microsoft\windows\cookies\t50rh5zc.txt
[X] c:\users\monk\appdata\local\google\chrome\user data\default\indexeddb\https_www.google.com_0.indexeddb.leveldb\current
[X] c:\users\monk\appdata\local\microsoft\internet explorer\domstore\xdz4eumj\www.facebook[1].xml
[X] c:\users\monk\appdata\local\microsoft\internet explorer\domstore\cru8c0pv\luxurygreen[1].xml
[X] c:\users\monk\appdata\local\microsoft\internet explorer\domstore\3i4e85uu\cdn.w55c[1].xml
[X] c:\users\monk\appdata\local\microsoft\internet explorer\domstore\iuzompoq\dabplayer[1].xml
[X] c:\windows\microsoft.net\framework\v4.0.30319\asp.netwebadminfiles\images\security_watermark.jpg
[X] c:\windows\microsoft.net\framework\v4.0.30319\asp.netwebadminfiles\images\selectedtab_1x1.gif
[X] c:\windows\microsoft.net\framework\v4.0.30319\asp.netwebadminfiles\images\selectedtab_leftcorner.gif
[X] c:\users\monk\appdata\local\google\chrome\user data\default\pepper data\shockwave flash\writableroot\#sharedobjects\chu3npxa\relevantid.imperium.com\dedupe.swf\glbl.sol
[X] c:\program files\installshield installation information\{7cfa46e3-cc2f-4355-82ae-6012dc3633fd}\setup.log
[X] c:\windows\microsoft.net\framework\v4.0.30319\asp.netwebadminfiles\images\selectedtab_rightcorner.gif
[X] c:\users\monk\appdata\locallow\sun\java\jre1.7.0_71\data1.cab
[X] c:\program files\java\jre7\license
[X] c:\program files\java\jre7\readme.txt
[X] c:\users\monk\appdata\local\apple computer\itunes\cache.db
[X] c:\users\monk\appdata\locallow\microsoft\silverlight\is\etia343n.iqx\qq2rmsiw.plt\1\s\f0w4kvaltrdy2hgvclhm0sfhio4j5e4yc5ii25qshms4sfvycmaaadha\id.dat
[X] c:\users\monk\appdata\locallow\microsoft\silverlight\is\etia343n.iqx\qq2rmsiw.plt\1\s\f0w4kvaltrdy2hgvclhm0sfhio4j5e4yc5ii25qshms4sfvycmaaadha\group.dat
[X] c:\users\monk\appdata\locallow\microsoft\silverlight\is\etia343n.iqx\qq2rmsiw.plt\1\s\f0w4kvaltrdy2hgvclhm0sfhio4j5e4yc5ii25qshms4sfvycmaaadha\f\_n33davp.ls
[X] c:\windows\softwaredistribution\download\0ba2f1006cb02f8ae14e52abb61d0435\cbshandler\state
[X] c:\users\monk\appdata\roaming\thunderbird\profiles\nj1jebh7.default\directorytree.json
[X] c:\users\monk\appdata\locallow\microsoft\silverlight\is\etia343n.iqx\qq2rmsiw.plt\1\g\xuxsq0djtcoyb1b0vvjionhk4cmkqjznp4lan0awkhf2jbtyctaaaaaa\used.dat
[X] c:\users\monk\appdata\locallow\microsoft\silverlight\is\etia343n.iqx\qq2rmsiw.plt\1\g\xuxsq0djtcoyb1b0vvjionhk4cmkqjznp4lan0awkhf2jbtyctaaaaaa\id.dat
[X] c:\program files\openoffice 4\program\redirect.ini
[X] c:\users\monk\appdata\locallow\microsoft\silverlight\is\etia343n.iqx\qq2rmsiw.plt\1\g\xuxsq0djtcoyb1b0vvjionhk4cmkqjznp4lan0awkhf2jbtyctaaaaaa\quota.dat
[X] c:\program files\openoffice 4\program\python-core-2.7.6\lib\__phello__.foo.py
[X] c:\program files\openoffice 4\program\python-core-2.7.6\lib\xml\etree\celementtree.py
[X] c:\windows\system32\macromed\flash\mms.cfg
[X] c:\program files\java\jre7\lib\javafx.properties
[X] c:\program files\java\jre7\lib\zi\africa\abidjan
[X] c:\program files\java\jre7\lib\zi\africa\addis_ababa
[X] c:\program files\java\jre7\lib\zi\africa\asmara
[X] c:\program files\java\jre7\lib\zi\africa\bangui
[X] c:\program files\java\jre7\lib\zi\africa\blantyre
[X] c:\program files\java\jre7\lib\zi\africa\brazzaville
[X] c:\program files\java\jre7\lib\zi\africa\bujumbura
[X] c:\program files\java\jre7\lib\zi\africa\djibouti
[X] c:\program files\java\jre7\lib\zi\africa\douala
[X] c:\program files\java\jre7\lib\zi\africa\harare
[X] c:\program files\java\jre7\lib\zi\africa\kigali
[X] c:\program files\java\jre7\lib\zi\africa\kinshasa
[X] c:\program files\java\jre7\lib\zi\africa\lagos
[X] c:\program files\java\jre7\lib\zi\africa\libreville
[X] c:\program files\java\jre7\lib\zi\africa\lome
[X] c:\program files\java\jre7\lib\zi\africa\luanda
[X] c:\program files\java\jre7\lib\zi\africa\lubumbashi
[X] c:\program files\java\jre7\lib\zi\africa\lusaka
[X] c:\program files\java\jre7\lib\zi\africa\maputo
[X] c:\program files\java\jre7\lib\zi\africa\mbabane
[X] c:\program files\java\jre7\lib\zi\africa\ouagadougou
[X] c:\program files\java\jre7\lib\zi\africa\sao_tome
[X] c:\program files\openoffice 4\program\python-core-2.7.6\lib\lib2to3\__main__.py
[X] c:\program files\openoffice 4\program\python-core-2.7.6\lib\lib2to3\__init__.py
[X] c:\users\monk\appdata\local\microsoft\internet explorer\domstore\xdz4eumj\www.microsoft[1].xml
[X] c:\program files\openoffice 4\program\python-core-2.7.6\lib\lib2to3\fixes\__init__.py
[X] c:\program files\openoffice 4\program\python-core-2.7.6\lib\idlelib\__init__.py
[X] c:\program files\openoffice 4\program\python-core-2.7.6\lib\idlelib\idlever.py
[X] c:\users\monk\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3795844004-4128841395-3337064661-1000\83aa4cc77f591dfc2374580bbd95f6ba_20378b63-26c4-4805-8ee7-3e7e5aad1371
[X] c:\users\monk\appdata\locallow\sun\java\deployment\security\baseline.versions
[X] c:\windows\winsxs\x86_presentationcore_31bf3856ad364e35_6.1.7601.17514_none_ae387c2aee366287\presentationfontcache.exe.config
[X] c:\users\monk\appdata\local\google\chrome\user data\default\pepper data\shockwave flash\writableroot\#sharedobjects\chu3npxa\mysynchrony.com\cctrwebasset\eas\pmfso.swf\rsa_default.sol
[X] c:\program files\openoffice 4\program\python-core-2.7.6\lib\antigravity.py
[X] c:\program files\java\jre7\lib\zi\america\cayman
[X] c:\program files\java\jre7\lib\zi\america\guayaquil
[X] c:\windows\softwaredistribution\download\d918c434697b1a72464c1a2c766b07a5\cbshandler\state
[X] c:\program files\java\jre7\lib\zi\america\panama
[X] c:\program files\java\jre7\lib\zi\america\port_of_spain
[X] c:\program files\java\jre7\lib\zi\antarctica\rothera
[X] c:\program files\java\jre7\lib\zi\antarctica\syowa
[X] c:\program files\java\jre7\lib\zi\antarctica\vostok
[X] c:\program files\java\jre7\lib\zi\asia\aden
[X] c:\program files\java\jre7\lib\zi\asia\bangkok
[X] c:\program files\java\jre7\lib\zi\asia\dubai
[X] c:\program files\java\jre7\lib\zi\asia\kabul
[X] c:\program files\java\jre7\lib\zi\asia\kuwait
[X] c:\program files\java\jre7\lib\zi\asia\muscat
[X] c:\program files\java\jre7\lib\zi\asia\riyadh
[X] c:\program files\java\jre7\lib\zi\atlantic\south_georgia
[X] c:\program files\java\jre7\lib\zi\atlantic\st_helena
[X] c:\program files\java\jre7\lib\zi\est
[X] c:\program files\java\jre7\lib\zi\etc\gmt
[X] c:\program files\java\jre7\lib\zi\etc\gmt+1
[X] c:\program files\java\jre7\lib\zi\etc\gmt+10
[X] c:\program files\java\jre7\lib\zi\etc\gmt+11
[X] c:\program files\java\jre7\lib\zi\etc\gmt+12
[X] c:\program files\java\jre7\lib\zi\etc\gmt+2
[X] c:\program files\java\jre7\lib\zi\etc\gmt+3
[X] c:\program files\java\jre7\lib\zi\etc\gmt+4
[X] c:\program files\java\jre7\lib\zi\etc\gmt+5
[X] c:\program files\java\jre7\lib\zi\etc\gmt+6
[X] c:\program files\java\jre7\lib\zi\etc\gmt+7
[X] c:\program files\java\jre7\lib\zi\etc\gmt+8
[X] c:\program files\java\jre7\lib\zi\etc\gmt+9
[X] c:\program files\java\jre7\lib\zi\etc\gmt-1
[X] c:\program files\java\jre7\lib\zi\etc\gmt-10
[X] c:\program files\java\jre7\lib\zi\etc\gmt-11
[X] c:\program files\java\jre7\lib\zi\etc\gmt-12
[X] c:\program files\java\jre7\lib\zi\etc\gmt-13
[X] c:\program files\java\jre7\lib\zi\etc\gmt-14
[X] c:\program files\java\jre7\lib\zi\etc\gmt-2
[X] c:\program files\java\jre7\lib\zi\etc\gmt-3
[X] c:\program files\java\jre7\lib\zi\etc\gmt-4
[X] c:\program files\java\jre7\lib\zi\etc\gmt-5
[X] c:\program files\java\jre7\lib\zi\etc\gmt-6
[X] c:\program files\java\jre7\lib\zi\etc\gmt-7
[X] c:\program files\java\jre7\lib\zi\etc\gmt-8
[X] c:\program files\java\jre7\lib\zi\etc\gmt-9
[X] c:\program files\java\jre7\lib\zi\etc\uct
[X] c:\program files\java\jre7\lib\zi\etc\utc
[X] c:\program files\java\jre7\lib\zi\gmt
[X] c:\program files\java\jre7\lib\zi\hst
[X] c:\windows\softwaredistribution\download\b761d41d1c712027f119b9dc79260cd5\cbshandler\state
[X] c:\program files\java\jre7\lib\zi\indian\christmas
[X] c:\program files\java\jre7\lib\zi\indian\cocos
[X] c:\windows\softwaredistribution\download\6fe1db0b74c3faff7be27c9d0f2125e2\cbshandler\state
[X] c:\program files\java\jre7\lib\zi\indian\comoro
[X] c:\program files\java\jre7\lib\zi\indian\kerguelen
[X] c:\program files\java\jre7\lib\zi\indian\mahe
[X] c:\program files\java\jre7\lib\zi\indian\maldives
[X] c:\program files\java\jre7\lib\zi\indian\mayotte
[X] c:\program files\java\jre7\lib\zi\indian\reunion
[X] c:\program files\java\jre7\lib\zi\mst
[X] c:\program files\java\jre7\lib\zi\pacific\chuuk
[X] c:\program files\java\jre7\lib\zi\pacific\funafuti
[X] c:\program files\java\jre7\lib\zi\pacific\gambier
[X] c:\program files\java\jre7\lib\zi\pacific\guadalcanal
[X] c:\program files\java\jre7\lib\zi\pacific\guam
[X] c:\program files\java\jre7\lib\zi\pacific\marquesas
[X] c:\program files\java\jre7\lib\zi\pacific\palau
[X] c:\program files\java\jre7\lib\zi\pacific\pohnpei
[X] c:\program files\java\jre7\lib\zi\pacific\port_moresby
[X] c:\users\monk\appdata\local\google\chrome\user data\default\pepper data\shockwave flash\cachewritableadoberoot\assetcache\w883cbt5\cachesize.txt
[X] c:\program files\java\jre7\lib\zi\pacific\tahiti
[X] c:\program files\java\jre7\lib\zi\pacific\tarawa
[X] c:\program files\java\jre7\lib\zi\pacific\wake
[X] c:\program files\java\jre7\lib\zi\pacific\wallis
[X] c:\program files\java\jre7\lib\zi\systemv\ast4
[X] c:\program files\java\jre7\lib\zi\systemv\cst6
[X] c:\program files\java\jre7\lib\zi\systemv\est5
[X] c:\program files\java\jre7\lib\zi\systemv\hst10
[X] c:\program files\java\jre7\lib\zi\systemv\mst7
[X] c:\program files\java\jre7\lib\zi\systemv\pst8
[X] c:\program files\java\jre7\lib\zi\systemv\yst9
[X] c:\windows\softwaredistribution\download\586a8543d812bbdde438343277b29e88\cbshandler\state
[X] c:\windows\softwaredistribution\download\c7e18701384b0c09f116594be0452196\cbshandler\state
[X] c:\windows\softwaredistribution\download\16a43c6308bea837842644f33580bc62\cbshandler\state
[X] c:\windows\softwaredistribution\download\b9a11582ff8a238d28cbbc985bf3645b\cbshandler\state
[X] c:\program files\openoffice 4\help\en\swriter.idxl\segments.gen
[X] c:\windows\softwaredistribution\download\e06e172f507a45bfb9d96ebf97db1186\cbshandler\state
[X] c:\windows\softwaredistribution\download\c59d57d6a1bbccf2e936b3106446f825\cbshandler\state
[X] c:\windows\softwaredistribution\download\1ca680bc3f444dfdaac85b457fb7c0c4\cbshandler\state
[X] c:\windows\softwaredistribution\download\de49ffa19c0c0d3dcd843c01c6323029\cbshandler\state
[X] c:\windows\softwaredistribution\download\685071d2ab2cd0f0bb86595a3d2c27e4\cbshandler\state
[X] c:\windows\softwaredistribution\download\6fcad5c5a978a754a578b66671ac2b0f\cbshandler\state
[X] c:\windows\softwaredistribution\download\c1d1e9e6afae3ea332c6502cae4ffac6\cbshandler\state
[X] c:\windows\softwaredistribution\download\a3b7165cbfd91f0259df53e03a99e7fc\cbshandler\state
[X] c:\windows\softwaredistribution\download\0d6e8ee39ab00ecfb578a4c852ff30e7\cbshandler\state
[X] c:\windows\softwaredistribution\download\27f0ab6ea264d997a48e1587d086e3f3\cbshandler\state
[X] c:\windows\softwaredistribution\download\c26b6605e2a33530a609a1bb6081208d\cbshandler\state
[X] c:\windows\softwaredistribution\download\6b5102113d2a4bb0eb97aab50a6e5e91\cbshandler\state
[X] c:\windows\softwaredistribution\download\7b80ac007227fbb85459100838b74028\cbshandler\state
[X] c:\windows\softwaredistribution\download\1228a0ad05b37d7fe316fdb8408c9f60\cbshandler\state
[X] c:\windows\softwaredistribution\download\e2e36ca35be91bed7032be01f171cd16\cbshandler\state
[X] c:\windows\softwaredistribution\download\f6fc08dacd62538d3e24e317e0159f17\cbshandler\state
[X] c:\windows\softwaredistribution\download\7595be517e5d3a3619b9f2ff2bde8e5f\cbshandler\state
[X] c:\program files\openoffice 4\help\en\smath.idxl\segments.gen
[X] c:\users\monk\appdata\local\microsoft\internet explorer\domstore\iuzompoq\servedby.flashtalking[1].xml
[X] c:\program files\openoffice 4\help\en\simpress.idxl\segments.gen
[X] c:\program files\openoffice 4\help\en\sdraw.idxl\segments.gen
[X] c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16915_none_a66c9bbdbde5f8fa\lsasrv.mof
[X] c:\windows\softwaredistribution\download\42113d81a855547a20911388367ed887\cbshandler\state
[X] c:\program files\openoffice 4\help\en\sdatabase.idxl\segments.gen
[X] c:\windows\softwaredistribution\download\73575e6026f7c6a70912c675a324b40f\cbshandler\state
[X] c:\windows\softwaredistribution\download\1acdc9549b1a43544e7e83cffe1d7522\cbshandler\state
[X] c:\windows\softwaredistribution\download\23eae1c1f881f3c787d6a89a4d332f60\cbshandler\state
[X] c:\windows\softwaredistribution\download\9e6bb21b95a3eddd6e6f06233b367a23\cbshandler\state
[X] c:\windows\softwaredistribution\download\910cdc087bf6683b9f3cf954158e26f9\cbshandler\state
[X] c:\windows\softwaredistribution\download\b4348bed285abc1c33786069e25a6dcb\cbshandler\state
[X] c:\windows\softwaredistribution\download\31fc7b718b15d41d277f448619aae82d\cbshandler\state
[X] c:\windows\softwaredistribution\download\0c42fdc9b5b0ff335be2d80d571f30f3\cbshandler\state
[X] c:\windows\softwaredistribution\download\da1ba4fd1d2f71aa3ded0a61094c1c5f\cbshandler\state
[X] c:\windows\softwaredistribution\download\7f722ea1b516cc9475f6468def760ef9\cbshandler\state
[X] c:\windows\softwaredistribution\download\962133aca7c3c68578e3687aef2c0d32\cbshandler\state
[X] c:\windows\softwaredistribution\download\fd8a318978979f2195a162182560a308\cbshandler\state
[X] c:\program files\java\jre1.8.0_25\license
[X] c:\windows\softwaredistribution\download\7f51ccaefea93ed30fd87c908e76d9b0\cbshandler\state
[X] c:\program files\java\jre1.8.0_25\readme.txt
[X] c:\windows\softwaredistribution\download\8a501f53ca1081ff76e893676d89e8c3\cbshandler\state
[X] c:\windows\softwaredistribution\download\8d6a50dce70f5cc989879094d43144bb\cbshandler\state
[X] c:\windows\softwaredistribution\download\514eea40a3113f1e3f5e58303fb2681e\cbshandler\state
[X] c:\windows\softwaredistribution\download\d67a83d428544e15a88a57ac1107a746\cbshandler\state
[X] c:\windows\softwaredistribution\download\66b66516ce510dc4420abe8e2cf2a589\cbshandler\state
[X] c:\windows\softwaredistribution\download\dd1016fca718906acb1aeb034628ffee\cbshandler\state
[X] c:\windows\softwaredistribution\download\0b94968e8775cb7185af8a03ad1b6a07\cbshandler\state
[X] c:\windows\softwaredistribution\download\a39eb2c976171d9467f26d142a5d06d5\cbshandler\state
[X] c:\windows\softwaredistribution\download\53bc557eafd6bf6a9a8f9d514b267184\cbshandler\state
[X] c:\windows\softwaredistribution\download\f34a866722bc4064512c1cfd159afff9\cbshandler\state
[X] c:\windows\softwaredistribution\download\c568453c2c794c02585ae59fe45aeb37\cbshandler\state
[X] c:\windows\softwaredistribution\download\67237f922738ac9ad9d6bdf1f7d3ba03\cbshandler\state
[X] c:\windows\softwaredistribution\download\bde261020a5547fce03d03eb82f07491\cbshandler\state
[X] c:\windows\softwaredistribution\download\f2545b9ced270332b5d296ae8ae39741\cbshandler\state
[X] c:\windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.1.7601.18429_none_6e2aada17041bde8\apps.inf
[X] c:\windows\softwaredistribution\download\84bcde6525d82e3555a39f33eced8ff3\cbshandler\state
[X] c:\windows\winsxs\x86_microsoft-windows-profsvc_31bf3856ad364e35_6.1.7600.21205_none_fc67af27acdd80af\userprofilewmiprovider.mof
[X] c:\users\monk\appdata\roaming\macromedia\flash player\#sharedobjects\5vkkkh7s\software.hiro.tv\hiro_repo.sol
[X] c:\program files\openoffice 4\help\en\schart.idxl\segments.gen
[X] c:\program files\openoffice 4\help\en\scalc.idxl\segments.gen
[X] c:\users\monk\appdata\local\microsoft\internet explorer\domstore\3i4e85uu\ds.serving-sys[1].xml
[X] c:\users\monk\appdata\roaming\microsoft\windows\cookies\ar6y5hzl.txt
[X] c:\windows\softwaredistribution\download\2c5777c14f310948736202ea06ec9964\cbshandler\state
[X] c:\windows\softwaredistribution\download\96436901232f5a09281bb6461689a1e9\cbshandler\state
[X] c:\windows\softwaredistribution\download\6c1eb21eedb478f6f2b4474d905ec498\cbshandler\state
[X] c:\windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.1.7600.21392_none_425258853bb9231c\wgxinstalledgame.mof
[X] c:\windows\softwaredistribution\download\6f59442d0d9b0cec388373cfdcca70b1\cbshandler\state
[X] c:\windows\softwaredistribution\download\e5c984ca7e478ad6e6576b30b3ee2378\cbshandler\state
[X] c:\windows\softwaredistribution\download\6a62b1a648fbfcfa46ec6e80f5294a83\cbshandler\state
[X] c:\windows\softwaredistribution\download\b473f3081026ce942a0d5aecc6e5f0e0\cbshandler\state
[X] c:\windows\softwaredistribution\download\d49c669e1e4527180770e7a8ebf78c22\cbshandler\state
[X] c:\windows\softwaredistribution\download\4d4e15b93b1a24ed5baf0cc9048bd2bc\cbshandler\state
[X] c:\windows\softwaredistribution\download\633de35b53b324c202e87f69745fc679\cbshandler\state
[X] c:\windows\softwaredistribution\download\0eb87a49fbadc8c9a7181da724a3e719\cbshandler\state
[X] c:\windows\softwaredistribution\download\698325557f95cd573e1456a0c4b3ffb7\cbshandler\state
[X] c:\windows\softwaredistribution\download\6e3cae7d2d364b079cdfc2e23f9f2fd8\cbshandler\state
[X] c:\program files\openoffice 4\help\en\sbasic.idxl\segments.gen
[X] c:\windows\softwaredistribution\download\cfe2e7f5a95c085c8ee98bc14ef24b61\cbshandler\state
[X] c:\windows\softwaredistribution\download\f7944bb699345a779b0256d825681b38\cbshandler\state
[X] c:\windows\softwaredistribution\download\e8367ff5f171b726a20b64b5c7b5e50a\cbshandler\state
[X] c:\windows\softwaredistribution\download\d3d553dd6a1c64ac38f96b479f04a31c\cbshandler\state
[X] c:\windows\softwaredistribution\download\74f74794e094ecf6c6b76ba86144a9f7\cbshandler\state
[X] c:\windows\softwaredistribution\download\537bc6869179218b3f38bee3ea1bb0c1\cbshandler\state
[X] c:\windows\softwaredistribution\download\47ec965beb1de6c0f19ce42ee42fe3fd\cbshandler\state
[X] c:\users\monk\appdata\local\microsoft\internet explorer\domstore\cru8c0pv\cdn.optmd[1].xml
[X] c:\windows\microsoft.net\framework\v4.0.30319\ngen_service.log
[X] c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_7.2.7601.18361_none_eb5b90244dc7b07b\mstscax.mof
[X] c:\users\monk\appdata\local\google\chrome\user data\default\pepper data\shockwave flash\writableroot\#sharedobjects\chu3npxa\audienceinsights.net\pus.sol
[X] c:\windows\softwaredistribution\download\b671bbaf3dd5fbc502c06c5524c44560\cbshandler\state
[X] c:\windows\winsxs\x86_microsoft-windows-audio-audiocore_31bf3856ad364e35_6.1.7601.18619_none_78ac1aa242dd6e60\prod_audio-audiocore.ptxml
[X] c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7600.21224_none_11892a5d2f13eadd\aspnet_schema.xml
[X] c:\windows\softwaredistribution\download\f48871dc225a77d1ef4663dc8195ab2b\cbshandler\state
[X] c:\windows\softwaredistribution\download\9b31962b46954c89046bd4af2c0b4480\cbshandler\state
[X] c:\windows\softwaredistribution\download\5af3a49f306972aa93675ce2c50cb1cd\cbshandler\state
[X] c:\windows\softwaredistribution\download\8b5bd00d8801eb106a82e702080dcd6f\cbshandler\state
[X] c:\windows\softwaredistribution\download\e753ff4c13768edf4ae46028edd5b47d\cbshandler\state
[X] c:\windows\softwaredistribution\download\3078565ee9c3d57943f9f27c36fc8e8d\cbshandler\state
[X] c:\windows\softwaredistribution\download\e81c3a4302da79db6fa8320e4ce4e5f7\cbshandler\state
[X] c:\windows\softwaredistribution\download\57901b478a557a7bc2809f31faa8f07a\cbshandler\state
[X] c:\windows\softwaredistribution\download\ea55f767369de781dfabf50a1bbe0fb1\cbshandler\state
[X] c:\windows\softwaredistribution\download\05872ecffae59ba023d3b7557a37100f\cbshandler\state
[X] c:\windows\softwaredistribution\download\54042710340942ae26706edcef917bf9\cbshandler\state
[X] c:\windows\softwaredistribution\download\657aaeefca7c832c8586775702280d59\cbshandler\state
[X] c:\windows\softwaredistribution\download\1f452d600f106a3c21261c2b1c6815e0\cbshandler\state
[X] c:\windows\winsxs\x86_microsoft-windows-ieframe_31bf3856ad364e35_11.2.9600.17501_none_eaceb5080ad8fcbc\ieframe.ptxml
[X] c:\windows\winsxs\x86_microsoft-windows-ie-timeline_is_31bf3856ad364e35_11.2.9600.17501_none_00024d722646ffbe\timeline.cpu.xml
[X] c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17501_none_996f5b047ee36e8f\microsoft-windows-ie-htmlrendering.ptxml
[X] c:\windows\winsxs\x86_microsoft-windows-ie-f12-provider_31bf3856ad364e35_11.2.9600.17501_none_61696d18c6396bcd\microsoft-windows-ie-f12-provider.ptxml
[X] c:\windows\softwaredistribution\download\d5eb9ec29c6b600160408d87fbd23b7e\cbshandler\state
[X] c:\windows\softwaredistribution\download\dcd8c8566480c3b28b9d52fa3104baea\cbshandler\state
[X] c:\windows\softwaredistribution\download\ce1879397ab9f8e97a3b88e89382b360\cbshandler\state
[X] c:\windows\softwaredistribution\download\91e13f34c24aafe242a7192d7fac9741\cbshandler\state
[X] c:\windows\softwaredistribution\download\3a2783ae11c30896a0bc0dfad116dad3\cbshandler\state
[X] c:\windows\softwaredistribution\download\eb4dbadb3fe9c650aa6f9473e714b435\cbshandler\state
[X] c:\windows\softwaredistribution\download\6f59e55128691830ce784977ff14f053\cbshandler\state
[X] c:\windows\softwaredistribution\download\c9a40652cf60be732d931d312ca3ff06\cbshandler\state
[X] c:\windows\softwaredistribution\download\c0cf220bf0181eb95f6496583795c348\cbshandler\state
[X] c:\windows\softwaredistribution\download\36d86cdfa9c65d0c98797d341ee345d5\cbshandler\state
[X] c:\windows\softwaredistribution\download\720896155d2e074eb7c16f5c4a97e983\cbshandler\state
[X] c:\windows\softwaredistribution\download\5e520c008e733613ea80d7b1e9f155f2\cbshandler\state
[X] c:\windows\softwaredistribution\download\36868b17e03c1fe9c01761267a0851e6\cbshandler\state
[X] c:\windows\softwaredistribution\download\a6a38fde0f4728cd270eacc13f75fa09\cbshandler\state
[X] c:\windows\softwaredistribution\download\0a3dba22e7cd3e82e3719ce8955671b6\cbshandler\state
[X] c:\windows\softwaredistribution\download\a13cb5bf33cd36ad5b350a9373dca1a3\cbshandler\state
[X] c:\windows\softwaredistribution\download\3254bdffe532fe216c85fcc693397fcf\cbshandler\state
[X] c:\windows\softwaredistribution\download\6c1228d2d0e565b83e686e04bbb13148\cbshandler\state
[X] c:\windows\softwaredistribution\download\fbe796456888bf018a22fb48f594647a\cbshandler\state
[X] c:\windows\softwaredistribution\download\1bc708058fac204211b329a0b2bdd235\cbshandler\state
[X] c:\windows\softwaredistribution\download\5d15a5b47d0f85094e669ae021dd158e\cbshandler\state
[X] c:\windows\softwaredistribution\download\171cbecd3b588029d7977e83867e2548\cbshandler\state
[X] c:\windows\softwaredistribution\download\35b8ab475f97c94a8377dea1daeca5a8\cbshandler\state
[X] c:\windows\winsxs\x86_presentationcore_31bf3856ad364e35_6.1.7601.22309_none_aed1cdda0747873f\presentationfontcache.exe.config
[X] c:\windows\softwaredistribution\download\084a10b3829348cef4bb7a928344ec3a\cbshandler\state
[X] c:\windows\softwaredistribution\download\e1c2f8b4daaf444eb3fc668b45d45b15\cbshandler\state
[X] c:\windows\softwaredistribution\download\a6ca9864dfd2d38f019bf28a16eec9f7\cbshandler\state
[X] c:\windows\softwaredistribution\download\2bddda3deb23855bf5569d338a1c647e\cbshandler\state
[X] c:\windows\softwaredistribution\download\33b4f619e0bf522c89c26061e5c029f6\cbshandler\state
[X] c:\windows\softwaredistribution\download\89d436b0f3e078070b369cb26e021d39\cbshandler\state
[X] c:\windows\softwaredistribution\download\3739da5bf023ddad3a94dd19d757e81f\cbshandler\state
[X] c:\windows\softwaredistribution\download\69b31533321659f67856421a622d09c6\cbshandler\state
[X] c:\windows\softwaredistribution\download\8b4bd7649698f9fc07b9242c138a36ee\cbshandler\state
[X] c:\windows\softwaredistribution\download\c70929c0d7535a30620c52a46a61bc8e\cbshandler\state
[X] c:\windows\softwaredistribution\download\49c8810f66c829889bc4ba29fe273acf\cbshandler\state
[X] c:\windows\softwaredistribution\download\2a74aa24cd9e1d4a8f7a3e11185de799\cbshandler\state
[X] c:\windows\softwaredistribution\download\153575f0a1c195f083336037cc2e1a55\cbshandler\state
[X] c:\windows\softwaredistribution\download\372a56330c660538842c929c8a7fc156\cbshandler\state
[X] c:\windows\softwaredistribution\download\db3fab03320e34659402661a2333de94\cbshandler\state
[X] c:\windows\softwaredistribution\download\1653c40552a28474866a88f3eb6d2e3b\cbshandler\state
[X] c:\windows\softwaredistribution\download\ccb2ff3ce5106b48b42ea8885492f1e8\cbshandler\state
[X] c:\windows\softwaredistribution\download\09fa4d660df75137cffc51b2e96f4898\cbshandler\state
[X] c:\windows\softwaredistribution\download\7791b2a4c08283b254733a9ad1271214\cbshandler\state
[X] c:\windows\softwaredistribution\download\5baeeb14bc1153a37049983c7d8f651d\cbshandler\state
[X] c:\windows\softwaredistribution\download\429e958e44d6178d2c99fc2f83a682a5\cbshandler\state
[X] c:\windows\softwaredistribution\download\2eba2ecfa8e6e1198c48746efb302477\cbshandler\state
[X] c:\windows\softwaredistribution\download\7310c276c1162e6244f05a508cf714af\cbshandler\state
[X] c:\windows\softwaredistribution\download\c6fa55397252103b0ef75dccd51d231e\cbshandler\state
[X] c:\windows\softwaredistribution\download\0ff4afd89abdebad0a6c79f45c023fce\cbshandler\state
[X] c:\windows\softwaredistribution\download\004165f08ea8c055008f7cfb8d3a082d\cbshandler\state
[X] c:\windows\softwaredistribution\download\77158b57a130a392ce84224f93744cbd\cbshandler\state
[X] c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.21861_none_a8a284cad4562b09\lsasrv.mof
[X] c:\windows\softwaredistribution\download\d7a5d9394d04f440f1112d982cdf818d\cbshandler\state
[X] c:\windows\softwaredistribution\download\fad36ea067e0c4fa9fa0cbe97bf0c777\cbshandler\state
[X] c:\windows\softwaredistribution\download\81b9b1d79720bf68a18734895b2a1f99\cbshandler\state
[X] c:\windows\softwaredistribution\download\90eb7a44780ea0b7e240af914bbf763f\cbshandler\state
[X] c:\windows\softwaredistribution\download\00a5979893c0db507014f156ca6391f3\cbshandler\state
[X] c:\windows\softwaredistribution\download\991823e18ce4a6c257350441b636ba1f\cbshandler\state
[X] c:\windows\softwaredistribution\download\246ac2781fb64d1bbd4375d931cc7671\cbshandler\state
[X] c:\windows\softwaredistribution\download\53e5f0400712888d390f9f76eace9d70\cbshandler\state
[X] c:\windows\softwaredistribution\download\a15abba60a8ea2e4ed30760cb12b4ba9\cbshandler\state
[X] c:\windows\softwaredistribution\download\4e43027018e15dacde85e7c22423027c\cbshandler\state
[X] c:\windows\softwaredistribution\download\8fe92f2e4536626e9db68aa1f4b08949\cbshandler\state
[X] c:\windows\winsxs\x86_mscorlib_b77a5c561934e089_6.1.7601.22740_none_8548984f97a30df7\bopomofo.nlp
[X] c:\windows\winsxs\x86_mscorlib_b77a5c561934e089_6.1.7601.22740_none_8548984f97a30df7\sorttbls.nlp
[X] c:\windows\winsxs\x86_mscorlib_b77a5c561934e089_6.1.7601.22740_none_8548984f97a30df7\normnfkc.nlp
[X] c:\windows\winsxs\x86_mscorlib_b77a5c561934e089_6.1.7601.22740_none_8548984f97a30df7\normnfkd.nlp
[X] c:\windows\winsxs\x86_mscorlib_b77a5c561934e089_6.1.7601.22740_none_8548984f97a30df7\normidna.nlp
[X] c:\windows\winsxs\x86_mscorlib_b77a5c561934e089_6.1.7601.22740_none_8548984f97a30df7\sortkey.nlp
[X] c:\windows\softwaredistribution\download\c53fc6c593e9e32efb0eec8211105ec4\cbshandler\state
[X] c:\windows\softwaredistribution\download\3d65b647dfefffd1535d1526adcba586\cbshandler\state
[X] c:\windows\softwaredistribution\download\21c7fa0c878173b077cb650ad287a6b8\cbshandler\state
[X] c:\program files\java\jre1.8.0_25\lib\javafx.properties
[X] c:\windows\softwaredistribution\download\1236c6349e86e3d606968efeff248315\cbshandler\state
[X] c:\windows\softwaredistribution\download\be2d15d854c6270bdb7ab6ddb6641839\cbshandler\state
[X] c:\windows\softwaredistribution\download\784a0f909c879df66db0160ca477d7da\cbshandler\state
[X] c:\windows\softwaredistribution\download\df1dbf218a49149916db498eed22fc7e\cbshandler\state
[X] c:\windows\softwaredistribution\download\175db889b9322d52d67a39f9493903c9\cbshandler\state
[X] c:\windows\softwaredistribution\download\4109c36012789b9b158a14abcfc403b9\cbshandler\state
[X] c:\windows\softwaredistribution\download\257fa38a9680386cec9d4ff552cab482\cbshandler\state
[X] c:\windows\softwaredistribution\download\118b7a6d64502bcac5c2e0ce0d6f79e3\cbshandler\state
[X] c:\windows\softwaredistribution\download\962e7a6031b26951d8f7af52a18b605b\cbshandler\state
[X] c:\windows\softwaredistribution\download\865fcf39e73d9a07b851dd60fd0b3e71\cbshandler\state
[X] c:\users\monk\desktop\mbar\mbar.cmd
[X] c:\program files\openoffice 4\share\extensions\package.txt
[X] c:\program files\canon\ij manual\canon mg3500 series\english\egv\common\i_red_arrow.gif
[X] c:\program files\canon\ij manual\canon mg3500 series\english\egv\common\i_red_arrow_r.gif
[X] c:\program files\canon\ij manual\canon mg3500 series\english\egv\screens\sq-bul_p.gif
[X] c:\program files\canon\ij manual\canon mg3500 series\english\egv\screens\sq-bul_y.gif
[X] c:\program files\canon\ij manual\canon mg3500 series\english\egv\_ver.txt
[X] c:\program files\canon\ij manual\canon mg3500 series\english\sa\_ver.txt
[X] c:\windows\winsxs\x86_microsoft-windows-authentication-authui_31bf3856ad364e35_6.1.7601.18493_none_0da34eaa53ebddad\authui.ptxml
[X] c:\windows\softwaredistribution\download\1b0541ae61aca5b5752ce00cc2a868c8\cbshandler\state
[X] c:\users\monk\appdata\locallow\sun\java\deployment\security\blacklisted.certs
[X] c:\programdata\boinc\gui_rpc_auth.cfg
[X] c:\windows\system32\logfiles\scm\1bd0c671-bb6d-4d87-9d0d-1b314d741450
[X] c:\programdata\microsoft\windows defender\scans\mpcache-dd9834d6ab0113117dcfdb1e93f80febef359a61.bin.ve0
[X] c:\windows\softwaredistribution\download\be7dd438eec3282c0ec113e6277e5d2d\cbshandler\state
[X] c:\windows\softwaredistribution\download\bbcbaac2f384092f1a6abfe95821f2bd\cbshandler\state
[X] c:\programdata\wrdata\db9878.db
[X] c:\windows\softwaredistribution\download\b4dfbba2501e3dd2b779398d37512fe3\cbshandler\state
[X] c:\windows\softwaredistribution\download\2cedf615eb73ff18071a3c6fa12a4d22\cbshandler\state
[X] c:\users\monk\appdata\locallow\microsoft\silverlight\is\etia343n.iqx\qq2rmsiw.plt\1\s\qyzgmprsrfvdi1dud3uhxotpjjuckeishl2ttb4tzqqxe1rezlaaaaha\group.dat
[X] c:\users\monk\appdata\locallow\microsoft\silverlight\is\etia343n.iqx\qq2rmsiw.plt\1\s\qyzgmprsrfvdi1dud3uhxotpjjuckeishl2ttb4tzqqxe1rezlaaaaha\f\playerid.txt
[X] c:\users\monk\appdata\locallow\microsoft\silverlight\is\etia343n.iqx\qq2rmsiw.plt\1\g\susquuv41low2fs1nblvzukcfg2ayghm33jak1knwm5ruwwpqnaaahfa\used.dat
[X] c:\users\monk\appdata\locallow\microsoft\silverlight\is\etia343n.iqx\qq2rmsiw.plt\1\g\susquuv41low2fs1nblvzukcfg2ayghm33jak1knwm5ruwwpqnaaahfa\id.dat
[X] c:\windows\microsoft.net\framework\v4.0.30319\asp.netwebadminfiles\webadminnonavbar.master
[X] c:\windows\softwaredistribution\download\910c51323bd5bdac35a5e49020051a14\cbshandler\state
[X] c:\windows\microsoft.net\framework\v4.0.30319\asp.netwebadminfiles\images\unselectedtab_rightcorner.gif
[X] c:\windows\softwaredistribution\download\60c6e4e89df4ed5165ed3826a9d73513\cbshandler\state
[X] c:\windows\softwaredistribution\download\ffc2e0ac4a71d854be40d3639d7caa27\cbshandler\state
[X] c:\windows\softwaredistribution\download\7684f6848c4843e535968b637076f640\cbshandler\state
[X] c:\windows\softwaredistribution\download\4d2c7e951504b4f7a15a23b26bc8ea7d\cbshandler\state
[X] c:\windows\microsoft.net\framework\v4.0.30319\asp.netwebadminfiles\images\unselectedtab_leftcorner.gif
[X] c:\users\monk\appdata\local\google\chrome\user data\default\pepper data\shockwave flash\writableroot\#sharedobjects\chu3npxa\images-na.ssl-images-amazon.com\mercury.sol
[X] c:\windows\system32\korwbrkr.lex
Files Scanned: 27978
Malicious Files: 0
Duration: 38s
 
Some legitimate files are not included in this log
 
The following files are referenced in the system but could not be found:
 
Previous Scan Results
 
 
Current Session System Statistics
 
[05:40 AM] - CPU: 12%, Physical Memory: 17%, Virtual Memory: 4%, Page File: 9%, Processes: 19
 
 
Processes: 57, Modules: 3139 (Depth: 0, Type: 551, Analyzed: 178689, Threads: 28, Center: 0 - 60)
--- End of Scan Log ---
 
Sun 2014-11-30 03:12:50.0948 Begin Installation
Sun 2014-11-30 03:12:51.0197 Installation successfully completed (WSARETAIL.EXE/2713)
Sun 2014-11-30 03:12:51.0244 >>> Service started [v8.0.5.111]
Sun 2014-11-30 03:12:52.0008 User process connected successfully from PID 3372, Session 1
Sun 2014-11-30 03:12:52.0102 Protection enabled
Sun 2014-11-30 03:12:54.0130 Connecting to 43 - 43
Sun 2014-11-30 03:12:59.0496 Loading package: 4/16777770
Sun 2014-11-30 03:13:08.0248 Saved updated configuration
Sun 2014-11-30 03:13:08.0264 Scan Started:  [ID: 1 - Flags: 551/16]
Sun 2014-11-30 03:13:25.0002 Loading package: 3/16777234
Sun 2014-11-30 03:13:56.0327 Connected to A3
Sun 2014-11-30 03:13:56.0343 Infection detected: c:\users\monk\desktop\free_download_setup.exe [MD5: BBE03422FB56EF90D4E112D8273B8FF4] [3/40081000] [Pua.Secure.Installer]
Sun 2014-11-30 03:13:56.0686 Scan Results: Files Scanned: 28034, Duration: 48s, Malicious Files: 1
Sun 2014-11-30 03:13:56.0811 Scan Finished: [ID: 1 - Seq: 2147000000]
Sun 2014-11-30 03:14:04.0190 Determination flags modified: c:\users\monk\desktop\free_download_setup.exe - MD5: BBE03422FB56EF90D4E112D8273B8FF4, Size: 793240 bytes, Flags: 00000020
Sun 2014-11-30 03:14:17.0184 Performing cleanup entry: 1
Sun 2014-11-30 03:14:20.0835 Begin passive write scan (1 file(s))
Sun 2014-11-30 03:14:21.0006 Scan Started:  [ID: 2 - Flags: 551/144]
Sun 2014-11-30 03:14:21.0069 End passive write scan (1 file(s))
Sun 2014-11-30 03:14:37.0215 Scan Results: Files Scanned: 28146, Duration: 16s, Malicious Files: 0
Sun 2014-11-30 03:14:37.0215 Scan Finished: [ID: 2 - Seq: 2147000000]
Sun 2014-11-30 03:19:05.0580 Saved updated configuration
Sun 2014-11-30 03:19:45.0921 Saved updated configuration
Sun 2014-11-30 03:19:56.0909 Scan Started:  [ID: 3 - Flags: 551/0]
Sun 2014-11-30 03:20:07.0439 Scan Results: Files Scanned: 23126, Duration: 10s, Malicious Files: 0
Sun 2014-11-30 03:20:07.0439 Scan Finished: [ID: 3 - Seq: 2147000000]
Sun 2014-11-30 03:20:40.0616 Begin passive write scan (4 file(s))
Sun 2014-11-30 03:20:41.0302 End passive write scan (4 file(s))
Sun 2014-11-30 03:20:43.0705 Begin passive write scan (1 file(s))
Sun 2014-11-30 03:20:44.0391 End passive write scan (1 file(s))
Sun 2014-11-30 03:20:52.0971 Begin passive write scan (14 file(s))
Sun 2014-11-30 03:20:53.0767 End passive write scan (14 file(s))
Sun 2014-11-30 03:29:25.0536 Begin passive write scan (4 file(s))
Sun 2014-11-30 03:29:26.0768 End passive write scan (4 file(s))
Sun 2014-11-30 03:29:28.0624 Begin passive write scan (4 file(s))
Sun 2014-11-30 03:29:29.0077 End passive write scan (4 file(s))
Sun 2014-11-30 03:51:24.0163 Begin passive write scan (2 file(s))
Sun 2014-11-30 03:50:13.0393 End passive write scan (2 file(s))
Sun 2014-11-30 03:50:15.0163 Begin passive write scan (6 file(s))
Sun 2014-11-30 03:50:15.0793 End passive write scan (6 file(s))
Sun 2014-11-30 03:50:18.0163 Begin passive write scan (1 file(s))
Sun 2014-11-30 03:50:18.0793 End passive write scan (1 file(s))
Sun 2014-11-30 03:51:06.0163 Begin passive write scan (2 file(s))
Sun 2014-11-30 03:51:06.0393 End passive write scan (2 file(s))
Sun 2014-11-30 03:51:09.0163 Begin passive write scan (1 file(s))
Sun 2014-11-30 03:51:10.0293 End passive write scan (1 file(s))
Sun 2014-11-30 03:51:15.0163 Begin passive write scan (11 file(s))
Sun 2014-11-30 03:51:15.0793 End passive write scan (11 file(s))
Sun 2014-11-30 03:51:18.0163 Begin passive write scan (7 file(s))
Sun 2014-11-30 03:51:18.0793 End passive write scan (7 file(s))
Sun 2014-11-30 03:51:21.0163 Begin passive write scan (1 file(s))
Sun 2014-11-30 03:51:21.0793 End passive write scan (1 file(s))
Sun 2014-11-30 03:52:39.0163 Begin passive write scan (1 file(s))
Sun 2014-11-30 03:51:24.0393 End passive write scan (2 file(s))
Sun 2014-11-30 03:51:27.0163 Begin passive write scan (9 file(s))
Sun 2014-11-30 03:51:27.0783 End passive write scan (9 file(s))
Sun 2014-11-30 03:51:30.0163 Begin passive write scan (1 file(s))
Sun 2014-11-30 03:51:30.0793 End passive write scan (1 file(s))
Sun 2014-11-30 03:51:33.0163 Begin passive write scan (1 file(s))
Sun 2014-11-30 03:51:33.0393 End passive write scan (1 file(s))
Sun 2014-11-30 03:51:36.0163 Begin passive write scan (5 file(s))
Sun 2014-11-30 03:51:37.0293 End passive write scan (5 file(s))
Sun 2014-11-30 03:51:39.0163 Begin passive write scan (1 file(s))
Sun 2014-11-30 03:51:39.0393 End passive write scan (1 file(s))
Sun 2014-11-30 03:51:42.0163 Begin passive write scan (1 file(s))
Sun 2014-11-30 03:51:42.0393 End passive write scan (1 file(s))
Sun 2014-11-30 03:51:51.0163 Begin passive write scan (13 file(s))
Sun 2014-11-30 03:51:51.0793 End passive write scan (13 file(s))
Sun 2014-11-30 03:51:54.0163 Begin passive write scan (2 file(s))
Sun 2014-11-30 03:51:54.0393 End passive write scan (2 file(s))
Sun 2014-11-30 03:51:57.0163 Begin passive write scan (42 file(s))
Sun 2014-11-30 03:51:57.0893 End passive write scan (42 file(s))
Sun 2014-11-30 03:52:00.0163 Begin passive write scan (3 file(s))
Sun 2014-11-30 03:52:00.0793 End passive write scan (3 file(s))
Sun 2014-11-30 03:52:03.0163 Begin passive write scan (5 file(s))
Sun 2014-11-30 03:52:03.0793 End passive write scan (5 file(s))
Sun 2014-11-30 03:52:06.0163 Begin passive write scan (1 file(s))
Sun 2014-11-30 03:52:06.0393 End passive write scan (1 file(s))
Sun 2014-11-30 03:52:09.0163 Begin passive write scan (2 file(s))
Sun 2014-11-30 03:52:09.0393 End passive write scan (2 file(s))
Sun 2014-11-30 03:52:12.0163 Begin passive write scan (3 file(s))
Sun 2014-11-30 03:52:12.0793 End passive write scan (3 file(s))
Sun 2014-11-30 03:52:15.0163 Begin passive write scan (3 file(s))
Sun 2014-11-30 03:52:15.0793 End passive write scan (3 file(s))
Sun 2014-11-30 03:52:18.0163 Begin passive write scan (7 file(s))
Sun 2014-11-30 03:52:18.0793 End passive write scan (7 file(s))
Sun 2014-11-30 03:52:21.0163 Begin passive write scan (1 file(s))
Sun 2014-11-30 03:52:21.0383 End passive write scan (1 file(s))
Sun 2014-11-30 03:52:24.0163 Begin passive write scan (23 file(s))
Sun 2014-11-30 03:52:24.0893 End passive write scan (23 file(s))
Sun 2014-11-30 03:52:27.0163 Begin passive write scan (2 file(s))
Sun 2014-11-30 03:52:27.0393 End passive write scan (2 file(s))
Sun 2014-11-30 03:52:30.0163 Begin passive write scan (4 file(s))
Sun 2014-11-30 03:52:30.0783 End passive write scan (4 file(s))
Sun 2014-11-30 03:52:33.0163 Begin passive write scan (2 file(s))
Sun 2014-11-30 03:52:33.0393 End passive write scan (2 file(s))
Sun 2014-11-30 03:52:36.0163 Begin passive write scan (11 file(s))
Sun 2014-11-30 03:52:36.0993 End passive write scan (11 file(s))
Sun 2014-11-30 03:52:39.0163 Begin passive write scan (1 file(s))
Sun 2014-11-30 03:52:39.0393 End passive write scan (1 file(s))
Sun 2014-11-30 03:52:42.0163 Begin passive write scan (11 file(s))
Sun 2014-11-30 03:52:42.0793 End passive write scan (11 file(s))
Sun 2014-11-30 03:52:45.0163 Begin passive write scan (6 file(s))
Sun 2014-11-30 03:52:45.0793 End passive write scan (6 file(s))
Sun 2014-11-30 03:52:48.0163 Begin passive write scan (10 file(s))
Sun 2014-11-30 03:52:48.0783 End passive write scan (10 file(s))
Sun 2014-11-30 03:52:51.0163 Begin passive write scan (16 file(s))
Sun 2014-11-30 03:52:51.0793 End passive write scan (16 file(s))
Sun 2014-11-30 03:53:03.0163 Begin passive write scan (2 file(s))
Sun 2014-11-30 03:53:03.0793 End passive write scan (2 file(s))
Sun 2014-11-30 03:53:06.0163 Begin passive write scan (5 file(s))
Sun 2014-11-30 03:53:06.0793 End passive write scan (5 file(s))
Sun 2014-11-30 03:53:09.0163 Begin passive write scan (5 file(s))
Sun 2014-11-30 03:53:09.0793 End passive write scan (5 file(s))
Sun 2014-11-30 03:53:12.0163 Begin passive write scan (6 file(s))
Sun 2014-11-30 03:53:12.0793 End passive write scan (6 file(s))
Sun 2014-11-30 03:53:24.0553 Begin passive write scan (7 file(s))
Sun 2014-11-30 03:53:25.0183 End passive write scan (7 file(s))
Sun 2014-11-30 03:53:45.0553 Begin passive write scan (9 file(s))
Sun 2014-11-30 03:53:46.0173 End passive write scan (9 file(s))
Sun 2014-11-30 03:53:48.0553 Begin passive write scan (2 file(s))
Sun 2014-11-30 03:53:49.0173 End passive write scan (2 file(s))
Sun 2014-11-30 03:53:57.0553 Begin passive write scan (19 file(s))
Sun 2014-11-30 03:53:58.0183 End passive write scan (19 file(s))
Sun 2014-11-30 03:54:00.0553 Begin passive write scan (10 file(s))
Sun 2014-11-30 03:54:01.0183 End passive write scan (10 file(s))
Sun 2014-11-30 03:54:03.0553 Begin passive write scan (1 file(s))
Sun 2014-11-30 03:54:03.0783 End passive write scan (1 file(s))
Sun 2014-11-30 03:54:06.0553 Begin passive write scan (1 file(s))
Sun 2014-11-30 03:54:06.0783 End passive write scan (1 file(s))
Sun 2014-11-30 03:54:09.0553 Begin passive write scan (6 file(s))
Sun 2014-11-30 03:54:10.0183 End passive write scan (6 file(s))
Sun 2014-11-30 03:54:12.0553 Begin passive write scan (1 file(s))
Sun 2014-11-30 03:54:13.0173 End passive write scan (1 file(s))
Sun 2014-11-30 03:54:15.0553 Begin passive write scan (2 file(s))
Sun 2014-11-30 03:54:15.0783 End passive write scan (2 file(s))
Sun 2014-11-30 03:54:53.0165 System shutting down.
Sun 2014-11-30 03:54:54.0241 Configuration Saved: CSCS621814FD62EC7C28BAF28ABEE3145AE9,00011,00021,00031,00040,00051,00061,00070,00081,00091,000A1,000B1,000C1,000D0,000E1,000F0,00106,001147,00120,00130,00140,00151,00160,00170,00181,00191,001A0,001B0,001C0,001D1,001E1,001F1,00201,00211,00221,00231,00241,00251,00260,00270,00281,00291,002A0,002B1,002C1,002D0,002E1,002F1,00301,00311,00321,00331,00341,00351,00361,00371,00381,00390,003A1,003B1,003C2,003D1,003E1,003F1,00401,00411,00421,00431,00441,00451,00461,00471,00481,00491,004A1,004B1,004C1,004D1,004E1,004F1,00501,00511,00521,00530,00541,00551,00561,00571,00581,00591,005A1,005B1,005C0,005D0,005E1,005F0,00601,00613,00620,00630,00641,00653,00663,00673,00681,00693,006A0,006B0,006C1,006D2,006E0,006F0,00701,00711,00720,00730,00741,00753,00760,00770,00781,00791,007A0,007B0,007C0,007D0,007E0,007F0,00800,00810,00820,00830,00840,00850,00861,00870,00880,00891,008A0,008B0,008C0,008D0,008E0,008F0,00900,00910,00920,00930,00940,00950,00960,00970,00980,00990,009A0,009B0,009C0,009D0,009E0,009F0,00A00,00A10,00A20,00A30,00A40,00A50,00A60,00A70,00A80,00A90,00AA0,00AB0,00AC0,00AD0,00AE0,00AF0,00B00,00B11,00B20,00B30,00B40,00B50,00B60,00B70,00B80,00B90,00BA0,00BB0,00BC0,00BD0,00BE0,00BF0,00C00,
Sun 2014-11-30 03:54:54.0241 <<< Service shut down successfully. Uptime: 42 minute(s)
Sun 2014-11-30 03:55:53.0134 >>> Service started [v8.0.5.111]
Sun 2014-11-30 03:56:19.0873 User process connected successfully from PID 796, Session 1
Sun 2014-11-30 03:56:24.0834 Connecting to 43 - 43
Sun 2014-11-30 03:58:01.0316 Begin passive write scan (1 file(s))
Sun 2014-11-30 03:58:01.0536 End passive write scan (1 file(s))
Sun 2014-11-30 03:59:20.0231 Begin passive write scan (1 file(s))
Sun 2014-11-30 03:59:21.0354 End passive write scan (1 file(s))
Sun 2014-11-30 03:59:29.0497 Begin passive write scan (1 file(s))
Sun 2014-11-30 03:59:29.0747 End passive write scan (1 file(s))
Sun 2014-11-30 03:59:33.0007 System shutting down.
Sun 2014-11-30 03:59:34.0224 Configuration Saved: CSCS621814FD62EC7C28BAF28ABEE3145AE9,00011,00021,00031,00040,00051,00061,00070,00081,00091,000A1,000B1,000C1,000D0,000E1,000F0,00106,001147,00120,00130,00140,00151,00160,00170,00181,00191,001A0,001B0,001C0,001D1,001E1,001F1,00201,00211,00221,00231,00241,00251,00260,00270,00281,00291,002A0,002B1,002C1,002D0,002E1,002F1,00301,00311,00321,00331,00341,00351,00361,00371,00381,00390,003A1,003B1,003C2,003D1,003E1,003F1,00401,00411,00421,00431,00441,00451,00461,00471,00481,00491,004A1,004B1,004C1,004D1,004E1,004F1,00501,00511,00521,00530,00541,00551,00561,00571,00581,00591,005A1,005B1,005C0,005D0,005E1,005F0,00601,00613,00620,00630,00641,00653,00663,00673,00681,00693,006A0,006B0,006C1,006D2,006E0,006F0,00701,00711,00720,00730,00741,00753,00760,00770,00781,00791,007A0,007B0,007C0,007D0,007E0,007F0,00800,00810,00820,00830,00840,00850,00861,00870,00880,00891,008A0,008B0,008C0,008D0,008E0,008F0,00900,00910,00920,00930,00940,00950,00960,00970,00980,00990,009A0,009B0,009C0,009D0,009E0,009F0,00A00,00A10,00A20,00A30,00A40,00A50,00A60,00A70,00A80,00A90,00AA0,00AB0,00AC0,00AD0,00AE0,00AF0,00B00,00B11,00B20,00B30,00B40,00B50,00B60,00B70,00B80,00B90,00BA0,00BB0,00BC0,00BD0,00BE0,00BF0,00C00,
Sun 2014-11-30 03:59:34.0224 <<< Service shut down successfully. Uptime: 3 minute(s)
Sun 2014-11-30 04:00:31.0703 >>> Service started [v8.0.5.111]
Sun 2014-11-30 04:00:45.0538 User process connected successfully from PID 752, Session 1
Sun 2014-11-30 04:01:05.0052 Connecting to 43 - 43
Sun 2014-11-30 04:02:42.0058 Begin passive write scan (2 file(s))
Sun 2014-11-30 04:02:42.0292 End passive write scan (2 file(s))
Sun 2014-11-30 04:03:17.0033 Monitoring process C:\Windows\System32\PnPutil.exe [CD295D076FFA61A666761B4D94A135FF]. Type: 3 (3094)
Sun 2014-11-30 04:03:17.0033 Monitoring process C:\Windows\System32\PnPutil.exe [CD295D076FFA61A666761B4D94A135FF]. Type: 4 (3094)
Sun 2014-11-30 04:03:17.0033 Monitoring process C:\Windows\System32\PnPutil.exe [CD295D076FFA61A666761B4D94A135FF]. Type: 5 (3094)
Sun 2014-11-30 04:03:17.0033 Monitoring process C:\Windows\System32\PnPutil.exe [CD295D076FFA61A666761B4D94A135FF]. Type: 7 (3094)
Sun 2014-11-30 04:03:17.0033 Monitoring process C:\Windows\System32\PnPutil.exe [CD295D076FFA61A666761B4D94A135FF]. Type: 8 (3094)
Sun 2014-11-30 04:03:32.0190 System shutting down.
Sun 2014-11-30 04:03:33.0251 Configuration Saved: CSCS621814FD62EC7C28BAF28ABEE3145AE9,00011,00021,00031,00040,00051,00061,00070,00081,00091,000A1,000B1,000C1,000D0,000E1,000F0,00106,001147,00120,00130,00140,00151,00160,00170,00181,00191,001A0,001B0,001C0,001D1,001E1,001F1,00201,00211,00221,00231,00241,00251,00260,00270,00281,00291,002A0,002B1,002C1,002D0,002E1,002F1,00301,00311,00321,00331,00341,00351,00361,00371,00381,00390,003A1,003B1,003C2,003D1,003E1,003F1,00401,00411,00421,00431,00441,00451,00461,00471,00481,00491,004A1,004B1,004C1,004D1,004E1,004F1,00501,00511,00521,00530,00541,00551,00561,00571,00581,00591,005A1,005B1,005C0,005D0,005E1,005F0,00601,00613,00620,00630,00641,00653,00663,00673,00681,00693,006A0,006B0,006C1,006D2,006E0,006F0,00701,00711,00720,00730,00741,00753,00760,00770,00781,00791,007A0,007B0,007C0,007D0,007E0,007F0,00800,00810,00820,00830,00840,00850,00861,00870,00880,00891,008A0,008B0,008C0,008D0,008E0,008F0,00900,00910,00920,00930,00940,00950,00960,00970,00980,00990,009A0,009B0,009C0,009D0,009E0,009F0,00A00,00A10,00A20,00A30,00A40,00A50,00A60,00A70,00A80,00A90,00AA0,00AB0,00AC0,00AD0,00AE0,00AF0,00B00,00B11,00B20,00B30,00B40,00B50,00B60,00B70,00B80,00B90,00BA0,00BB0,00BC0,00BD0,00BE0,00BF0,00C00,
Sun 2014-11-30 04:03:33.0251 <<< Service shut down successfully. Uptime: 3 minute(s)
Sun 2014-11-30 04:04:27.0476 >>> Service started [v8.0.5.111]
Sun 2014-11-30 04:04:36.0243 User process connected successfully from PID 748, Session 1
Sun 2014-11-30 04:04:59.0320 Connecting to 43 - 43
Sun 2014-11-30 04:06:33.0325 Begin passive write scan (1 file(s))
Sun 2014-11-30 04:06:33.0575 End passive write scan (1 file(s))
Sun 2014-11-30 04:07:22.0708 Begin passive write scan (16 file(s))
Sun 2014-11-30 04:07:23.0925 End passive write scan (16 file(s))
Sun 2014-11-30 04:07:25.0891 Begin passive write scan (37 file(s))
Sun 2014-11-30 04:07:29.0635 End passive write scan (37 file(s))
Sun 2014-11-30 04:07:31.0912 System shutting down.
Sun 2014-11-30 04:07:33.0160 Configuration Saved: CSCS621814FD62EC7C28BAF28ABEE3145AE9,00011,00021,00031,00040,00051,00061,00070,00081,00091,000A1,000B1,000C1,000D0,000E1,000F0,00106,001147,00120,00130,00140,00151,00160,00170,00181,00191,001A0,001B0,001C0,001D1,001E1,001F1,00201,00211,00221,00231,00241,00251,00260,00270,00281,00291,002A0,002B1,002C1,002D0,002E1,002F1,00301,00311,00321,00331,00341,00351,00361,00371,00381,00390,003A1,003B1,003C2,003D1,003E1,003F1,00401,00411,00421,00431,00441,00451,00461,00471,00481,00491,004A1,004B1,004C1,004D1,004E1,004F1,00501,00511,00521,00530,00541,00551,00561,00571,00581,00591,005A1,005B1,005C0,005D0,005E1,005F0,00601,00613,00620,00630,00641,00653,00663,00673,00681,00693,006A0,006B0,006C1,006D2,006E0,006F0,00701,00711,00720,00730,00741,00753,00760,00770,00781,00791,007A0,007B0,007C0,007D0,007E0,007F0,00800,00810,00820,00830,00840,00850,00861,00870,00880,00891,008A0,008B0,008C0,008D0,008E0,008F0,00900,00910,00920,00930,00940,00950,00960,00970,00980,00990,009A0,009B0,009C0,009D0,009E0,009F0,00A00,00A10,00A20,00A30,00A40,00A50,00A60,00A70,00A80,00A90,00AA0,00AB0,00AC0,00AD0,00AE0,00AF0,00B00,00B11,00B20,00B30,00B40,00B50,00B60,00B70,00B80,00B90,00BA0,00BB0,00BC0,00BD0,00BE0,00BF0,00C00,
Sun 2014-11-30 04:07:33.0160 <<< Service shut down successfully. Uptime: 3 minute(s)
Sun 2014-11-30 04:08:27.0710 >>> Service started [v8.0.5.111]
Sun 2014-11-30 04:09:08.0100 System shutting down.
Sun 2014-11-30 04:09:09.0707 Configuration Saved: CSCS621814FD62EC7C28BAF28ABEE3145AE9,00011,00021,00031,00040,00051,00061,00070,00081,00091,000A1,000B1,000C1,000D0,000E1,000F0,00106,001147,00120,00130,00140,00151,00160,00170,00181,00191,001A0,001B0,001C0,001D1,001E1,001F1,00201,00211,00221,00231,00241,00251,00260,00270,00281,00291,002A0,002B1,002C1,002D0,002E1,002F1,00301,00311,00321,00331,00341,00351,00361,00371,00381,00390,003A1,003B1,003C2,003D1,003E1,003F1,00401,00411,00421,00431,00441,00451,00461,00471,00481,00491,004A1,004B1,004C1,004D1,004E1,004F1,00501,00511,00521,00530,00541,00551,00561,00571,00581,00591,005A1,005B1,005C0,005D0,005E1,005F0,00601,00613,00620,00630,00641,00653,00663,00673,00681,00693,006A0,006B0,006C1,006D2,006E0,006F0,00701,00711,00720,00730,00741,00753,00760,00770,00781,00791,007A0,007B0,007C0,007D0,007E0,007F0,00800,00810,00820,00830,00840,00850,00861,00870,00880,00891,008A0,008B0,008C0,008D0,008E0,008F0,00900,00910,00920,00930,00940,00950,00960,00970,00980,00990,009A0,009B0,009C0,009D0,009E0,009F0,00A00,00A10,00A20,00A30,00A40,00A50,00A60,00A70,00A80,00A90,00AA0,00AB0,00AC0,00AD0,00AE0,00AF0,00B00,00B11,00B20,00B30,00B40,00B50,00B60,00B70,00B80,00B90,00BA0,00BB0,00BC0,00BD0,00BE0,00BF0,00C00,
Sun 2014-11-30 04:09:09.0707 <<< Service shut down successfully. Uptime: 0 minute(s)
Sun 2014-11-30 04:10:39.0606 >>> Service started [v8.0.5.111]
Sun 2014-11-30 04:10:50.0918 User process connected successfully from PID 740, Session 1
Sun 2014-11-30 04:11:12.0680 Connecting to 43 - 43
Sun 2014-11-30 04:12:46.0641 Begin passive write scan (1 file(s))
Sun 2014-11-30 04:12:46.0875 End passive write scan (1 file(s))
Sun 2014-11-30 04:15:57.0100 Scan Started:  [ID: 4 - Flags: 551/0]
Sun 2014-11-30 04:16:07.0848 Begin passive write scan (6 file(s))
Sun 2014-11-30 04:16:08.0534 End passive write scan (6 file(s))
Sun 2014-11-30 04:16:10.0937 Begin passive write scan (2 file(s))
Sun 2014-11-30 04:16:11.0514 End passive write scan (2 file(s))
Sun 2014-11-30 04:16:20.0734 Scan Results: Files Scanned: 24840, Duration: 23s, Malicious Files: 0
Sun 2014-11-30 04:16:20.0765 Scan Finished: [ID: 4 - Seq: 2147000000]
Sun 2014-11-30 04:16:20.0999 Connected to A3
Sun 2014-11-30 04:22:46.0239 Begin passive write scan (1 file(s))
Sun 2014-11-30 04:22:46.0473 End passive write scan (1 file(s))
Sun 2014-11-30 04:25:57.0723 Begin passive write scan (3 file(s))
Sun 2014-11-30 04:25:58.0847 End passive write scan (3 file(s))
Sun 2014-11-30 04:26:00.0812 Begin passive write scan (4 file(s))
Sun 2014-11-30 04:26:01.0046 End passive write scan (4 file(s))
Sun 2014-11-30 04:28:01.0241 Begin passive write scan (2 file(s))
Sun 2014-11-30 04:28:02.0240 End passive write scan (2 file(s))
Sun 2014-11-30 04:28:07.0419 Begin passive write scan (1 file(s))
Sun 2014-11-30 04:28:07.0653 End passive write scan (1 file(s))
Sun 2014-11-30 04:28:47.0573 Begin passive write scan (1 file(s))
Sun 2014-11-30 04:28:47.0823 End passive write scan (1 file(s))
Sun 2014-11-30 04:29:36.0890 Begin passive write scan (1 file(s))
Sun 2014-11-30 04:29:37.0888 Infection detected: c:\users\monk\appdata\local\microsoft\windows\temporary internet files\content.ie5\nqbdvsdw\keyscrambler_setup[1].exe [MD5: 3A7017EBE6EA6DE75D237932DF6EA866] [3/00080000] [Corrupt.File]
Sun 2014-11-30 04:29:37.0888 File blocked in realtime: c:\users\monk\appdata\local\microsoft\windows\temporary internet files\content.ie5\nqbdvsdw\keyscrambler_setup[1].exe [MD5: 3A7017EBE6EA6DE75D237932DF6EA866, Size: 8192 bytes] [524288/00000003] [Corrupt.File]
Sun 2014-11-30 04:29:37.0888 Determination flags modified: c:\users\monk\appdata\local\microsoft\windows\temporary internet files\content.ie5\nqbdvsdw\keyscrambler_setup[1].exe - MD5: 3A7017EBE6EA6DE75D237932DF6EA866, Size: 8192 bytes, Flags: 00000020
Sun 2014-11-30 04:29:37.0888 Performing cleanup entry: 1
Sun 2014-11-30 04:29:38.0216 End passive write scan (1 file(s))
Sun 2014-11-30 04:29:41.0102 Scan Started:  [ID: 5 - Flags: 1025/0]
Sun 2014-11-30 04:29:49.0189 Begin passive write scan (1 file(s))
Sun 2014-11-30 04:29:50.0094 End passive write scan (1 file(s))
Sun 2014-11-30 04:29:54.0321 Scan Results: Files Scanned: 2881, Duration: 13s, Malicious Files: 0
Sun 2014-11-30 04:29:54.0321 Scan Finished: [ID: 5 - Seq: 5]
Sun 2014-11-30 04:30:01.0544 Begin passive write scan (1 file(s))
Sun 2014-11-30 04:30:02.0106 End passive write scan (1 file(s))
Sun 2014-11-30 04:30:16.0946 Begin passive write scan (25 file(s))
Sun 2014-11-30 04:30:18.0179 End passive write scan (25 file(s))
Sun 2014-11-30 04:30:20.0082 Begin passive write scan (7 file(s))
Sun 2014-11-30 04:30:20.0753 End passive write scan (7 file(s))
Sun 2014-11-30 04:30:23.0171 Begin passive write scan (8 file(s))
Sun 2014-11-30 04:30:23.0670 End passive write scan (8 file(s))
Sun 2014-11-30 04:30:26.0260 Begin passive write scan (7 file(s))
Sun 2014-11-30 04:30:26.0821 End passive write scan (7 file(s))
Sun 2014-11-30 04:30:29.0348 Begin passive write scan (7 file(s))
Sun 2014-11-30 04:30:30.0019 End passive write scan (7 file(s))
Sun 2014-11-30 04:30:32.0437 Begin passive write scan (11 file(s))
Sun 2014-11-30 04:30:33.0545 End passive write scan (11 file(s))
Sun 2014-11-30 04:30:35.0526 Begin passive write scan (1 file(s))
Sun 2014-11-30 04:30:35.0760 End passive write scan (1 file(s))
Sun 2014-11-30 04:30:41.0704 Begin passive write scan (7 file(s))
Sun 2014-11-30 04:30:42.0499 End passive write scan (7 file(s))
Sun 2014-11-30 04:30:47.0881 Begin passive write scan (16 file(s))
Sun 2014-11-30 04:30:48.0895 End passive write scan (16 file(s))
Sun 2014-11-30 04:30:50.0970 Begin passive write scan (21 file(s))
Sun 2014-11-30 04:30:51.0750 End passive write scan (21 file(s))
Sun 2014-11-30 04:30:57.0148 Begin passive write scan (6 file(s))
Sun 2014-11-30 04:30:57.0834 End passive write scan (6 file(s))
Sun 2014-11-30 04:31:00.0236 Begin passive write scan (5 file(s))
Sun 2014-11-30 04:31:00.0907 End passive write scan (5 file(s))
Sun 2014-11-30 04:31:03.0325 Begin passive write scan (25 file(s))
Sun 2014-11-30 04:31:04.0183 End passive write scan (25 file(s))
Sun 2014-11-30 04:31:15.0680 Begin passive write scan (4 file(s))
Sun 2014-11-30 04:31:17.0006 End passive write scan (4 file(s))
Sun 2014-11-30 04:31:21.0858 Begin passive write scan (7 file(s))
Sun 2014-11-30 04:31:22.0201 End passive write scan (7 file(s))
Sun 2014-11-30 04:31:24.0947 Begin passive write scan (16 file(s))
Sun 2014-11-30 04:31:25.0586 End passive write scan (16 file(s))
Sun 2014-11-30 04:31:28.0035 Begin passive write scan (23 file(s))
Sun 2014-11-30 04:31:28.0379 End passive write scan (23 file(s))
Sun 2014-11-30 04:31:51.0255 Monitoring process C:\Program Files\KeyScrambler\DriverInstaller.exe [94538E204E722B3A790A3E986ED2A6D3]. Type: 3 (3297)
Sun 2014-11-30 04:31:51.0255 Monitoring process C:\Program Files\KeyScrambler\DriverInstaller.exe [94538E204E722B3A790A3E986ED2A6D3]. Type: 4 (3297)
Sun 2014-11-30 04:31:51.0255 Monitoring process C:\Program Files\KeyScrambler\DriverInstaller.exe [94538E204E722B3A790A3E986ED2A6D3]. Type: 8 (3297)
Sun 2014-11-30 04:31:51.0380 Monitoring process C:\Program Files\KeyScrambler\DriverInstaller.exe [94538E204E722B3A790A3E986ED2A6D3]. Type: 3 (3297)
Sun 2014-11-30 04:31:51.0380 Monitoring process C:\Program Files\KeyScrambler\DriverInstaller.exe [94538E204E722B3A790A3E986ED2A6D3]. Type: 4 (3297)
Sun 2014-11-30 04:31:51.0380 Monitoring process C:\Program Files\KeyScrambler\DriverInstaller.exe [94538E204E722B3A790A3E986ED2A6D3]. Type: 8 (3297)
Sun 2014-11-30 04:31:51.0879 Monitoring process C:\Program Files\KeyScrambler\DriverInstaller.exe [94538E204E722B3A790A3E986ED2A6D3]. Type: 3 (3297)
Sun 2014-11-30 04:31:51.0879 Monitoring process C:\Program Files\KeyScrambler\DriverInstaller.exe [94538E204E722B3A790A3E986ED2A6D3]. Type: 4 (3297)
Sun 2014-11-30 04:31:51.0879 Monitoring process C:\Program Files\KeyScrambler\DriverInstaller.exe [94538E204E722B3A790A3E986ED2A6D3]. Type: 8 (3297)
Sun 2014-11-30 04:31:52.0004 Monitoring process C:\Program Files\KeyScrambler\DriverInstaller.exe [94538E204E722B3A790A3E986ED2A6D3]. Type: 3 (3297)
Sun 2014-11-30 04:31:52.0004 Monitoring process C:\Program Files\KeyScrambler\DriverInstaller.exe [94538E204E722B3A790A3E986ED2A6D3]. Type: 4 (3297)
Sun 2014-11-30 04:31:52.0004 Monitoring process C:\Program Files\KeyScrambler\DriverInstaller.exe [94538E204E722B3A790A3E986ED2A6D3]. Type: 8 (3297)
Sun 2014-11-30 04:31:52.0659 Begin passive write scan (14 file(s))
Sun 2014-11-30 04:31:53.0657 End passive write scan (14 file(s))
Sun 2014-11-30 04:32:01.0881 Begin passive write scan (4 file(s))
Sun 2014-11-30 04:32:02.0443 End passive write scan (4 file(s))
Sun 2014-11-30 04:32:04.0970 Begin passive write scan (8 file(s))
Sun 2014-11-30 04:32:05.0641 End passive write scan (8 file(s))
Sun 2014-11-30 04:32:10.0025 System shutting down.
Sun 2014-11-30 04:32:11.0257 Configuration Saved: CSCS621814FD62EC7C28BAF28ABEE3145AE9,00011,00021,00031,00040,00051,00061,00070,00081,00091,000A1,000B1,000C1,000D0,000E1,000F0,00106,001147,00120,00130,00140,00151,00160,00170,00181,00191,001A0,001B0,001C0,001D1,001E1,001F1,00201,00211,00221,00231,00241,00251,00260,00270,00281,00291,002A0,002B1,002C1,002D0,002E1,002F1,00301,00311,00321,00331,00341,00351,00361,00371,00381,00390,003A1,003B1,003C2,003D1,003E1,003F1,00401,00411,00421,00431,00441,00451,00461,00471,00481,00491,004A1,004B1,004C1,004D1,004E1,004F1,00501,00511,00521,00530,00541,00551,00561,00571,00581,00591,005A1,005B1,005C0,005D0,005E1,005F0,00601,00613,00620,00630,00641,00653,00663,00673,00681,00693,006A0,006B0,006C1,006D2,006E0,006F0,00701,00711,00720,00730,00741,00753,00760,00770,00781,00791,007A0,007B0,007C0,007D0,007E0,007F0,00800,00810,00820,00830,00840,00850,00861,00870,00880,00891,008A0,008B0,008C0,008D0,008E0,008F0,00900,00910,00920,00930,00940,00950,00960,00970,00980,00990,009A0,009B0,009C0,009D0,009E0,009F0,00A00,00A10,00A20,00A30,00A40,00A50,00A60,00A70,00A80,00A90,00AA0,00AB0,00AC0,00AD0,00AE0,00AF0,00B00,00B11,00B20,00B30,00B40,00B50,00B60,00B70,00B80,00B90,00BA0,00BB0,00BC0,00BD0,00BE0,00BF0,00C00,
Sun 2014-11-30 04:32:11.0257 <<< Service shut down successfully. Uptime: 21 minute(s)
Sun 2014-11-30 04:33:58.0769 >>> Service started [v8.0.5.111]
Sun 2014-11-30 04:34:32.0467 Connecting to 43 - 43
Sun 2014-11-30 04:34:33.0669 Begin passive write scan (13 file(s))
Sun 2014-11-30 04:34:34.0339 End passive write scan (13 file(s))
Sun 2014-11-30 04:34:36.0757 Begin passive write scan (1 file(s))
Sun 2014-11-30 04:34:36.0991 End passive write scan (1 file(s))
Sun 2014-11-30 04:39:11.0676 Begin passive write scan (7 file(s))
Sun 2014-11-30 04:39:11.0926 End passive write scan (7 file(s))
Sun 2014-11-30 04:44:14.0379 Begin passive write scan (7 file(s))
Sun 2014-11-30 04:44:14.0722 End passive write scan (7 file(s))
Sun 2014-11-30 04:49:17.0081 Begin passive write scan (7 file(s))
Sun 2014-11-30 04:49:17.0315 End passive write scan (7 file(s))
Sun 2014-11-30 04:50:09.0232 System shutting down.
Sun 2014-11-30 04:50:10.0339 Configuration Saved: CSCS621814FD62EC7C28BAF28ABEE3145AE9,00011,00021,00031,00040,00051,00061,00070,00081,00091,000A1,000B1,000C1,000D0,000E1,000F0,00106,001147,00120,00130,00140,00151,00160,00170,00181,00191,001A0,001B0,001C0,001D1,001E1,001F1,00201,00211,00221,00231,00241,00251,00260,00270,00281,00291,002A0,002B1,002C1,002D0,002E1,002F1,00301,00311,00321,00331,00341,00351,00361,00371,00381,00390,003A1,003B1,003C2,003D1,003E1,003F1,00401,00411,00421,00431,00441,00451,00461,00471,00481,00491,004A1,004B1,004C1,004D1,004E1,004F1,00501,00511,00521,00530,00541,00551,00561,00571,00581,00591,005A1,005B1,005C0,005D0,005E1,005F0,00601,00613,00620,00630,00641,00653,00663,00673,00681,00693,006A0,006B0,006C1,006D2,006E0,006F0,00701,00711,00720,00730,00741,00753,00760,00770,00781,00791,007A0,007B0,007C0,007D0,007E0,007F0,00800,00810,00820,00830,00840,00850,00861,00870,00880,00891,008A0,008B0,008C0,008D0,008E0,008F0,00900,00910,00920,00930,00940,00950,00960,00970,00980,00990,009A0,009B0,009C0,009D0,009E0,009F0,00A00,00A10,00A20,00A30,00A40,00A50,00A60,00A70,00A80,00A90,00AA0,00AB0,00AC0,00AD0,00AE0,00AF0,00B00,00B11,00B20,00B30,00B40,00B50,00B60,00B70,00B80,00B90,00BA0,00BB0,00BC0,00BD0,00BE0,00BF0,00C00,
Sun 2014-11-30 04:50:10.0339 <<< Service shut down successfully. Uptime: 16 minute(s)


#19 BrotherPorter

BrotherPorter

    Authentic Member

  • Authentic Member
  • PipPip
  • 24 posts

Posted 13 December 2014 - 11:04 AM

will post the tdss result once i get home and run it again but i am not sure it will give me the same result with 32 errors.
my apologies, I wish I had read the article about winsxs; I would not have posted dism log :(
here is what I've been able to piece together before they removed the file: any words of wisdom to this point would be helpful;
I have not applied my windows 7 public key nor activated this version again as I've installed so many times that I have to phone
and didn't want to do this until it is ready to be steady. thanks.
 
 
SecureAnywhere Scan Log (Version v8.0.6.28)
Log saved at Fri 2014-12-12 05:58:53
 
v8.0.6.28
Windows 7 Service Pack 1 (Build 7601) 32bit (Hostname: MONK - Local IP: )
Scan Started: Fri 2014-12-12 05:54:44
[U] c:\program files\creative\sound blaster x-fi go pro\volume panel\ctaudmon.dll [MD5: 6E91FA5552EA494B302965164BAAC28E] [Flags: 00000400.10307]
[U] c:\program files\keyscrambler\x64\keyscramblerie.dll [MD5: 2735647BE767891092F1E640CCF660C1] [Flags: 00011400.3308]
[U] c:\program files\creative\sound blaster x-fi go pro\audiocs\ctaudmon.dll [MD5: 6E91FA5552EA494B302965164BAAC28E] [Flags: 00000400.10307]
[X] c:\windows\system32\spool\drivers\w32x86\3\cnmsqbv.dll [MD5: 1DD109C70F6A229D8BDC8B2A500AEF54] [Flags: 00000400.10826]
[U] c:\windows\system32\freeotfecypheraes_gladman.sys [MD5: D74BA750BD14438F92C38605C6F7FDBD] [Flags: 00080401.7847]
[U] c:\program files\keyscrambler\driverinstaller.exe [MD5: 94538E204E722B3A790A3E986ED2A6D3] [Flags: 00001400.3297]
[X] c:\program files\google\chrome\application\39.0.2171.95\libegl.dll [MD5: 8216E260B703E4C7529E09223C505876] [Flags: 00001400.10834]
[U] c:\windows\system32\freeotfecypherblowfish.sys [MD5: C2D17B3CD673DA94C3BB35EFADF6F201] [Flags: 00080401.7877]
[U] c:\windows\system32\freeotfecypheraes_ltc.sys [MD5: 83D8CEB38406565248AD4D974C77A051] [Flags: 00080401.7887]
[U] c:\windows\system32\freeotfe.sys [MD5: F9F089ABDC10CED295BC05E7D1779D98] [Flags: 00080401.7836]
[U] c:\windows\system32\freeotfecyphercast5.sys [MD5: D2D61587BB4F02E728423111691A5139] [Flags: 00080401.7870]
[U] c:\windows\system32\freeotfecyphercast6_gladman.sys [MD5: C3ABBDAB78F94653D7C88E7594090E1C] [Flags: 00080401.7839]
[U] c:\windows\system32\freeotfecyphermars_gladman.sys [MD5: 796E664402C3F6B95419804E9E292699] [Flags: 00080401.7854]
[U] c:\windows\system32\freeotfecypherrc6_ltc.sys [MD5: D91BD70DF21A2FC9AD86D94CCF7B97D0] [Flags: 00080401.7859]
[U] c:\program files\keyscrambler\keyscrambler.exe [MD5: 77C980C97A17D31B21CCCD3F2ED823CB] [Flags: 10181510.3307]
[U] c:\windows\system32\freeotfecypherdes.sys [MD5: 53753A3EF11E892F001E4DEA74BF556F] [Flags: 00080401.7869]
[U] c:\windows\system32\freeotfecypherserpent_gladman.sys [MD5: F9FFB8F8E4BBE1CE7DF65884B9B80AA9] [Flags: 00080401.7851]
[U] c:\windows\system32\freeotfecyphertwofish_ltc.sys [MD5: 7194E78D7B96BA3E3F08361DA7A0F3CE] [Flags: 00080401.7848]
[U] c:\windows\system32\freeotfehashmd.sys [MD5: 91B27E7E1DECDAA83DAE79BA49A99649] [Flags: 00080401.7865]
[U] c:\windows\system32\freeotfehashripemd.sys [MD5: 2F6B9FA4EB4E53720484E6FD4D8D6F8F] [Flags: 00080401.7880]
[U] c:\windows\system32\freeotfehashsha.sys [MD5: 0D872DAA85AAD172223B2EF8FAF09A7C] [Flags: 00080401.7885]
[U] c:\windows\system32\freeotfehashwhirlpool.sys [MD5: 1F601BF0B40BC10BAE69E676DC54B0EC] [Flags: 00080401.7857]
[U] c:\users\monk\desktop\frst.exe [MD5: EA9CBFA15966E46F004F76E7D7B4E2F9] [Flags: 18080C01.10363]
[U] c:\windows\system32\freeotfehashtiger.sys [MD5: E13238B84D76FF9FB1835588C863B64D] [Flags: 00080401.7856]
[U] c:\users\monk\desktop\securitycheck.exe [MD5: 76C4D0DBFBB8A134E16F7A4ABBDC7E26] [Flags: 002A0C00.8391]
[U] c:\program files\creative\sound blaster x-fi go pro\sound blaster\sbmcplugin.ocx [MD5: 50EDE9924CBCE66511DD0754A0F52FC5] [Flags: 00000400.10335]
[U] c:\windows\system32\lnkprotect.dll [MD5: 41F540C372042F6E4FE010DD3B22C8D7] [Flags: 00081400.3535]
[X] c:\windows\system32\systempropertiesremote.exe [MD5: AE8D597C94F84FDDFE80747B941615CC] [Flags: 00000400.10829]
[X] c:\windows\winsxs\x86_microsoft-windows-f..utilityexfatlibrary_31bf3856ad364e35_6.1.7600.16385_none_29d5bb009f94011b\uexfat.dll [MD5: 432EA9855BB4091172B72EA44B9627D7] [Flags: 00000400.10827]
[X] c:\program files\google\chrome\application\39.0.2171.95\chrome_elf.dll [MD5: 649AA174D5798B17439EB877B12E6FA3] [Flags: 00001400.10830]
[E] c:\users\monk\appdata\local\microsoft\windows\temporary internet files\content.ie5\nqbdvsdw\keyscrambler_setup[1].exe [MD5: 3A7017EBE6EA6DE75D237932DF6EA866] [Flags: 00080100.3161]
[X] c:\program files\google\chrome\application\39.0.2171.95\ffmpegsumo.dll [MD5: 685642623E6AAECA417301EA4AC8124B] [Flags: 00001400.10837]
[U] c:\users\monk\appdata\local\ie tab\7.12.10.1\ietabhelper.exe [MD5: D8B52A89CA45C380A8189D1BAEEC9C0F] [Flags: 00001401.10454]
[E] c:\users\monk\desktop\free_download_setup.exe [MD5: BBE03422FB56EF90D4E112D8273B8FF4] [Flags: 40081100.2859]
[X] c:\program files\installshield installation information\{7cfa46e3-cc2f-4355-82ae-6012dc3633fd}\issetup.dll [MD5: D1DC49480C499DB10F8893D47F018147] [Flags: 08000400.10828]
[X] c:\program files\common files\system\ado\msjro.dll [MD5: 3B5116838A330132D406353E2BCBFB6F] [Flags: 00000400.10839]
[X] c:\program files\google\chrome\application\39.0.2171.95\libglesv2.dll [MD5: 0C1E0E2C32FA30370A6F8C9FCA122548] [Flags: 00001400.10833]
[X] c:\program files\google\chrome\application\39.0.2171.95\pdf.dll [MD5: 9F5F88548AFF90D80A656652172F7449] [Flags: 00001400.10835]
[X] c:\program files\google\chrome\application\39.0.2171.95\libpeerconnection.dll [MD5: 0F02448D17B890E79DDFE3EA51A05ECC] [Flags: 00001400.10836]
[X] c:\programdata\microsoft\windows\start menu\desktop.ini
[X] c:\programdata\microsoft\windows\start menu\programs\accessories\accessibility\desktop.ini
[X] c:\programdata\microsoft\windows\start menu\programs\accessories\windows powershell\desktop.ini
[X] c:\programdata\microsoft\windows\start menu\programs\keyscrambler\keyscrambler user manual.url
[X] c:\programdata\microsoft\windows\start menu\programs\keyscrambler\qfx software homepage.url
[X] c:\programdata\microsoft\windows\start menu\programs\maintenance\desktop.ini
[X] c:\programdata\microsoft\windows\start menu\programs\mozbackup\homepage.url
[X] c:\programdata\microsoft\windows\start menu\programs\mozbackup\support.url
[U] c:\program files\tracker software\pdf viewer\pdfxcview.exe [MD5: CE4C4E99A1D7CFC72C1351DC8EE6A526] [Flags: 001A1400.3577]
[X] c:\programdata\microsoft\windows\start menu\programs\startup\desktop.ini
[X] c:\users\monk\appdata\roaming\microsoft\windows\start menu\desktop.ini
[X] c:\users\monk\appdata\roaming\microsoft\windows\start menu\programs\accessories\accessibility\desktop.ini
[X] c:\users\monk\appdata\roaming\microsoft\windows\start menu\programs\accessories\desktop.ini
[X] c:\users\monk\appdata\roaming\microsoft\windows\start menu\programs\administrative tools\desktop.ini
[X] c:\users\monk\appdata\roaming\microsoft\windows\start menu\programs\desktop.ini
[X] c:\users\monk\appdata\roaming\microsoft\windows\start menu\programs\maintenance\desktop.ini
[X] c:\users\monk\appdata\roaming\microsoft\windows\start menu\programs\openoffice 4.1.1\desktop.ini
[X] c:\users\monk\appdata\roaming\microsoft\windows\start menu\programs\startup\desktop.ini
[X] c:\users\monk\appdata\roaming\microsoft\windows\sendto\desktop (create shortcut).desklink
[X] c:\users\monk\appdata\roaming\microsoft\windows\sendto\desktop.ini
[X] c:\users\monk\desktop\desktop.ini
[X] c:\users\public\desktop\desktop.ini
[X] c:\program files\desktop.ini
[X] c:\windows\temp\fwtsqmfile00.sqm
[X] c:\windows\temp\zlt0603a.tmp
[X] c:\autoexec.bat
[X] c:\config.sys
[X] c:\tdsskiller.3.0.0.41_08.12.2014_12.31.02_log.txt
[X] c:\program files\creative\sound blaster x-fi go pro\sound blaster\sound blaster.mcl
[X] c:\program files\google\chrome\application\39.0.2171.95\chrome.dll [MD5: E00DE70E27713260B12B67E9BFFB78EB] [Flags: 00001400.10831]
[X] c:\program files\google\chrome\application\39.0.2171.95\chrome_child.dll [MD5: AC9F025D821A40F31DBFFDE53CC06FED] [Flags: 00001400.10832]
[X] c:\windows\panther\contents1.dir
[X] c:\windows\softwaredistribution\download\10e36514582b1ad9bc53af09c42a127b\cbshandler\state
[X] c:\users\monk\appdata\local\microsoft\windows sidebar\cache\168522d5-1082-4df2-b2f6-9185c31f9472\globalcachecleanup.xml
[X] c:\users\monk\appdata\roaming\thunderbird\profiles\nj1jebh7.default\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103}\components\libical.manifest
[X] c:\programdata\microsoft\windows\wer\reportqueue\appcrash_zaprivacyservice_7cfb2a6f19efaa7b2d04a9673d0b09f6b22dc_cab_09bca830\wer97fb.tmp.hdmp
[X] c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7600.16385_none_fde3cf3dd3e16d0d\autoexec.bat
[X] c:\windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7600.16385_none_fde3cf3dd3e16d0d\config.sys
[X] c:\windows\winsxs\x86_microsoft-windows-tabletpc-softkeyboard_31bf3856ad364e35_6.1.7601.18512_none_d3b70289afa0d233\basealtgr_rtl.xml
[X] c:\users\monk\ntuser.ini
[X] c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.1.7601.18150_none_0d41cdd2ad80020d\connectionmanager_dmr.xml
[X] c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.1.7601.18150_none_0d41cdd2ad80020d\renderingcontrol.xml
[X] c:\windows\winsxs\x86_microsoft-windows-gadgets-weather_31bf3856ad364e35_6.1.7600.16385_none_4db0b909695af8f9\1px.gif
[X] c:\users\monk\appdata\roaming\microsoft\protect\credhist
[X] c:\users\monk\appdata\roaming\microsoft\protect\s-1-5-21-3795844004-4128841395-3337064661-1000\preferred
[X] c:\windows\winsxs\x86_microsoft-windows-sendmail_31bf3856ad364e35_6.1.7600.16385_none_5abfd0847d56c34e\desktop (create shortcut).desklink
[X] c:\windows\winsxs\backup\x86_microsoft-windows-sendmail_31bf3856ad364e35_6.1.7600.16385_none_5abfd0847d56c34e_desktopcreateshortcut.desklink_c68aef56
[X] c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\sendto\desktop (create shortcut).desklink
[X] c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\sendto\desktop (create shortcut).desklink
[X] c:\users\default\appdata\roaming\microsoft\windows\sendto\desktop (create shortcut).desklink
[X] c:\windows\winsxs\x86_presentationcore_31bf3856ad364e35_6.1.7601.18140_none_ae13ecdeee527603\presentationfontcache.exe.config
[X] c:\users\public\desktop.ini
[X] c:\windows\winsxs\x86_microsoft-windows-coreos_31bf3856ad364e35_6.1.7601.17787_none_271105689cc96a2c\system.ini
[X] c:\windows\system.ini
[X] c:\windows\win.ini
[X] c:\windows\winsxs\x86_mscorlib_b77a5c561934e089_6.1.7601.18523_none_9c13fa477dfdc7d5\big5.nlp
[X] c:\windows\winsxs\x86_mscorlib_b77a5c561934e089_6.1.7601.18529_none_9c1371977dfe619b\bopomofo.nlp
[X] c:\windows\winsxs\x86_mscorlib_b77a5c561934e089_6.1.7601.18523_none_9c13fa477dfdc7d5\ksc.nlp
[X] c:\windows\winsxs\x86_mscorlib_b77a5c561934e089_6.1.7601.18529_none_9c1371977dfe619b\normidna.nlp
[X] c:\windows\winsxs\x86_mscorlib_b77a5c561934e089_6.1.7601.18523_none_9c13fa477dfdc7d5\normnfc.nlp
[X] c:\windows\winsxs\x86_mscorlib_b77a5c561934e089_6.1.7601.18523_none_9c13fa477dfdc7d5\normnfd.nlp
[X] c:\windows\winsxs\x86_mscorlib_b77a5c561934e089_6.1.7601.18529_none_9c1371977dfe619b\normnfkc.nlp
[X] c:\windows\winsxs\x86_mscorlib_b77a5c561934e089_6.1.7601.18529_none_9c1371977dfe619b\normnfkd.nlp
[X] c:\windows\winsxs\x86_mscorlib_b77a5c561934e089_6.1.7601.18523_none_9c13fa477dfdc7d5\prc.nlp
[X] c:\windows\winsxs\x86_mscorlib_b77a5c561934e089_6.1.7601.18523_none_9c13fa477dfdc7d5\prcp.nlp
[X] c:\windows\winsxs\x86_mscorlib_b77a5c561934e089_6.1.7601.21890_none_854d97b7979e8fd4\sortkey.nlp
[X] c:\windows\winsxs\x86_mscorlib_b77a5c561934e089_6.1.7601.21890_none_854d97b7979e8fd4\sorttbls.nlp
[X] c:\windows\winsxs\x86_mscorlib_b77a5c561934e089_6.1.7601.18523_none_9c13fa477dfdc7d5\xjis.nlp
[X] c:\windows\assembly\gac_32\policy.1.0.microsoft.interop.security.azroles\6.1.7600.16385__31bf3856ad364e35\microsoft.interop.security.azroles.config
[X] c:\windows\winsxs\x86_microsoft-windows-iesecuritydiagnostic_31bf3856ad364e35_6.1.7601.17514_none_966c784e660840ee\iesecurity_troubleshooter.ps1
[X] c:\windows\winsxs\x86_microsoft-windows-ie-objectcontrolviewer_31bf3856ad364e35_8.0.7600.16385_none_51b70586ec78a39f\desktop.ini
[X] c:\windows\downloaded program files\desktop.ini
[X] c:\windows\winsxs\x86_microsoft-windows-fontext_31bf3856ad364e35_6.1.7601.17514_none_a08d026e51df6429\desktop.ini
[X] c:\windows\fonts\desktop.ini
[X] c:\windows\system32\logfiles\scm\ecb37f60-9c84-439e-93f0-2d55209b0857
[X] c:\windows\fonts\segoeuil.ttf
[X] c:\windows\winsxs\x86_microsoft-windows-font-truetype-segoeui_31bf3856ad364e35_6.1.7601.18528_none_d2bc881870836261\seguisb.ttf
[X] c:\windows\softwaredistribution\download\6fdad897547bb2dbe6c1a642c91183d7\cbshandler\state
[X] c:\windows\system32\logfiles\scm\193992db-1d52-430a-92e7-fe24ea19b319
[X] c:\users\monk\appdata\roaming\canon\ij scan utility\uiver.dat
[X] c:\windows\softwaredistribution\download\3446268c9e8251887fa99848ee18bc3b\cbshandler\state
[X] c:\windows\system32\logfiles\scm\3ba278ed-55a3-46ee-8ddd-efb109fdd01a
[X] c:\windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.1.7601.17755_none_6e06592f705d8a33\apps.inf
[X] c:\windows\winsxs\x86_microsoft-windows-ie-f12-provider_31bf3856ad364e35_11.2.9600.17239_none_618c277ac61f3107\microsoft-windows-ie-f12-provider.ptxml
[X] c:\windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17239_none_999215667ec933c9\microsoft-windows-ie-htmlrendering.ptxml
[X] c:\windows\inf\setupapi.app.log
[X] c:\windows\inf\.net clr data\0000\_dataperfcounters_d.ini
[X] c:\windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7601.18523_en-us_057e393cf09ba4c2\_dataperfcounters_d.ini
[X] c:\windows\inf\.net clr networking\0000\_networkingperfcounters_d.ini
[X] c:\windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7601.18523_en-us_057e393cf09ba4c2\_networkingperfcounters_d.ini
[X] c:\windows\inf\.net data provider for oracle\0000\_dataoracleclientperfcounters_shared12_neutral_d.ini
[X] c:\windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7601.18523_en-us_057e393cf09ba4c2\_dataoracleclientperfcounters_shared12_neutral_d.ini
[X] c:\windows\inf\.net data provider for sqlserver\0000\_dataperfcounters_shared12_neutral_d.ini
[X] c:\windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7601.18523_en-us_057e393cf09ba4c2\_dataperfcounters_shared12_neutral_d.ini
[X] c:\windows\inf\.netframework\0000\corperfmonsymbols_d.ini
[X] c:\windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7601.18523_en-us_057e393cf09ba4c2\corperfmonsymbols_d.ini
[X] c:\windows\winsxs\x86_wcf-m_tx_bridge_perf_c_ini_31bf3856ad364e35_6.1.7600.16385_none_80559eec8f97c5f8\_transactionbridgeperfcounters_d.ini
[X] c:\windows\inf\msdtc bridge 3.0.0.0\0409\_transactionbridgeperfcounters_d.ini
[X] c:\windows\winsxs\x86_wcf-m_svc_mod_end_perf_ini_31bf3856ad364e35_6.1.7600.16385_none_ca93e046eeb1a109\_servicemodelendpointperfcounters_d.ini
[X] c:\windows\inf\servicemodelendpoint 3.0.0.0\0409\_servicemodelendpointperfcounters_d.ini
[X] c:\windows\winsxs\x86_wcf-m_svc_mod_op_perf_c_ini_31bf3856ad364e35_6.1.7600.16385_none_c338d04090ac9e87\_servicemodeloperationperfcounters_d.ini
[X] c:\windows\inf\servicemodeloperation 3.0.0.0\0409\_servicemodeloperationperfcounters_d.ini
[X] c:\windows\winsxs\x86_wcf-m_svc_mod_svc_perf_ini_31bf3856ad364e35_6.1.7600.16385_none_7a7a5603ee075acc\_servicemodelserviceperfcounters_d.ini
[X] c:\windows\inf\servicemodelservice 3.0.0.0\0409\_servicemodelserviceperfcounters_d.ini
[X] c:\windows\winsxs\x86_wcf-m_smsvchost_perf_c_ini_31bf3856ad364e35_6.1.7600.16385_none_340ce7386d830990\_smsvchostperfcounters_d.ini
[X] c:\windows\inf\smsvchost 3.0.0.0\0409\_smsvchostperfcounters_d.ini
[X] c:\windows\winsxs\x86_wwf-perfcnt_ini_31bf3856ad364e35_6.1.7600.16385_none_739abb4d5ca4ee30\perfcounters_d.ini
[X] c:\windows\winsxs\x86_microsoft-windows-wwfcorecomp.resources_31bf3856ad364e35_6.1.7600.16385_en-us_bb39ab2582dc79f6\perfcounters_d.ini
[X] c:\windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_7.0.7600.16808_none_738a02977c8563e7\idxcntrs.ini
[X] c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_11.2.9600.17501_none_b58e487176b8743c\windows feed discovered.wav
[X] c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_11.2.9600.17501_none_b58e487176b8743c\windows information bar.wav
[X] c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_11.2.9600.17501_none_b58e487176b8743c\windows navigation start.wav
[X] c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_11.2.9600.17501_none_b58e487176b8743c\windows pop-up blocked.wav
[X] c:\windows\winsxs\x86_microsoft-windows-s..-soundthemes-garden_31bf3856ad364e35_6.1.7600.16385_none_9b86239a5d28cceb\desktop.ini
[X] c:\windows\winsxs\x86_microsoft-windows-s..dthemes-calligraphy_31bf3856ad364e35_6.1.7600.16385_none_6521e04384521cc6\desktop.ini
[X] c:\windows\winsxs\x86_netfx-aspnet_webadmin_b03f5f7f11d50a3a_6.1.7600.16385_none_b462020700d120ce\webadminnonavbar.master
[X] c:\windows\microsoft.net\framework\v2.0.50727\asp.netwebadminfiles\webadminnonavbar.master
[X] c:\windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.1.7600.16385_none_834696a6d561afb1\deselectedtab_1x1.gif
[X] c:\windows\microsoft.net\framework\v2.0.50727\asp.netwebadminfiles\images\deselectedtab_1x1.gif
[X] c:\windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.1.7600.16385_none_834696a6d561afb1\selectedtab_1x1.gif
[X] c:\windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.1.7600.16385_none_834696a6d561afb1\security_watermark.jpg
[X] c:\windows\microsoft.net\framework\v2.0.50727\asp.netwebadminfiles\images\selectedtab_1x1.gif
[X] c:\windows\microsoft.net\framework\v2.0.50727\asp.netwebadminfiles\images\security_watermark.jpg
[X] c:\windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.1.7600.16385_none_834696a6d561afb1\unselectedtab_leftcorner.gif
[X] c:\windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.1.7600.16385_none_834696a6d561afb1\selectedtab_leftcorner.gif
[X] c:\windows\microsoft.net\framework\v2.0.50727\asp.netwebadminfiles\images\unselectedtab_leftcorner.gif
[X] c:\windows\microsoft.net\framework\v2.0.50727\asp.netwebadminfiles\images\selectedtab_leftcorner.gif
[X] c:\windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.1.7600.16385_none_834696a6d561afb1\unselectedtab_rightcorner.gif
[X] c:\windows\winsxs\x86_netfx-aspnet_webadmin_images_b03f5f7f11d50a3a_6.1.7600.16385_none_834696a6d561afb1\selectedtab_rightcorner.gif
[X] c:\windows\microsoft.net\framework\v2.0.50727\asp.netwebadminfiles\images\unselectedtab_rightcorner.gif
[X] c:\windows\microsoft.net\framework\v2.0.50727\asp.netwebadminfiles\images\selectedtab_rightcorner.gif
[X] c:\windows\winsxs\x86_microsoft-windows-ie-offlinefavorites_31bf3856ad364e35_8.0.7600.16385_none_7bbc80532a0f1e83\desktop.ini
[X] c:\windows\offline web pages\desktop.ini
[X] c:\windows\winsxs\x86_microsoft-windows-n..sh-helper.resources_31bf3856ad364e35_6.1.7600.16385_en-us_e80dca824dc2435c\rules.system.nettrace.xml
[X] c:\windows\winsxs\x86_microsoft-windows-n..sh-helper.resources_31bf3856ad364e35_6.1.7600.16385_en-us_e80dca824dc2435c\report.system.nettrace.xml
[X] c:\program files\creative\sound blaster x-fi go pro\program\support\i386\setup.ini
[X] c:\program files\creative\sound blaster x-fi go pro\program\support\amd64\setup.ini
[X] c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_0b0e4b4025cf4049\x86_installed
[X] c:\windows\setup\state\state.ini
[X] c:\windows\system32\desktop.ini
[X] c:\windows\system32\mapisvc.inf
[X] c:\windows\system32\noise.tha
[X] c:\windows\system32\pcl.sep
[X] c:\windows\system32\pscript.sep
[X] c:\windows\system32\restartmanageruninstall.mof
[X] c:\users\monk\music\itunes\sentinel
[X] c:\users\monk\appdata\local\microsoft\windows\explorer\thumbcache_1024.db
[X] c:\users\monk\appdata\local\microsoft\windows\explorer\thumbcache_sr.db
[X] c:\users\monk\appdata\local\google\chrome\user data\default\extensions\gighmmpiobklfepjocnamgkkbiglidom\2.14.4_0\chrome_oauth_receiver.js
[X] c:\windows\winsxs\x86_microsoft-windows-w..for-management-core_31bf3856ad364e35_6.1.7601.17514_none_cc6cdf4b0b49e560\winrm.cmd
[X] c:\windows\winsxs\x86_microsoft-windows-w..for-management-core_31bf3856ad364e35_6.1.7601.18619_none_cc71cbdb0b457adb\wsmanconfig_schema.xml
[X] c:\windows\system32\driverstore\filerepository\brmfcmf.inf_x86_neutral_33717b093227cd8c\brmfbidi.ini
[X] c:\windows\winsxs\x86_ntprint.inf_31bf3856ad364e35_6.1.7600.16385_none_3ad6f3251c0676a9\i386\msxpsinc.ppd
[X] c:\windows\system32\driverstore\filerepository\prnbr002.inf_x86_neutral_1d14699bf2d4d936\i386\brci06a.ini
[X] c:\windows\system32\driverstore\filerepository\prnbr003.inf_x86_neutral_21c4516754f2bda5\i386\brmw2.ini
[X] c:\windows\system32\driverstore\filerepository\prnbr003.inf_x86_neutral_21c4516754f2bda5\i386\brpt2.ini
[X] c:\windows\system32\driverstore\filerepository\prnbr004.inf_x86_neutral_a976dec554a0be13\i386\brci08a.ini
[X] c:\windows\system32\driverstore\filerepository\prnbr005.inf_x86_neutral_407befecac90c7f1\i386\brci08b.ini
[X] c:\windows\system32\driverstore\filerepository\prnbr009.inf_x86_neutral_3f6b69c8d1091fd8\i386\brci14a.ini
[X] c:\windows\system32\driverstore\filerepository\prnep003.inf_x86_neutral_342be98eb74e1449\i386\ep0lb030.ini
[X] c:\windows\system32\driverstore\filerepository\prnep003.inf_x86_neutral_342be98eb74e1449\i386\ep0lb040.ini
[X] c:\windows\system32\driverstore\filerepository\prnfx002.inf_x86_neutral_f83f67e1c22e557b\i386\fxuccm01.ini
[X] c:\windows\system32\driverstore\filerepository\prnge001.inf_x86_neutral_51cbe14e4cdde8c2\i386\tty.ini
[X] c:\windows\system32\driverstore\filerepository\prnkm003.inf_x86_neutral_ea465b3729b37f54\i386\kop5650x.ini
[X] c:\windows\system32\driverstore\filerepository\prnkm003.inf_x86_neutral_ea465b3729b37f54\i386\kop4650x.ini
[X] c:\windows\system32\driverstore\filerepository\prnkm003.inf_x86_neutral_ea465b3729b37f54\i386\kom4650x.ini
[X] c:\windows\system32\driverstore\filerepository\prnkm003.inf_x86_neutral_ea465b3729b37f54\i386\koc650x.ini
[X] c:\windows\system32\driverstore\filerepository\prnkm003.inf_x86_neutral_ea465b3729b37f54\i386\koc451x.ini
[X] c:\windows\system32\driverstore\filerepository\prnkm003.inf_x86_neutral_ea465b3729b37f54\i386\koc353x.ini
[X] c:\windows\winsxs\x86_prnlx00x.inf_31bf3856ad364e35_6.1.7600.16385_none_10ff6ae0ebfde27e\i386\lxkps.ini
[X] c:\windows\winsxs\x86_prnlx00y.inf_31bf3856ad364e35_6.1.7600.16385_none_11887d16051c1ee7\i386\lxkxl.ini
[X] c:\windows\winsxs\x86_microsoft-windows-p..g-xpsdocumentwriter_31bf3856ad364e35_6.1.7601.17514_none_24e008d5c14862bc\mxdwdui.ini
[X] c:\windows\system32\spool\drivers\w32x86\3\mxdwdui.ini
[X] c:\windows\system32\driverstore\filerepository\prnms001.inf_x86_neutral_1dd3de102185d5d9\mxdwdui.ini
[X] c:\windows\system32\driverstore\filerepository\prnok002.inf_x86_neutral_436ff5d24333cca0\i386\okdtuver.gpd
[X] c:\windows\system32\driverstore\filerepository\prnod002.inf_x86_neutral_c36a5fe1ac15a734\i386\okdtever.gpd
[X] c:\windows\system32\driverstore\filerepository\prnok002.inf_x86_neutral_436ff5d24333cca0\i386\okmlivu.gpd
[X] c:\windows\winsxs\x86_prnrc00a.inf_31bf3856ad364e35_6.1.7600.16385_none_dde1186f40843b2e\i386\riares17.ini
[X] c:\windows\winsxs\x86_prnrc00a.inf_31bf3856ad364e35_6.1.7600.16385_none_dde1186f40843b2e\i386\riares27.ini
[X] c:\windows\winsxs\x86_prnrc00c.inf_31bf3856ad364e35_6.1.7600.16385_none_def33cd972c0b400\i386\ricohps7.ini
[X] c:\windows\winsxs\x86_prnsa002.inf_31bf3856ad364e35_6.1.7600.16385_none_a6848f451d050fc0\i386\smpicfg2.ini
[X] c:\windows\winsxs\x86_prnsa002.inf_31bf3856ad364e35_6.1.7600.16385_none_a6848f451d050fc0\i386\smpicfg3.ini
[X] c:\windows\winsxs\x86_prnso002.inf_31bf3856ad364e35_6.1.7600.16385_none_e57e4519b998adb2\i386\sodpp2.ini
[X] c:\windows\system32\driverstore\filerepository\tsprint.inf_x86_neutral_c48d421ad2c1e3e3\tsprint-pipelineconfig.xml
[X] c:\windows\system32\logfiles\scm\05ee699f-ab25-42d8-8781-558c5d1d2fad
[X] c:\windows\system32\logfiles\scm\071d41b6-8806-4eb0-b661-6cb67be6e86e
[X] c:\windows\system32\logfiles\scm\0d9b5d92-3a22-486d-a887-3aa21597cf27
[X] c:\windows\system32\logfiles\scm\0e12083c-0335-49db-9542-ba1ec6d83ecc
[X] c:\windows\system32\logfiles\scm\1ec9510d-a439-4950-9399-b6399edf9ea7
[X] c:\windows\system32\logfiles\scm\2375f586-1009-41fb-b54e-30d8af2b781d
[X] c:\windows\system32\logfiles\scm\24fa84a0-e087-48ec-bc51-2b9c4c815d78
[X] c:\windows\system32\logfiles\scm\2bd05ba6-988d-4bd3-a9cd-9a39f80af524
[X] c:\windows\system32\logfiles\scm\2c59ecaf-3a27-4640-9f4b-519b05bdd70f
[X] c:\windows\system32\logfiles\scm\367f930a-a3db-4112-b1f1-50e92a171c88
[X] c:\windows\system32\logfiles\scm\4040e761-8758-4007-b2fe-142b24bf4b16
[X] c:\windows\system32\logfiles\scm\50fb5a03-0e1e-48de-b8a1-bee9d7d2cd0f
[X] c:\windows\system32\logfiles\scm\5b184694-64c3-4633-94c5-945b3fa561d6
[X] c:\windows\system32\logfiles\scm\5c2c622f-70e9-4194-a7da-033e827365ad
[X] c:\windows\system32\logfiles\scm\6375cc1c-d975-48d2-9cd5-63db19b10d4a
[X] c:\windows\system32\logfiles\scm\60158c7a-6808-42cd-95ee-afd9a57925db
[X] c:\windows\system32\logfiles\scm\6aef0c98-2cb4-4b67-8c70-4c977c7355cc
[X] c:\windows\system32\logfiles\scm\6b7ac694-8d6d-481b-9dd8-2a3a741ada6d
[X] c:\windows\system32\logfiles\scm\731e9c62-95b5-4c8c-ab64-4cc591c9ff5b
[X] c:\windows\system32\logfiles\scm\73259f86-29d6-42ff-b1e7-634f6e40d4f8
[X] c:\windows\system32\logfiles\scm\7d3c7871-a917-4ef0-82e8-5f0a96423051
[X] c:\windows\system32\logfiles\scm\8905ecd8-016f-4dc2-90e6-a5f1fa6a841a
[X] c:\windows\system32\logfiles\scm\9334c323-f100-4656-9ba0-e4aa69c0f9c2
[X] c:\windows\system32\logfiles\scm\9b75c702-ea13-406a-badb-6c588ee4375b
[X] c:\windows\system32\logfiles\scm\9efacbe6-a797-4905-a0c6-014cd3000dbb
[X] c:\windows\system32\logfiles\scm\9f54b95f-5096-4803-ae61-e9b3ac5b616d
[X] c:\windows\system32\logfiles\scm\a1cfa52f-06f2-418d-addb-cd6456d66f43
[X] c:\windows\system32\logfiles\scm\a2cfb6f3-b3ae-4971-8e29-c415be22d2e5
[X] c:\windows\system32\logfiles\scm\a316e645-1c56-45a6-bd6a-7dca79778090
[X] c:\windows\system32\logfiles\scm\a6394592-54ce-4e93-8d64-1a068f462632
[X] c:\windows\system32\logfiles\scm\ab771a9f-fb0f-4fa1-8b5f-48186615901e
[X] c:\windows\system32\logfiles\scm\b9bee219-c29e-4310-819c-147a5a0e045e
[X] c:\windows\system32\logfiles\scm\f1369a11-e983-4458-b390-712efa1cba44
[X] c:\windows\system32\logfiles\scm\de8bae53-2809-4f75-85ef-427d364b9b2c
[X] c:\windows\system32\logfiles\scm\bba67ad0-4ba0-4b44-827b-ff419b70c057
[X] c:\windows\system32\logfiles\scm\c90440a0-6d8f-423f-8f42-83eef05ce708
[X] c:\windows\system32\logfiles\scm\d21f6024-191f-4454-bbbc-09a650da2549
[X] c:\windows\system32\logfiles\scm\d622195c-d680-4fea-9c56-59660c7c9e94
[X] c:\windows\system32\logfiles\scm\d8bb5b7f-d0ca-4f67-a3d7-73e1d05f63da
[X] c:\windows\system32\logfiles\scm\de8699d2-8a05-42f7-8a85-5162af47d26a
[X] c:\windows\system32\logfiles\scm\e6f3a527-8b0b-43fa-94eb-584032761924
[X] c:\windows\system32\logfiles\scm\e79b2998-8f63-451a-a56d-26edc0a5098a
[X] c:\windows\system32\logfiles\scm\e8164c0d-216c-4b6b-9eb8-31bf958b8014
[X] c:\windows\system32\logfiles\scm\f93c7104-998a-4a38-b935-775a3138b3c3
[X] c:\windows\system32\logfiles\scm\ffb8486a-9861-4b82-be38-c7f8fb1b6605
[X] c:\windows\system32\microsoft\protect\s-1-5-18\user\preferred
[X] c:\windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.1.7601.17514_none_04801f69e1dbd8e6\microsoft-windows-iis-clientcertificatemappingauthentication-deployment-dl.man
[X] c:\windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.1.7601.17514_none_04801f69e1dbd8e6\microsoft-windows-iis-iiscertificatemappingauthentication-deployment-dl.man
[X] c:\windows\winsxs\x86_microsoft-windows-m..eplacementmanifests_31bf3856ad364e35_6.1.7601.17514_none_fdfbc5f949b9a49e\application-experience-program-compatibility-assistant-replacement.man
[X] c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.1.7600.21448_none_307c24713ff6619a\aaclient.mof
[X] c:\windows\system32\.crusader
[X] c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17940_none_a82d8b59bb293454\lsasrv.mof
[X] c:\windows\winsxs\x86_microsoft-windows-ie-feeds-platform_31bf3856ad364e35_11.2.9600.17501_none_e612d2b497305811\msfeeds.mof
[X] c:\windows\winsxs\x86_microsoft-windows-t..minalservicesclient_31bf3856ad364e35_6.1.7600.21448_none_4e6a6a499b65bb1b\mstsc.mof
[X] c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.1.7600.21448_none_307c24713ff6619a\mstscax.mof
[X] c:\windows\winsxs\x86_wcf-m_sm_mof_31bf3856ad364e35_6.1.7601.18523_none_c66d4ffdde703ef5\servicemodel.mof.uninstall
[X] c:\windows\system32\wbem\tspkg.mof
[X] c:\windows\winsxs\x86_microsoft-windows-coreusermodepnp_31bf3856ad364e35_6.1.7601.17621_none_78fb463d8b38df23\umpnpmgr.mof
[X] c:\windows\winsxs\x86_microsoft-windows-profsvc_31bf3856ad364e35_6.1.7600.17014_none_fbd2404093c8e658\userprofilewmiprovider.mof
[X] c:\windows\winsxs\x86_microsoft-windows-wdf-kernellibrary_31bf3856ad364e35_6.1.7600.17013_none_767300c37f08da42\wdf01000uninstall.mof
[X] c:\windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.1.7600.17184_none_41d58a5422919ce8\wgxinstalledgame.mof
[X] c:\windows\winsxs\x86_microsoft-windows-p..talcontrolssettings_31bf3856ad364e35_6.1.7600.17184_none_f3c1abbd70c40069\wpcuninst.mof
[X] c:\windows\winsxs\x86_microsoft-windows-d..frameworks-usermode_31bf3856ad364e35_6.1.7600.17013_none_9d3179155660574a\wudfxuninstall.mof
[X] c:\windows\winsxs\x86_microsoft-windows-t..tivexcore.resources_31bf3856ad364e35_7.1.7601.16398_en-us_66e72c066fe44655\aaclient.mfl
[X] c:\windows\winsxs\x86_microsoft-windows-t..cesclient.resources_31bf3856ad364e35_7.1.7601.18581_en-us_67c6d3ce5782b13c\mstsc.mfl
[X] c:\windows\winsxs\x86_microsoft-windows-t..tivexcore.resources_31bf3856ad364e35_7.2.7601.18361_en-us_2f2f39790e9dcd84\mstscax.mfl
[X] c:\windows\system32\wbem\en-us\wscenter.mfl
[X] c:\windows\winsxs\x86_microsoft-windows-authentication-authui_31bf3856ad364e35_6.1.7601.22843_none_0e6300c36ce0e937\authui.ptxml
[X] c:\windows\winsxs\x86_microsoft-windows-d..frameworks-usermode_31bf3856ad364e35_6.1.7600.17013_none_9d3179155660574a\driverframeworks-usermode.ptxml
[X] c:\windows\winsxs\x86_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.1.7601.18150_none_0d41cdd2ad80020d\prod_wmpplayer.ptxml
[X] c:\windows\winsxs\x86_microsoft-windows-profsvc_31bf3856ad364e35_6.1.7600.17014_none_fbd2404093c8e658\profsvc.ptxml
[X] c:\windows\winsxs\x86_microsoft-windows-timedate_31bf3856ad364e35_6.1.7600.16940_none_8fa8cc3b250187e3\timedate.ptxml
[X] c:\users\monk\appdata\local\google\chrome\user data\chrome_shutdown_ms.txt
[X] c:\windows\winsxs\x86_microsoft-windows-tapisetup_31bf3856ad364e35_6.1.7600.16385_none_69c980e6fc7d9b52\tsec.ini
[X] c:\windows\tapi\tsec.ini
[X] c:\windows\tasks\sa.dat
[X] c:\windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7601.22733_en-us_05fd080209c15da4\_networkingperfcounters_d.ini
[X] c:\windows\winsxs\x86_microsoft-windows-coreos_31bf3856ad364e35_6.1.7601.17787_none_271105689cc96a2c\win.ini
[X] c:\windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7601.22733_en-us_05fd080209c15da4\_dataperfcounters_shared12_neutral_d.ini
[X] c:\windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7601.22733_en-us_05fd080209c15da4\_dataoracleclientperfcounters_shared12_neutral_d.ini
[X] c:\windows\inf\.net data provider for sqlserver\0409\_dataperfcounters_shared12_neutral_d.ini
[X] c:\windows\inf\.net data provider for oracle\0409\_dataoracleclientperfcounters_shared12_neutral_d.ini
[X] c:\users\monk\appdata\roaming\thunderbird\profiles\nj1jebh7.default\traits.dat
[X] c:\windows\winsxs\x86_mscorlib_b77a5c561934e089_6.1.7601.18529_none_9c1371977dfe619b\ksc.nlp
[X] c:\users\monk\appdata\roaming\thunderbird\profiles\nj1jebh7.default\imapmail\imap-mail.outlook.com\msgfilterrules.dat
[X] c:\windows\winsxs\x86_mscorlib_b77a5c561934e089_6.1.7601.18529_none_9c1371977dfe619b\prc.nlp
[X] c:\windows\winsxs\x86_mscorlib_b77a5c561934e089_6.1.7601.18529_none_9c1371977dfe619b\normnfc.nlp
[X] c:\windows\winsxs\x86_mscorlib_b77a5c561934e089_6.1.7601.18529_none_9c1371977dfe619b\normnfd.nlp
[X] c:\windows\winsxs\x86_mscorlib_b77a5c561934e089_6.1.7601.18529_none_9c1371977dfe619b\prcp.nlp
[X] c:\windows\winsxs\x86_mscorlib_b77a5c561934e089_6.1.7601.18529_none_9c1371977dfe619b\xjis.nlp
[X] c:\windows\winsxs\x86_mscorlib_b77a5c561934e089_6.1.7601.18529_none_9c1371977dfe619b\big5.nlp
[X] c:\users\monk\appdata\roaming\thunderbird\profiles\nj1jebh7.default\mail\local folders\msgfilterrules.dat
[X] c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7600.17034_none_10f4bbc015fe69dd\administration.config
[X] c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7600.17034_none_10f4bbc015fe69dd\appcmd.xml
[X] c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7600.17034_none_10f4bbc015fe69dd\applicationhost.config
[X] c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7600.17034_none_10f4bbc015fe69dd\ftp_schema.xml
[X] c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7600.17034_none_10f4bbc015fe69dd\redirection.config
[X] c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7600.17034_none_10f4bbc015fe69dd\rscaext.xml
[X] c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7600.17034_none_10f4bbc015fe69dd\webdav_schema.xml
[X] c:\windows\winsxs\x86_microsoft-windows-msmq-triggers-service_31bf3856ad364e35_6.1.7600.16385_none_27fcd9fd1e58c523\mqtgsvc.exe.cfg
[X] c:\windows\winsxs\x86_microsoft-windows-rascmak_31bf3856ad364e35_6.1.7600.16385_none_1062b6b4da087467\template.cmp
[X] c:\windows\winsxs\x86_microsoft-windows-s..ccessagent-binaries_31bf3856ad364e35_6.1.7600.16385_none_de06b4fbd5b45f78\read me.url
[X] c:\windows\winsxs\x86_subsystem-for-unix-based-applications_31bf3856ad364e35_6.1.7601.17514_none_75efc1b14e31b4e4\download.url
[X] c:\windows\servicing\sessions\sessions.xml
[X] c:\windows\servicing\sessions\sessions.back.xml
[X] c:\windows\panther\contents0.dir
[X] c:\windows\inf\setupapi.dev.log
[X] c:\users\monk\appdata\roaming\thunderbird\profiles\nj1jebh7.default\telemetry.shutdowntime.txt
[X] c:\program files\common files\apple\mobile device support\com.apple.safari.client.resources\english.lproj\localizable.strings
[X] c:\program files\common files\apple\mobile device support\com.apple.outlook.client.resources\english.lproj\localizable.strings
[X] c:\program files\creative\shared files\software update\config.ini
[X] c:\windows\system32\logfiles\scm\cd1fc6c6-59d0-4e0b-8a07-f9dee0491150
[X] c:\windows\system32\logfiles\scm\b3acb81a-50df-446d-9a9c-c1c67d816217
[X] c:\windows\system32\logfiles\scm\d858ab27-f2e8-4156-924b-572921ebab59
[X] c:\windows\system32\logfiles\scm\a3eab81c-c016-4d13-abfc-08c84f7244f5
[X] c:\windows\system32\logfiles\scm\fe6954ba-583f-490d-888f-6edc5b3d3e9d
[X] c:\windows\system32\logfiles\scm\cfa4a40e-6529-4308-a470-5c6afec89406
[X] c:\windows\system32\logfiles\scm\d572be1f-6109-4c3a-839b-95b07f202376
[X] c:\windows\system32\logfiles\scm\5e63e77b-af15-43d1-bf72-c2c720272a39
[X] c:\windows\system32\logfiles\scm\7b3bcbf1-6021-4704-88ba-90a4456b47bb
[X] c:\windows\system32\logfiles\scm\ff495215-21be-4b27-a04e-62577881c217
[X] c:\windows\system32\logfiles\scm\9d3cb83e-25ca-4a5e-9c54-aca402ddceef
[X] c:\windows\system32\logfiles\scm\3ad7f5c3-bb77-4487-a6d6-ced4298801bc
[X] c:\windows\system32\logfiles\scm\c50ab0f6-6952-444a-bdd4-89a53a5c5ad6
[X] c:\windows\system32\logfiles\scm\bb6309f4-df0a-4579-a7d3-82f790efe1e0
[X] c:\windows\system32\logfiles\scm\9c26b03c-f6f8-4d33-8cc6-9f923f4c36be
[X] c:\windows\system32\logfiles\scm\835c877d-9488-403c-b840-79851b923c9e
[X] c:\windows\system32\logfiles\scm\12d95382-0af2-4029-91e0-9aa838fbff2b
[X] c:\windows\system32\logfiles\scm\2975fb21-ee21-44be-bef7-5745e815e077
[X] c:\windows\system32\logfiles\scm\ae58ddbe-a5bc-4b1d-9afe-2075122dbd7d
[X] c:\windows\system32\logfiles\scm\10953616-8bd1-4301-af05-e0bf0e1666b8
[X] c:\windows\system32\logfiles\scm\7ef2e74c-6c77-49b7-be3f-c335b4bec3bd
[X] c:\windows\system32\logfiles\scm\8af5ee4f-b185-4c2f-9842-dbde1be05faa
[X] c:\windows\system32\logfiles\scm\97953dac-9e3c-4f91-a27e-395f5420d6e2
[X] c:\windows\system32\logfiles\scm\4e37e08a-34f2-44cd-8053-21809af0e55b
[X] c:\windows\system32\logfiles\scm\8052b741-e1bb-450d-8a01-750e2fbc7ebf
[X] c:\windows\system32\logfiles\scm\af4bae72-b899-4083-b410-2d76f657a662
[X] c:\windows\system32\logfiles\scm\a15b90b7-8c6d-4aff-b6ef-fb177d09c8a0
[X] c:\windows\system32\logfiles\scm\be696351-ba09-440c-91de-105fa2e48ef7
[X] c:\program files\creative\sound blaster x-fi go pro\volume panel\theme\default\loadfailed.str
[X] c:\users\monk\appdata\local\google\chrome\user data\default\extensions\okfhiodnpcnnnpgbjbhfebjnbagmfhab\2.5.5_0\reenter_password14.js
[X] c:\programdata\microsoft\rac\statedata\racmetadata.dat
[X] c:\windows\system32\logfiles\scm\925c4096-657a-40ea-8577-9e025be83e1e
[X] c:\windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7601.18523_en-us_a2c5e0da97c46aff\_servicemodeloperationperfcounters_d.ini
[X] c:\programdata\checkpoint\zonealarm\logs\zalog.txt
[X] c:\windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7601.18523_en-us_a2c5e0da97c46aff\_servicemodelserviceperfcounters_d.ini
[X] c:\windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7601.18523_en-us_a2c5e0da97c46aff\_transactionbridgeperfcounters_d.ini
[X] c:\windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7601.18523_en-us_a2c5e0da97c46aff\_servicemodelendpointperfcounters_d.ini
[X] c:\users\monk\appdata\locallow\microsoft\silverlight\is\etia343n.iqx\qq2rmsiw.plt\1\g\susquuv41low2fs1nblvzukcfg2ayghm33jak1knwm5ruwwpqnaaahfa\quota.dat
[X] c:\windows\system32\logfiles\wmi\rtbackup\etwrteventlog-security.etl
[X] c:\users\monk\appdata\roaming\thunderbird\crash reports\installtime20141012121702
[X] c:\windows\ctfile.rfc
[X] c:\program files\installshield installation information\{fccda302-32d9-4ae7-a094-4be677554f26}\reginfo.log
[X] c:\program files\creative\sound blaster x-fi go pro\console launcher 3\entertainment console\theme\entertainment\loadfa.str
[X] c:\windows\softwaredistribution\download\ab154afb81af7a657445a2a21e226942\cbshandler\state
[X] c:\users\monk\appdata\local\microsoft\windows\wer\erc\viewedids.resp
[X] c:\windows\system32\microsoft\protect\s-1-5-18\preferred
[X] c:\users\monk\appdata\local\thunderbird\updates\d78bf5dd33499ec2\active-update.xml
[X] c:\programdata\microsoft\windows\drm\blackbox.bin
[X] c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows media\12.0\wmsdknsd.xml
[X] c:\windows\system32\microsoft\protect\s-1-5-19\preferred
[X] c:\programdata\microsoft\crypto\rsa\s-1-5-18\5d91c0b736f4f8dbdd317cf8a037fced_20378b63-26c4-4805-8ee7-3e7e5aad1371
[X] c:\programdata\microsoft\crypto\rsa\s-1-5-18\6d14e4b1d8ca773bab785d1be032546e_20378b63-26c4-4805-8ee7-3e7e5aad1371
[X] c:\users\monk\appdata\local\lptmp1129086521\changemasterpw5.js
[X] c:\users\monk\appdata\local\lptmp1129086521\cmenu-vista-bg.gif
[X] c:\users\monk\appdata\local\lptmp1129086521\create_account4.js
[X] c:\users\monk\appdata\local\lptmp1129086521\dot_for_ie.gif
[X] c:\users\monk\appdata\local\lptmp1129086521\formfill1.js
[X] c:\users\monk\appdata\local\lptmp1129086521\lp_toolstrip17.js
[X] c:\users\monk\appdata\local\lptmp1129086521\lp_toolstrip46.js
[X] c:\users\monk\appdata\local\lptmp1129086521\menu.css
[X] c:\users\monk\appdata\local\lptmp1129086521\omnikey3.js
[X] c:\users\monk\appdata\local\lptmp1129086521\popover7.js
[X] c:\users\monk\appdata\local\lptmp1129086521\reenter_password14.js
[X] c:\users\monk\appdata\local\lptmp1129086521\site11.js
[X] c:\users\monk\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3795844004-4128841395-3337064661-1000\94fadf6a4130b109428117d68c6a3b38_20378b63-26c4-4805-8ee7-3e7e5aad1371
[X] c:\windows\softwaredistribution\download\076bef812c06898d47485ebc00e521a2\cbshandler\state
[X] c:\programdata\creative\product registration\reg.txt
[X] c:\users\monk\appdata\local\google\chrome\user data\default\sync extension settings\laankejkbhbdhmipfmgcngdelahlfoji\current
[X] c:\windows\system32\logfiles\scm\06c7d21b-2d00-452d-a86a-440334ae9d17
[X] c:\users\monk\appdata\roaming\thunderbird\profiles\nj1jebh7.default\virtualfolders.dat
[X] c:\users\monk\appdata\local\google\chrome\user data\default\indexeddb\http_www.netflix.com_0.indexeddb.leveldb\current
[X] c:\users\monk\appdata\local\google\chrome\user data\default\file system\plugins\origins\current
[X] c:\users\monk\appdata\local\google\chrome\user data\default\file system\plugins\000\application_x-ppapi-widevine-cdm\paths\current
[X] c:\windows\softwaredistribution\download\ff274b8b194c07645106a9ad6074d826\cbshandler\state
[X] c:\users\monk\appdata\local\google\chrome\user data\default\pepper data\shockwave flash\writableroot\#sharedobjects\chu3npxa\www.bluehost.com\media\shared\general\trackr.swf\v.sol
[X] c:\windows\softwaredistribution\download\562886972203267fe525e1c83cd8eee1\cbshandler\state
[X] c:\windows\softwaredistribution\download\c73563bd686e9b444dfb981e6cd1606e\cbshandler\state
[X] c:\users\monk\appdata\local\google\chrome\user data\default\file system\plugins\origins\log.old
[X] c:\program files\installshield installation information\{fccda302-32d9-4ae7-a094-4be677554f26}\install.log
[X] c:\windows\softwaredistribution\download\e3df115ccf0fd246c2177d9a8d35c625\cbshandler\state
[X] c:\program files\installshield installation information\{23a1be2a-32d5-4232-b375-ab805b50774b}\install.log
[X] c:\windows\system32\logfiles\scm\528976db-41a8-48e3-aa0a-d768bb182081
[X] c:\windows\softwaredistribution\download\b7d25cb014efc78834cfbc2541761b64\cbshandler\state
[X] c:\program files\installshield installation information\{aaef329e-f353-46c9-933d-24a571986093}\install.log
[X] c:\windows\installer\$patchcache$\managed\271d3094bccdf293393a43acd974efd3\cachesize.txt
[X] c:\users\monk\appdata\local\google\chrome\user data\default\extensions\cknebhggccemgcnbidipinkifmmegdel\3.3_0\js\prefdone.js
[X] c:\users\monk\appdata\local\google\chrome\user data\default\file system\plugins\000\application_x-ppapi-widevine-cdm\paths\log.old
[X] c:\users\monk\appdata\local\google\chrome\user data\default\extensions\cknebhggccemgcnbidipinkifmmegdel\3.3_0\js\content\override.js
[X] c:\windows\softwaredistribution\download\8acb7fdbdb1218c2498573ecfd520d7d\cbshandler\state
[X] c:\users\monk\appdata\local\google\chrome\user data\default\pepper data\shockwave flash\writableroot\#sharedobjects\chu3npxa\entitlement.auth.adobe.com\authorization_access.sol
[X] c:\users\monk\appdata\local\google\chrome\user data\default\extensions\okfhiodnpcnnnpgbjbhfebjnbagmfhab\2.5.5_0\changemasterpw5.js
[X] c:\users\monk\appdata\local\google\chrome\user data\default\extensions\okfhiodnpcnnnpgbjbhfebjnbagmfhab\2.5.5_0\cmenu-vista-bg.gif
[X] c:\users\monk\appdata\local\google\chrome\user data\widevinecdm\1.4.6.703\manifest.fingerprint
[X] c:\users\monk\appdata\local\google\chrome\user data\widevinecdm\1.4.6.703\_platform_specific\win_x86\cdmadapterversion
[X] c:\users\monk\appdata\local\google\chrome\user data\default\extensions\okfhiodnpcnnnpgbjbhfebjnbagmfhab\2.5.5_0\create_account4.js
[X] c:\users\monk\appdata\local\google\chrome\user data\evwhitelist\4\manifest.fingerprint
[X] c:\users\monk\appdata\local\google\chrome\user data\default\extensions\okfhiodnpcnnnpgbjbhfebjnbagmfhab\2.5.5_0\dot_for_ie.gif
[X] c:\users\monk\appdata\roaming\thunderbird\profiles\nj1jebh7.default\times.json
[X] c:\programdata\checkpoint\zonealarm\logs\fwdbglog.txt
[X] c:\windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a0a0b4109acccb2a\_transactionbridgeperfcounters_d.ini
[X] c:\users\monk\appdata\local\google\chrome\user data\default\session storage\current
[X] c:\windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a0a0b4109acccb2a\_servicemodelendpointperfcounters_d.ini
[X] c:\windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a0a0b4109acccb2a\_servicemodeloperationperfcounters_d.ini
[X] c:\windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a0a0b4109acccb2a\_servicemodelserviceperfcounters_d.ini
[X] c:\users\monk\appdata\local\google\chrome\user data\default\extensions\okfhiodnpcnnnpgbjbhfebjnbagmfhab\2.5.5_0\formfill1.js
[X] c:\users\monk\appdata\local\google\chrome\user data\pnacl\0.1.0.13769\manifest.fingerprint
[X] c:\users\monk\appdata\local\google\chrome\user data\default\file system\001\p\paths\current
[X] c:\users\monk\appdata\roaming\thunderbird\profiles\nj1jebh7.default\imapmail\imap.googlemail.com\inbox-3.sbd\2f521d99.sbd\adea54a7.sbd\simon &- jeremy.sbd\memberspeed
[G] c:\windows\system32\dxgi.dll [MD5: D4F264FE23F8953D840904418220C15E] [Flags: 00000000.4662]
[G] c:\windows\system32\dmocx.dll [MD5: EB7B4563D6D20FC663F15FE8581D0BF2] [Flags: 40000000.564]
[G] c:\windows\system32\iconcodecservice.dll [MD5: 523CF74A52C9A1762DA8B83AEE734498] [Flags: 40000000.829]
[G] c:\windows\system32\ipnathlp.dll [MD5: D1A079A0DE2EA524513B6930C24527A2] [Flags: 40000000.875]
[G] c:\windows\system32\windowscodecsext.dll [MD5: 62A6EB5771580CAE445804389F3F7432] [Flags: 00000000.4659]
[G] c:\windows\system32\perfdisk.dll [MD5: B92E9318F7E4AEF633B8EC3A873565AF] [Flags: 40000000.1536]
[G] c:\windows\system32\cnc_bvc.dll [MD5: 437E4B36A8C25E86CB2D87B3BA86414C] [Flags: 00000000.4651]
[G] c:\windows\system32\drivers\nvm62x32.sys [MD5: B5E37E31C053BC9950455A257526514B] [Flags: 00080400.9918]
[G] c:\windows\system32\sstpsvc.dll [MD5: D318F23BE45D5E3A107469EB64815B50] [Flags: 40000000.1911]
[G] c:\windows\system32\xolehlp.dll [MD5: 9D6AA2ADD3F704134EE89C1E58BDFD1B] [Flags: 40000000.2320]
[G] c:\program files\google\update\1.3.25.11\googlecrashhandler.exe [MD5: CB8C1CC4F46FBAC78150754D77460C73] [Flags: 00101000.3329]
[G] c:\program files\mozilla thunderbird\msvcp100.dll [MD5: 03E9314004F504A14A61C3D364B62F66] [Flags: 00001000.3965]
[G] c:\windows\system32\drivers\vsdatant.sys [MD5: 8AEDAF658E36A863DDAA06A79FADECB0] [Flags: 00001000.3518]
[G] c:\windows\microsoft.net\framework\v4.0.30319\wpf\presentationnative_v0400.dll [MD5: AE839020FEE052598F096942C8002C73] [Flags: 00001000.8836]
[G] c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll [MD5: EDB57065790B62EF83BE117AD3EDFDE2] [Flags: 40000000.2716]
[G] c:\windows\helppane.exe [MD5: 2FF3A32F01DF61836FED59D441D8B9DF] [Flags: 50100000.82]
[G] c:\windows\system32\notepad.exe [MD5: D378BFFB70923139D6A4F546864AA61C] [Flags: 40100000.83]
[G] c:\program files\checkpoint\zonealarm\scheduler.dll [MD5: D052EEC9C460A1619F10706D3D59690E] [Flags: 00001000.3509]
[G] c:\program files\checkpoint\zonealarm\vsdb.dll [MD5: 3F34B93F64389C8295144CDA855FAF4A] [Flags: 00001000.3515]
[G] c:\program files\ipod\bin\ipodservice.resources\ipodservice.dll [MD5: CDDBB0C0106C9E6EB6841E69444760FA] [Flags: 00001000.9392]
[G] c:\windows\system32\nsi.dll [MD5: 6377051C63D5552A311935C67E9FDFDC] [Flags: 40000000.1459]
[G] c:\windows\system32\aepic.dll [MD5: FC455888F04CD3B5285168DEFB90C55F] [Flags: 00000000.10428]
[G] c:\program files\superantispyware\sas_enum_cookies.exe [MD5: E5B19F06B5105B110255C7A4A87DB307] [Flags: 00101000.9914]
[G] c:\windows\system32\drivers\nx6000.sys [MD5: 7A0F9CBDBDB135113B9A3C138E20C85D] [Flags: 00001000.8376]
[G] c:\windows\system32\ksppld32.dll [MD5: 23353D6841AECA053197445885F67B77] [Flags: 00000000.10345]
[G] c:\program files\ipod\bin\ipodservice.resources\en.lproj\ipodservicelocalized.dll [MD5: 88F237D6BC0ECC93300AD2891B0C689C] [Flags: 00001000.9379]
[G] c:\windows\microsoft.net\framework\v4.0.30319\wpf\wpfgfx_v0400.dll [MD5: 76C2A3B47FE220E027697CDEF63A72C9] [Flags: 00001000.8786]
[G] c:\program files\itunes\ituneshelper.resources\en.lproj\ituneshelperlocalized.dll [MD5: C65439FC97BE565644D20A159AA38C4A] [Flags: 00001000.9462]
[G] c:\program files\itunes\ituneshelper.resources\ituneshelper.dll [MD5: 0750F7CC03CCAA673270DF11600CCAD6] [Flags: 00001000.9475]
[G] c:\program files\itunes\ituneshelper.dll [MD5: 536A4997067287E261D904E33F253578] [Flags: 00001000.9453]
[G] c:\windows\assembly\nativeimages_v4.0.30319_32\windowsbase\94bbd298ec8575f3c6151a59538a109c\windowsbase.ni.dll [MD5: 22EDF349ABFB29E711E51DB0295A25DE] [Flags: 00000000.8670]
[G] c:\windows\system32\ksapo32.dll [MD5: A0AE91FF79DA41B16A4623C6E166CF9B] [Flags: 00000000.10348]
[G] c:\windows\system32\dpx.dll [MD5: 0C0DF0F05BAEA320FA301F34E256E08B] [Flags: 00000400.4554]
[G] c:\windows\system32\adsnt.dll [MD5: B7D2873EC0487646CCDF740AF748852C] [Flags: 40000000.198]
[G] c:\windows\system32\t2embed.dll [MD5: 6B140B1382F1FE04BA57B196AEB19725] [Flags: 00000000.4502]
[G] c:\windows\system32\pnidui.dll [MD5: 3D6F22551D422F97AACB0BB927E4C846] [Flags: 00000000.4445]
[G] c:\windows\system32\apds.dll [MD5: 7D44EE5DBCC3A6E90EB60EDF72B66D99] [Flags: 40000000.257]
[G] c:\windows\system32\ifmon.dll [MD5: 019C500DBD380CBAFE5417DE8CD267F2] [Flags: 40000000.847]
[G] c:\windows\system32\printfilterpipelineprxy.dll [MD5: 7DF79C77C79FA04DFF150857E53F02A6] [Flags: 40000000.1588]
[G] c:\windows\system32\perfctrs.dll [MD5: EDD2AD141DEBD425D74A52A4D7BE6AC4] [Flags: 40000000.1535]
[G] c:\windows\system32\ole2nls.dll [MD5: 32CFCC848A57F87638E31E8735515F80] [Flags: 40000000.1491]
[G] c:\windows\system32\ole2disp.dll [MD5: EB38BE7D7CF9EC15442A9D24CB39A2AC] [Flags: 40000000.1490]
[G] c:\windows\system32\reg.exe [MD5: D69A9ABBB0D795F21995C2F48C1EB560] [Flags: 40000000.1678]
[G] c:\windows\system32\printfilterpipelinesvc.exe [MD5: 57CA8BEFC6F5AC166CC7160D7792D7C2] [Flags: 40000000.1590]
[G] c:\windows\system32\wcnapi.dll [MD5: C7D5B4171C77DD0B26C5571E7777C355] [Flags: 40000000.2093]
[G] c:\windows\regedit.exe [MD5: 8A4883F5E7AC37444F23279239553878] [Flags: 40000000.85]
[G] c:\windows\system32\cmdrtr.dll.tmp [MD5: FE02416988970A924C302C8E448BB703] [Flags: 00000000.3077]
[G] c:\windows\system32\xmlprovi.dll [MD5: 84785AC06DE6734B4881C839367FE319] [Flags: 40000000.2319]
[G] c:\windows\system32\icmui.dll [MD5: 0096686EB2ACDB36184F49A10652E5FE] [Flags: 40000000.828]
[G] c:\windows\system32\kbdtajik.dll [MD5: 566925A00B8F439D6155F023E9494DEB] [Flags: 00000000.6202]
[G] c:\windows\system32\kbdturme.dll [MD5: BDEB4A838DA1E2D9C9631298FA3D58C5] [Flags: 00000000.4360]
[G] c:\program files\checkpoint\install\install.exe [MD5: 434AAC2219D9573E8FFBB7F946D204BE] [Flags: 00001000.3414]
[G] c:\windows\system32\shsetup.dll [MD5: 5E6E37DC2EFE39EC146271E22A16844F] [Flags: 00000000.4494]
[G] c:\windows\system32\msdtctm.dll [MD5: C43580971DE309516BAFC30DE736C147] [Flags: 00000000.6459]
[G] c:\windows\system32\dxptaskringtone.dll [MD5: 1078F4A06BE5DACDC8429215ADAE8104] [Flags: 00000000.6491]
[G] c:\windows\system32\wmpencen.dll [MD5: 80C5342074711F098A00F71FFF262B3B] [Flags: 00000000.6488]
[G] c:\windows\system32\sound.drv [MD5: 028A1F74926DC3DF2D9629EDC9AEBAFB] [Flags: 40000000.180]
[G] c:\windows\system32\system.drv [MD5: 4A00D59AE6D75BDFC2C8E5182C4B1376] [Flags: 40000000.181]
[G] c:\windows\system32\timer.drv [MD5: 9E7425234ADDEDABC7BF7ADDAFD72FD9] [Flags: 40000000.182]
[G] c:\windows\system32\adsmsext.dll [MD5: D73E4CF4AA1B674F522C995174900076] [Flags: 40000000.197]
[G] c:\windows\system32\iisrstap.dll [MD5: 9DDC99B7B0A004EE28B2EDE5F9C708D6] [Flags: 00000000.10068]
[G] c:\windows\system32\drivers\hitmanpro37.sys [MD5: B3635FD088BA2F6F03A276A961BE6ED2] [Flags: 00001000.3537]
[G] c:\program files\creative\sound blaster x-fi go pro\program\setup.exe [MD5: 74E9631EF29A97C9512C809996D8AD14] [Flags: 00000000.3054]
[G] c:\users\monk\appdata\local\temp\hitmanpro.exe [MD5: BD6C3071F98A563989F99AC61BDDC925] [Flags: 10101000.3534]
[G] c:\windows\assembly\nativeimages_v4.0.30319_32\system.windows.forms\db563d596d76daed04e9b5d25b2f4cb9\system.windows.forms.ni.dll [MD5: 4E886667DD5BC1B44E280404310443C2] [Flags: 00000000.9173]
[G] c:\windows\assembly\nativeimages_v4.0.30319_32\presentationcore\006d28e7c86f3e70db90ce06ea2f33fb\presentationcore.ni.dll [MD5: F27763800CE191CB5EFF9AE204B2338C] [Flags: 00000000.9171]
[G] c:\windows\system32\sdiageng.dll [MD5: B45934FDAEB1710CEC3D8F797FD481CA] [Flags: 40000000.1754]
[G] c:\windows\system32\locator.exe [MD5: 94D36C0E44677DD26981D2BFEEF2A29D] [Flags: 40000000.1149]
[G] c:\windows\system32\snmptrap.exe [MD5: 6A984831644ECA1A33FFEAE4126F4F37] [Flags: 40000000.1815]
[G] c:\windows\system32\ui0detect.exe [MD5: 8344FD4FCE927880AA1AA7681D4927E5] [Flags: 40000000.2006]
[G] c:\windows\system32\jscript9.dll [MD5: F728E7E9937117E0F32F39840EB6D737] [Flags: 00000000.10437]
[G] c:\windows\system32\vds.exe [MD5: C3CD30495687C2A2F66A65CA6FD89BE9] [Flags: 00000000.5105]
[G] c:\windows\assembly\nativeimages_v4.0.30319_32\presentatio5ae0f00f#\3646375313dd2b8e3afecbf945960336\presentationframework.ni.dll [MD5: 98AF3A8430A1D01A14F2F8C48C03013B] [Flags: 00000000.9172]
[G] c:\windows\system32\vssvc.exe [MD5: 209A3B1901B83AEB8527ED211CCE9E4C] [Flags: 00100000.5156]
[G] c:\windows\system32\wbem\wmiapsrv.exe [MD5: 6EB6B66517B048D87DC1856DDF1F4C3F] [Flags: 40100000.2693]
[G] c:\program files\windows media player\wmpnetwk.exe [MD5: 3B40D3A61AA8C21B88AE57C58AB3122E] [Flags: 10100000.4613]
[G] c:\windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7600.16385_none_0935b76c289e0fd5\drupdate.dll [MD5: 4CCF86AAD1B67168FB51A477307EC288] [Flags: 40000000.2786]
[G] c:\windows\winsxs\x86_microsoft-windows-riched32_31bf3856ad364e35_6.1.7601.17514_none_9f081dc1e0ddbddb\riched20.dll [MD5: 102CF6879887BBE846A00C459E6D4ABC] [Flags: 00000000.4505]
[G] c:\windows\winsxs\x86_microsoft-windows-vsssystemprovider_31bf3856ad364e35_6.1.7600.16385_none_4b094ff5d572404f\swprv.dll [MD5: A28BD92DF340E57B024BA433165D34D7] [Flags: 40000000.1922]
[G] c:\windows\winsxs\x86_microsoft-windows-virtualdiskapilibrary_31bf3856ad364e35_6.1.7600.16385_none_ed38f66d69c578dc\virtdisk.dll [MD5: 88C170086371CC5716010AF223F6F780] [Flags: 40000000.2075]
[G] c:\windows\system32\vss_ps.dll [MD5: 5A8BF4E8810541C23F4067536FB48CA3] [Flags: 40000000.2081]
[G] c:\windows\system32\wpc.dll [MD5: 43C9CF6825CEA58F1815B7C3DBBB385C] [Flags: 00000000.9101]
[G] c:\windows\system32\drivers\diskdump.sys [MD5: 5FB4F271032B6435F3B2252F577A4815] [Flags: 00001000.9176]
[G] c:\windows\system32\drivers\dxgkrnl.sys [MD5: 3583A5A8CC2E682BFFBD4630D0FEC08B] [Flags: 00001000.9177]
[G] c:\windows\system32\drivers\dxgmms1.sys [MD5: 0EC652D17AB4607745FB4E6958E8FAB6] [Flags: 00001000.9178]
[G] c:\windows\system32\drivers\ndiswan.sys [MD5: 38FBE267E7E6983311179230FACB1017] [Flags: 00000000.4264]
[G] c:\windows\system32\drivers\rdpwd.sys [MD5: CD9214A6AE17D188D17C3CF8CB9CC693] [Flags: 00000000.9179]
[G] c:\windows\system32\drivers\storport.sys [MD5: F1A449D762657230629D8BFC107ABC14] [Flags: 00001000.9180]
[G] c:\windows\system32\drivers\wimmount.sys [MD5: 5CF95B35E59E2A38023836FFF31BE64C] [Flags: 40001000.2595]
[G] c:\windows\system32\remotepg.dll [MD5: 292F2FA57EB9B773DA1C15AFCC4A4F90] [Flags: 00000000.4330]
[G] c:\windows\system32\riched32.dll [MD5: B5506B451BFE7148ECA7056BDA2970BD] [Flags: 00000000.4344]
[G] c:\windows\system32\srrstr.dll [MD5: E2864DF592832883151A8D5500A7EAAA] [Flags: 00000000.5000]
[G] c:\windows\system32\useraccountcontrolsettings.dll [MD5: ACA1F50844E08F3F5178E8FF3F21FBC2] [Flags: 00000000.6330]
[G] c:\windows\microsoft.net\framework\v2.0.50727\aspnet_state.exe [MD5: 4DFB39347CE1E8E51AD2D8B124C9D7FA] [Flags: 00001000.9103]
[G] c:\windows\microsoft.net\framework\v3.0\wpf\presentationfontcache.exe [MD5: E56F39F6B7FDA0AC77A79B0FD3DE1A2F] [Flags: 40001000.95]
[G] c:\windows\microsoft.net\framework\v4.0.30319\setupcache\v4.5.50938\setup.exe [MD5: 1DA103F2CF6BBF961FF51E8A1C01C725] [Flags: 10001000.8024]
[X] c:\users\monk\appdata\roaming\thunderbird\profiles\nj1jebh7.default\imapmail\imap.googlemail.com\inbox-3
[X] c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_7.2.7601.22562_none_ebe62f1f66e466c3\mstscax.mof
[X] c:\windows\winsxs\x86_microsoft-windows-t..tivexcore.resources_31bf3856ad364e35_7.2.7601.16415_en-us_2f6979b30e717110\mstscax.mfl
[X] c:\windows\winsxs\x86_microsoft-windows-r..s-regkeys-component_31bf3856ad364e35_7.1.7601.18465_none_22d0e8d4f11faff1\terminalserver-winip.admx
[X] c:\users\monk\appdata\local\google\chrome\user data\default\extensions\okfhiodnpcnnnpgbjbhfebjnbagmfhab\2.5.5_0\lp_toolstrip17.js
[X] c:\users\monk\appdata\local\google\chrome\user data\default\extensions\okfhiodnpcnnnpgbjbhfebjnbagmfhab\2.5.5_0\lp_toolstrip46.js
[X] c:\users\monk\appdata\local\google\chrome\user data\default\extensions\okfhiodnpcnnnpgbjbhfebjnbagmfhab\2.5.5_0\menu.css
[X] c:\users\monk\appdata\local\google\chrome\user data\default\extensions\okfhiodnpcnnnpgbjbhfebjnbagmfhab\2.5.5_0\omnikey3.js
[X] c:\users\monk\appdata\local\google\chrome\user data\default\extensions\okfhiodnpcnnnpgbjbhfebjnbagmfhab\2.5.5_0\popover7.js
[X] c:\users\monk\appdata\local\google\chrome\user data\default\extensions\okfhiodnpcnnnpgbjbhfebjnbagmfhab\2.5.5_0\site11.js
[X] c:\windows\winsxs\x86_mscorlib_b77a5c561934e089_6.1.7601.18529_none_9c1371977dfe619b\sortkey.nlp
[X] c:\users\monk\appdata\local\google\chrome\user data\default\extensions\laankejkbhbdhmipfmgcngdelahlfoji\1.5.7_0\readme.md
[X] c:\users\monk\appdata\local\google\chrome\user data\default\web applications\_crx_aohghmighlieiainnegkcijnfilokake\google docs.ico.md5
[X] c:\users\monk\appdata\local\google\chrome\user data\default\local extension settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\current
[X] c:\windows\softwaredistribution\download\68a932b7d968000f163a56fce4f1c00f\cbshandler\state
[X] c:\users\monk\appdata\local\google\chrome\user data\default\pepper data\shockwave flash\writableroot\#sharedobjects\chu3npxa\s.ytimg.com\sounddata.sol
[X] c:\windows\winsxs\x86_mscorlib_b77a5c561934e089_6.1.7601.18529_none_9c1371977dfe619b\sorttbls.nlp
[X] c:\users\monk\appdata\local\google\chrome\user data\default\sync data\syncdata.sqlite3
[X] c:\programdata\apple computer\itunes\sc info\sc info.txt
[X] c:\users\monk\appdata\local\google\chrome\user data\default\extensions\phjkepckmcnjohilmbjlcoblenhgpjmo\1.0_0\iptools.js
[X] c:\users\monk\appdata\roaming\openoffice\4\user\extensions\tmp\extensions.pmap
[X] c:\windows\microsoft.net\framework\v1.1.4322\asp.netclientfiles\smartnav.htm
[X] c:\windows\microsoft.net\framework\v1.1.4322\1033\setupenu2.txt
[X] c:\windows\microsoft.net\framework\v1.1.4322\1033\setupenu1.txt
[X] c:\program files\installshield installation information\{fbff2411-d066-4d24-bce0-893086009e1b}\install.log
[X] c:\windows\winsxs\x86_microsoft-windows-d..frameworks-usermode_31bf3856ad364e35_6.1.7601.17803_none_9f22cfcb537e712a\driverframeworks-usermode.ptxml
[X] c:\program files\installshield installation information\{12321490-f573-4815-b6cc-7abef18c9ac4}\install.log
[X] c:\windows\microsoft.net\framework\v4.0.30319\asp.netwebadminfiles\images\deselectedtab_1x1.gif
[X] c:\users\monk\appdata\local\google\chrome\user data\default\pepper data\shockwave flash\writableroot\#sharedobjects\chu3npxa\player.ooyala.com\auth.sol
[X] c:\users\monk\appdata\local\google\chrome\user data\default\pepper data\shockwave flash\writableroot\#sharedobjects\chu3npxa\player.ooyala.com\auth_id.sol
[X] c:\windows\winsxs\x86_microsoft-windows-wdf-kernellibrary_31bf3856ad364e35_6.1.7601.17803_none_786457797c26f422\wdf01000uninstall.mof
[X] c:\users\monk\appdata\local\google\chrome\user data\default\extensions\mlomiejdfkolichcflejclcbmpeaniij\5.4.1_0\data\images\page_controls\sprite.conf
[X] c:\users\monk\appdata\local\google\chrome\user data\default\extensions\mlomiejdfkolichcflejclcbmpeaniij\5.4.1_0\data\images\panel\footer\sprite.conf
[X] c:\users\monk\appdata\local\google\chrome\user data\default\extensions\mlomiejdfkolichcflejclcbmpeaniij\5.4.1_0\data\images\panel\header\sprite.conf
[X] c:\users\monk\appdata\local\google\chrome\user data\default\extensions\mlomiejdfkolichcflejclcbmpeaniij\5.4.1_0\data\images\panel\settings\sprite.conf
[X] c:\users\monk\appdata\local\google\chrome\user data\default\extensions\mlomiejdfkolichcflejclcbmpeaniij\5.4.1_0\data\images\panel\tracker\sprite.conf
[X] c:\users\monk\appdata\local\google\chrome\user data\default\extensions\mlomiejdfkolichcflejclcbmpeaniij\5.4.1_0\data\images\panel\tutorial\tutorial_sprites\sprite.conf
[X] c:\users\monk\appdata\local\google\chrome\user data\default\extensions\mlomiejdfkolichcflejclcbmpeaniij\5.4.1_0\license
[X] c:\users\monk\appdata\roaming\thunderbird\crash reports\installtime20141127140543
[X] c:\windows\softwaredistribution\download\c86244f34e58ec764e05aa7a7a00819c\cbshandler\state
[X] c:\users\monk\appdata\local\google\chrome\user data\default\extensions\cknebhggccemgcnbidipinkifmmegdel\3.3_0\xml\default.xml
[X] c:\users\monk\appdata\local\google\chrome\user data\default\extensions\cknebhggccemgcnbidipinkifmmegdel\3.3_0\images\blank.gif
[X] c:\users\monk\appdata\local\google\chrome\user data\default\extensions\cknebhggccemgcnbidipinkifmmegdel\3.3_0\images\bullet.gif
[X] c:\users\monk\appdata\local\google\chrome\user data\default\file system\000\p\paths\log
[X] c:\users\monk\appdata\local\google\chrome\user data\default\extensions\cknebhggccemgcnbidipinkifmmegdel\3.3_0\css\content\override.css
[X] c:\users\monk\appdata\local\google\chrome\user data\default\file system\000\p\paths\manifest-000002
[X] c:\users\monk\appdata\local\google\chrome\user data\default\file system\000\p\paths\current
[X] c:\users\monk\appdata\local\google\chrome\user data\default\file system\000\p\.usage
[X] c:\users\monk\appdata\roaming\microsoft\internet explorer\quick launch\user pinned\implicitappshortcuts\9d91276b0be3e46b\desktop.ini
[X] c:\users\monk\appdata\local\google\chrome\user data\default\extensions\djejicklhojeokkfmdelnempiecmdomj\1.95.22_0\css\apps\apps-common\images\viewport_bg_dots.gif
[X] c:\users\monk\appdata\local\google\chrome\user data\default\web applications\_crx_djejicklhojeokkfmdelnempiecmdomj\lucidchart diagrams - desktop.ico.md5
[X] c:\windows\softwaredistribution\download\67c9fb2eeef4671a4afb5167c11eb4f2\cbshandler\state
[X] c:\users\monk\appdata\local\google\chrome\user data\default\extensions\cfnpidifppmenkapgihekkeednfoenal\0.2.20_0\get_started\images\lightbox-blank.gif
[X] c:\users\monk\appdata\local\google\chrome\user data\default\extensions\cfnpidifppmenkapgihekkeednfoenal\0.2.20_0\img\feedback_o_layer.png
[X] c:\users\monk\appdata\local\google\chrome\user data\default\file system\001\p\.usage
[X] c:\users\monk\appdata\local\google\chrome\user data\default\pepper data\shockwave flash\writableroot\#sharedobjects\chu3npxa\www.hulu.com\ovpmetricsprovider.sol
[X] c:\users\monk\appdata\local\google\chrome\user data\default\pepper data\shockwave flash\writableroot\#sharedobjects\chu3npxa\ssl.p.jwpcdn.com\com.longtailvideo.jwplayer.sol
[X] c:\programdata\checkpoint\zonealarm\logs\tvdebug.log
[X] c:\program files\checkpoint\zonealarm\diagnostics\cp_ini\cpinfoblank.ini
[X] c:\programdata\checkpoint\zonealarm\data\vsconfig.tmp
[X] c:\program files\checkpoint\zonealarm\help\arrowdown.gif
[X] c:\program files\checkpoint\zonealarm\help\arrowright.gif
[X] c:\programdata\microsoft\crypto\rsa\s-1-5-18\4eccd106f69e31c1b12304e5463bb71d_20378b63-26c4-4805-8ee7-3e7e5aad1371
[X] c:\windows\softwaredistribution\download\aba352669c959bb47f28796eb29f2f15\cbshandler\state
[X] c:\windows\softwaredistribution\download\6f481fd49009bf2c236c0ce2a90bc7b1\cbshandler\state
[X] c:\windows\softwaredistribution\download\8d4a9f1c6b9f593c0101f66020f33d5b\cbshandler\state
[X] c:\windows\softwaredistribution\download\460bd04033c6fc5510e5f0581e7cbbcb\cbshandler\state
[X] c:\users\monk\appdata\local\google\chrome\user data\default\gcm store\current
[X] c:\users\monk\appdata\local\google\chrome\user data\default\extension state\current
[X] c:\users\monk\appdata\local\google\chrome\user data\default\sync extension settings\bkkbcggnhapdmkeljlodobbkopceiche\current
[X] c:\windows\softwaredistribution\download\3d70b46759231efdf509451013587466\cbshandler\state
[X] c:\users\monk\appdata\local\google\chrome\user data\default\indexeddb\chrome-extension_mefgmmbdailogpfhfblcnnjfmnpnmdfa_0.indexeddb.leveldb\current
[X] c:\users\monk\appdata\local\google\chrome\user data\default\file system\origins\current
[X] c:\users\monk\appdata\local\google\chrome\user data\default\sync extension settings\lijicndbkjoplmhnclmoahmcaffaeapp\current
[X] c:\users\monk\appdata\local\google\chrome\user data\default\indexeddb\https_www.netflix.com_0.indexeddb.leveldb\current
[X] c:\users\monk\appdata\local\microsoft\internet explorer\domstore\iuzompoq\www.google[1].xml
[X] c:\windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7601.18523_en-us_a2c5e0da97c46aff\_smsvchostperfcounters_d.ini
[X] c:\windows\microsoft.net\framework\v4.0.30319\ngen_service.old.log
[X] c:\users\monk\appdata\local\google\chrome\user data\default\extensions\mefgmmbdailogpfhfblcnnjfmnpnmdfa\2.9.3_0\scripts-core\init-background.js
[X] c:\users\monk\appdata\local\google\chrome\user data\default\extensions\mefgmmbdailogpfhfblcnnjfmnpnmdfa\2.9.3_0\styles\theme-light.css
[X] c:\windows\softwaredistribution\download\c913f0455ea1bdbbf9f88349d6831516\cbshandler\state
[X] c:\users\monk\appdata\local\google\chrome\user data\default\pepper data\shockwave flash\writableroot\#sharedobjects\chu3npxa\entitlement.auth.adobe.com\social_data.sol
[X] c:\windows\softwaredistribution\download\596f403461605fb7641413dc77d8f3e8\cbshandler\state
[X] c:\users\monk\appdata\local\google\chrome\user data\default\pepper data\shockwave flash\writableroot\#sharedobjects\chu3npxa\www.hulu.com\newsiteplayer_volume.sol
[X] c:\nvidia\displaydriver\340.52\win8_winvista_win7\english\gfexperience.nvstreamsrv\amd64\server\steam_appid.txt
[X] c:\nvidia\displaydriver\340.52\win8_winvista_win7\english\gfexperience.nvstreamsrv\steamlauncher\steam_appid.txt
[X] c:\nvidia\displaydriver\340.52\win8_winvista_win7\english\gfexperience.nvstreamsrv\x86\server\steam_appid.txt
[X] c:\windows\softwaredistribution\download\fce24dba18cebaf6d645f784f2b7e79f\cbshandler\state
[X] c:\users\monk\appdata\local\microsoft\internet explorer\domstore\xdz4eumj\www.yahoo[1].xml
[X] c:\users\monk\appdata\local\microsoft\internet explorer\domstore\3i4e85uu\ad.doubleclick[1].xml
[X] c:\users\monk\appdata\local\microsoft\internet explorer\domstore\cru8c0pv\googleads.g.doubleclick[1].xml
[X] c:\users\monk\appdata\locallow\microsoft\silverlight\is\etia343n.iqx\qq2rmsiw.plt\1\s\bdgfajif4tsk2xgqkjspp1wa0lsvp0csud5afwqo42qaxx1y3jaaaega\f\slplayer\gpua.json
[X] c:\users\monk\appdata\local\microsoft\internet explorer\domstore\iuzompoq\bh.contextweb[1].xml
[X] c:\users\monk\appdata\locallow\microsoft\silverlight\is\etia343n.iqx\qq2rmsiw.plt\1\s\bdgfajif4tsk2xgqkjspp1wa0lsvp0csud5afwqo42qaxx1y3jaaaega\id.dat
[X] c:\users\monk\appdata\locallow\microsoft\silverlight\is\etia343n.iqx\qq2rmsiw.plt\1\s\bdgfajif4tsk2xgqkjspp1wa0lsvp0csud5afwqo42qaxx1y3jaaaega\group.dat
[X] c:\users\monk\appdata\locallow\microsoft\silverlight\is\etia343n.iqx\qq2rmsiw.plt\1\g\bdgfajif4tsk2xgqkjspp1wa0lsvp0csud5afwqo42qaxx1y3jaaaega\used.dat
[X] c:\users\monk\appdata\locallow\microsoft\silverlight\is\etia343n.iqx\qq2rmsiw.plt\1\g\bdgfajif4tsk2xgqkjspp1wa0lsvp0csud5afwqo42qaxx1y3jaaaega\id.dat
[X] c:\users\monk\appdata\locallow\microsoft\silverlight\is\etia343n.iqx\qq2rmsiw.plt\1\g\bdgfajif4tsk2xgqkjspp1wa0lsvp0csud5afwqo42qaxx1y3jaaaega\quota.dat
[X] c:\users\monk\appdata\locallow\microsoft\silverlight\is\etia343n.iqx\qq2rmsiw.plt\1\s\ixlvwfia5nv50mwi1jdvturdwolt1bupud12ckuxjcmqbzgqueaaagga\id.dat
[X] c:\users\monk\appdata\locallow\microsoft\silverlight\is\etia343n.iqx\qq2rmsiw.plt\1\s\ixlvwfia5nv50mwi1jdvturdwolt1bupud12ckuxjcmqbzgqueaaagga\group.dat
[X] c:\users\monk\appdata\locallow\microsoft\silverlight\is\etia343n.iqx\qq2rmsiw.plt\1\s\ixlvwfia5nv50mwi1jdvturdwolt1bupud12ckuxjcmqbzgqueaaagga\f\n
[X] c:\users\monk\appdata\locallow\microsoft\silverlight\is\etia343n.iqx\qq2rmsiw.plt\1\g\ixlvwfia5nv50mwi1jdvturdwolt1bupud12ckuxjcmqbzgqueaaagga\used.dat
[X] c:\users\monk\appdata\locallow\microsoft\silverlight\is\etia343n.iqx\qq2rmsiw.plt\1\g\ixlvwfia5nv50mwi1jdvturdwolt1bupud12ckuxjcmqbzgqueaaagga\id.dat
[X] c:\users\monk\appdata\locallow\microsoft\silverlight\is\etia343n.iqx\qq2rmsiw.plt\1\g\ixlvwfia5nv50mwi1jdvturdwolt1bupud12ckuxjcmqbzgqueaaagga\quota.dat
[X] c:\users\monk\desktop\mbar\master.conf


#20 BrotherPorter

BrotherPorter

    Authentic Member

  • Authentic Member
  • PipPip
  • 24 posts

Posted 13 December 2014 - 11:21 AM

i was prevented from copying/pasting the 2nd page by keylogger/intruder even behind mpl (manhattan public library); I wish I could find out who was head of the NOC (these ppl working here are clueless or we could label and find these. Remember Mitnik....



#21 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 13 December 2014 - 08:19 PM

Hi BrotherPorter,

I'm sorry, but I am little confused:

What is SecureAnywhere Scan Log?
I don't know how to interpret this log.
 

here is what I've been able to piece together before they removed the file:

 
Who is "they"?

 

I have not applied my windows 7 public key nor activated this version again as I've installed so many times that I have to phone
and didn't want to do this until it is ready to be steady

 
Can you please explain what you mean by this in greater detail?

 

i was prevented from copying/pasting the 2nd page by keylogger/intruder even behind mpl (manhattan public library); I wish I could find out who was head of the NOC (these ppl working here are clueless or we could label and find these.

 
How do you know you have a keylogger on your machine?
What does NOC stand for?
OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#22 BrotherPorter

BrotherPorter

    Authentic Member

  • Authentic Member
  • PipPip
  • 24 posts

Posted 17 December 2014 - 10:33 AM

well, I don't know if the 'reply' from my email notice I got from you made it to you, I don't see it in this thread. Let me see if I can explain it. I'm at our Public Library because of the PC issue at home.

'They", it could be a him and/or her, they is synonymous for multiple hackers. Keyloggers because how else are they able to view 'me' at the keyboard with camera view when I don't have a camera installed? This is one of those items I've mentioned that I caught them doing behind the scenes they didn't expect me to 'find' when 'thinking how to thwart their plans for my PC usage'.

 

I have 2 '1inch binders full of printouts of files I would come across showing some of the javascripts, txt files, xml, and source files of website phishing they would setup to get me to reveal my gmail and other website passwords. I have 3 different copies of Windows over the years I've bought that are genuine. Each time I've installed them I wait until I have them completely installed before I hook up the internet portion; Once I installed Win XP sp1, another Win XP sp2, and then Win 7 Home Premium.... only one of those times did I actually create and login as true 'admin' account. All the other times, I could not sign in as Administrator (god power) ... only as Admin without being able to do certain changes ON MY OWN COMPUTER! This is what I have been fighting since June. I filed a complaint with Internet Criminal Complaint Center, better known as I3c's (in law enforcement and tech lingo). That is about 6 weeks old but I may not hear from them although they tell you to maintain control of any evidence you have. I used to carry all my paperwork and flash drives where ever I went, especially since I know my apt has been broached. Remember I've been a cop and regardless of that we all generally know we leave certain things in a certain place in our rooms and we recognize when things aren't in those certain places.  When I try to explain this I have to laugh with the parties I explain it to like at Radio Shack --- I bought a 5 port Fast ethernet switch so I wouldn't have ANY device(s) using wireless in my house and they wouldn't be able to piggyback on my wireless even though I went into configuration and used Mac filtering in the router.  I was sayiing any time I explain it, it sounds like Mel Gibson in the movie Conspiracy Theory. I'm now considering closing my internet account down completely and going to a dialup account, so I can get email and that's it. Why am I paying $50 a month for 50gb/mth or even $20/mth for 5gb. Keep least amount of TV 23 channels, and my cell phone. I live alone, my family is in Louisiana but I don't have any tech savy friends who could sit with me and calling Cox tech would only tell me that they go as far as they can when they have me connected. You guys have been great but like you say, I don't have the explanation you need because they are 'live' with me anytime I have turned on my PC within minutes somehow they get alerted and the logfiles get deleted or moved or copying/pasting get disabled so I can't copy it to my flashdrive or printout so I would have it for I3Cs or FBI.

I appreciate what you have been doing; it's difficult for me because I'm just overwhelmed with this as I'm just trying to keep my spirits up with taking some classes online at Udemy.com and sending/receiving email and watching Netflix using bluray/dvd on my tv. I haven't had tv for 3 years and enjoyed the savings. I even rescued a beautiful 6  year old Siamese Sealpoint from a Rescue Club, he had cancer also and they got the tumor out completely and he does so good and has started 'talking' to me as siamese are known to do   Gives me hope that it is a sign for this my 2nd go round; they say this just approved version of chemo med is 95% cure after 12 weeks, fingers crossed and to God's ear!  I suppose we can close this thread; oh I forgot, NOC means Network Operations Center; where all the network techs work watching to see when the servers take a hit or dedicated server customers need assistance with rerouting their backbones because routing is crowded or down. Backbokens used to be MCI, WorldCom, Sprint,  google didn't exist or OpenDNS, here is a link to current backbone providers http://www.nthelp.com/maps.htm  most of these didn't exist back in 1994 when I was part of startup of Pacific Bell Internet, 1st baby bell to create an internet company after NSFnet gave internet up to private companies. I don't want to do this endlessly as things change daily. I thought about 2600.com because that is known for white hats and probably some black hats too (hackers...) Thanks for your time OCD.  and Merry Christmas!



#23 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 17 December 2014 - 08:50 PM

Hi BrotherPorter,

Tell me how you would like to proceed. While you wait for a reply from Internet Criminal Complaint Center we can continue and go throught the steps for malware removal and try and confirm that the computer is clean.

Or if you prefer, we can close the thread as you stated in your last reply.
OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#24 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 20 December 2014 - 09:47 PM

Hi BrotherPorter,

Just checking in to see if you still need help?
OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#25 BrotherPorter

BrotherPorter

    Authentic Member

  • Authentic Member
  • PipPip
  • 24 posts

Posted 21 December 2014 - 03:22 PM

No I need you guys more than ever. I had to reinstall Windows because he locked me out of many abilities. One thing now I can't do is use any of my flash drives; I get the message that I need to format my drive, do I want to do that?  That is on all 4 of my drives. I know there is a usb flash drive virus but I don't think we are talking about that here. I was going to list the tdsskiller I ran; it cured 38 items and had a whole list of things I needed. I have installed Comodo and running in virtual desktop mode hoping to find something that works. I still don't have administrative mode, even after reinstalling. When windows upgrade occurs and trys to install service pack 1 -- it says failure and 'reverting back, don't turn off computer' ... man would buying a new internal hdd  make a difference, or is there something that is triggering a 'notice' to them that I'm online?  Commodo has GeekBuddy which connects live with you but I'm so nervous about anyone linking into my PC but I don't know how to let someone see what is going on.  Let's move on, if you won't give up on me, I'm willing to do what I can. Now. however, I don't know if I have anything on these flash drives; I haven't done any commands; we are talking 4 flash usb devices.  Thanks for hanging in there and for being patient with me. This is the first time I've been in a browser since the last message.

Rick


    Advertisements

Register to Remove


#26 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 21 December 2014 - 10:34 PM

Hi BrotherPorter,

I have some questions for you so I can try a understand what is going on.

1. When did you reinstall Windows?
2. How many times have you reinstalled Windows on this computer?
3. Is the computer connected to the Internet?
4. Where are making these posts from, the infected computer?

A new hard drive is not going to make a difference in what you are experiencing, unless the hard drive is defective. But that wouldn't account for the issues you are having with Windows.

I don't know anything about GeekBuddy. I would assume that once connected to GeekBuddy they would request some kind of payment to correct the issue. If in fact they can fix it.

Formatting your flash drive will erase any data stored on them.

5. Can you take the flash drive to the library and use their computers to view what is on them?

 

Please answer all 5 questions.
 


OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#27 BrotherPorter

BrotherPorter

    Authentic Member

  • Authentic Member
  • PipPip
  • 24 posts

Posted 28 December 2014 - 10:05 AM

wow, this is only showing Dec 12, haven't I written anything since then; I'm certain I have; where are my texts about my being ill; Over the holiday I've been trying out a new mattress at our lovely resort hospital. They said I have a cute kidney failure; I said I can't believe it; I've never failed anything in school :)

 

anyway, dehydration (some chemical term, I wasn't good at that in HS)..now they are selling my stuff on internet because I was trying to get into my yahoo mail account and when I tried changing my email password, it would show Europe in the URL and I know I wasn't planning any trips any time soon except to my old mattress.

 

1. When did you reinstall Windows?
2. How many times have you reinstalled Windows on this computer?
3. Is the computer connected to the Internet?
4. Where are making these posts from, the infected computer?

I will do this quickly, I'm out of bed for first time to sit up and try to fix/eat some hamburger helper :)

 

(1) I reinstalled Windows (and activated it) on 12/21

(2) shoot, I have done Windows XP (sp1) at least twice, windows XP (sp2) at least three, one time which I got Admin because they didn't expect me to have a different version of Windows XP, and Windows 7 Pro at least 3 times

(3) The computer is not connected to the internet while I am installing the software; I plugin modem and fast ethernet switch as I boot the machine for the time I'm hooking to the internet for first time connection.

(4) I am generally, making some of the posts from my infected PC (I have Comodo installed and using it in Virtual Mode and using Comodo Dragon browser (supposed to be like incognito) and I use Zemana Anti-keylogger (it says it is working). Curently, on this installation I do not have admin rights.

It's just difficult using the library because you're caught by time and you get caught by checking/replying to email; physical energy not counting the time it takes to endure the infusion.  I think I can do the tests you would need but I would need to know if I run it out of the sandbox or can I run it inside like I do the browser and thunderbird. Thanks. And I can't thank you so much for helping. This program uses Geekbuddy and I was going to let them connect to my PC (he noted an immediate problem, but again they wanted to charge) and he started telling me what they did; I told him dude, I can do all that, I helped created all that stuff at start up for Pacific Bell Internet back in 94 until 2003 when I grew up in ranks of Tech Support first tier to Operations Mgr of 400 tech agents on floor at San Ramon as Mama AT&T was breathing down our necks... but now these guys are deep into programming that I don't know; I got lost when I couldn't keep up with PBI sending me to Java class. so I'm greatful for the help. really!!! and patience. I'm tempted to go next door to this internet company :) (CivicPlus) and get a job there, brand new building, good KPIs. Well, I'm accepting all offers of buying a sleepnumber mattress so I can take it with me when I go take a vaction to our fine Spa.



#28 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 29 December 2014 - 09:26 AM

Hi BrotherPorter,
 

I reinstalled Windows (and activated it) on 12/21

 

If this is a clean install on 12/21 then you shouldn't have any malware or keyloggers on your computer.
 

The computer is not connected to the internet while I am installing the software; I plugin modem and fast Ethernet switch as I boot the machine for the time I'm hooking to the internet for first time connection.

 

Does this computer STAY connected to the Internet?
Or just when your booting for the "first time connection"? (please explain what a "first time connection" is)

 

Currently, on this installation I do not have admin rights.

 

Why don't you have Admin rights?

When Windows is installed it creates and Admin Account by default.
Check in the Control Panel under User Accounts and verify that you do not have Admin Rights on this computer.



 


OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#29 BrotherPorter

BrotherPorter

    Authentic Member

  • Authentic Member
  • PipPip
  • 24 posts

Posted 31 December 2014 - 08:25 AM

the computer stays online while I am using it during the day; but when I'm done with it at night, I shut it down. You know I built it in 2009, I've pulled the cmos battery once to see if it would eliminate they're hold onto the pc but it didn't matter. When I try installing fresh windows again, I reformat but it is not low level; I tried the WD version once but it wouldn't do it because it recognized I was using it. The only thing I can think of why they still can attach with a different version of s/w is because of a profile, perhaps like if I were to login to Google, Chrome, Gmail, any google account, they have spoofed many of those sites. Even now, since I've started using Comodo Internet Security so I could use a virtual desktop (only since last Wednesday), I've noticed that homepage is opening with english but has .fr in the URL address; if you delete the question marks, etc, it will go to the French portal for yahoo, and this is what I assumed... https://www.yahoo.com/?fr  now if you get rid of the ? mark it will revert to french, so if I login to yahoo to get my mail or anything else, they have my 'password' and/or all my security information such as 2tier information. They also do this with this using [GB] great britain; I believe them to be selling my site and info because I can login and see places in Europe sometimes not being able to login (usually because I've changed my password, probably every couple days) and then sometimes it does show entry from India, Turkey, etc. The security screen they've started prompting me with is different than the real one, making me think it is a change in site and it gets confusing when it happens, and I have been caught  off guard. I don't want to close my complete google account. I did close my google+ but I haven't tried it, I may have done that on one of the spoofed sites.



#30 BrotherPorter

BrotherPorter

    Authentic Member

  • Authentic Member
  • PipPip
  • 24 posts

Posted 31 December 2014 - 08:26 AM

I'm saving because screen has popped, meaning someone is now entered the logging state, so saving here will get more difficult, yes even through virtual desktop mode ...


Related Topics




Also tagged with one or more of these keywords: Windows redirect, SSDT, keylogger, rootkits, active, ssdt, hooks, rootkit, redirecting windows directori

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users