WinZip Registry Optimizer Virus

Hi Guys,

Thank you for your time and detailed process, I hope I have included all that you asked for.

As you requested 'Utorrent' and 'Vuze' have been removed from the computer and 'Microsoft Forefront Endpoint Protection' has been disabled. The requested text 'DDS.txt' is below and 'Attach.txt' and 'ARK.txt' are atached in the 'Attach.zip' file.

FYI I don't have a Windows Install Disc or Boot CD but I can get access to one from someone else.

As requested I have backed up all important files on the computer to another hard drive.

I have a 'WinZip Registry Optimizer' program that keeps popping up each time I turn the computer on and telling me I have errors on my computer and to Purchase their program to fix it. It seems it is a virus as I was using torrents when it popped up. I use Windows 7 and when I press the start button the 'WinZip Registry Optimizer' is the first icon above the start button and it is highlighted yellow.

I was trying to download the "Pimsleur Spanish" program via some torrents using the 'Utorrent' program. I tried to download a few of the torrents although they looked a little fishy and didn't work. I then installed the 'Vuze' program and dowloaded the 'Pimsleur Spanish' torrent from isohunt.com - it downloaded successfully. Since then I have had the 'WinZip Registry Optimizer' keep popping up.

Thank you very much for your help and I look forward to your reply. Please let me know if I can provide any more information.

Marko.

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16457
Run by Marko at 23:18:40 on 2013-01-11
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.61.1033.18.3575.788 [GMT 11:00]
.
AV: Microsoft Forefront Endpoint Protection *Enabled/Updated* {2E6C4BAB-3371-CD46-62DC-0E0A86B42619}
SP: Microsoft Forefront Endpoint Protection *Enabled/Updated* {950DAA4F-154B-C2C8-586C-3578FD336CA4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\Program Files\Microsoft Forefront\Forefront System\Client\AntiMalware\MsMpEng.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\Microsoft Forefront\Forefront System\Client\Agent\FSysAgent.exe
c:\Program Files\System Center Operations Manager 2007\HealthService.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
C:\Windows\system32\dmwu.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Microsoft Forefront\Forefront System\Client\UX\FSysClientUI.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\taskeng.exe
C:\ProgramData\Premium\ZoomEx\ZoomEx.exe
C:\ProgramData\Premium\SaveAs\SaveAs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Users\Marko\AppData\Local\Akamai\netsession_win.exe
C:\Users\Marko\AppData\Local\Akamai\netsession_win.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10p_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\ManageEngine\DesktopCentral_Server\bin\DesktopCentral.exe
C:\ManageEngine\DesktopCentral_Server\bin\wrapper.exe
C:\Windows\system32\conhost.exe
C:\ManageEngine\DesktopCentral_Server\jre\bin\java.exe
C:\Windows\system32\conhost.exe
C:\ManageEngine\DesktopCentral_Server\pgsql\bin\postgres.exe
C:\ManageEngine\DesktopCentral_Server\pgsql\bin\postgres.exe
C:\ManageEngine\DesktopCentral_Server\pgsql\bin\postgres.exe
C:\ManageEngine\DesktopCentral_Server\pgsql\bin\postgres.exe
C:\ManageEngine\DesktopCentral_Server\pgsql\bin\postgres.exe
C:\ManageEngine\DesktopCentral_Server\pgsql\bin\postgres.exe
C:\ManageEngine\DesktopCentral_Server\pgsql\bin\postgres.exe
C:\ManageEngine\DesktopCentral_Server\pgsql\bin\postgres.exe
C:\Windows\system32\taskhost.exe
C:\ManageEngine\DesktopCentral_Server\pgsql\bin\postgres.exe
C:\ManageEngine\DesktopCentral_Server\pgsql\bin\postgres.exe
C:\ManageEngine\DesktopCentral_Server\pgsql\bin\postgres.exe
C:\ManageEngine\DesktopCentral_Server\bin\dcnotificationserver.exe
C:\ManageEngine\DesktopCentral_Server\apache\bin\dcserverhttpd.exe
C:\Windows\system32\conhost.exe
C:\ManageEngine\DesktopCentral_Server\apache\bin\dcrotatelogs.exe
C:\ManageEngine\DesktopCentral_Server\apache\bin\dcserverhttpd.exe
C:\Windows\system32\conhost.exe
C:\ManageEngine\DesktopCentral_Server\apache\bin\dcrotatelogs.exe
C:\ManageEngine\DesktopCentral_Server\pgsql\bin\postgres.exe
C:\ManageEngine\DesktopCentral_Server\pgsql\bin\postgres.exe
C:\ManageEngine\DesktopCentral_Server\pgsql\bin\postgres.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k Akamai
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.au/
mStart Page = hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={5AE0BF63-5968-11E2-AC69-1C6F65402558}
uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files\ask.com\GenericAskToolbar.dll
uURLSearchHooks: Veoh Web Player Toolbar: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - c:\program files\veoh_web_player\prxtbVeo0.dll
uURLSearchHooks: WhiteSmoke US New E1 Toolbar: {72a0f495-ba60-4524-827b-b36b8c18587a} - c:\program files\whitesmoke_us_new_e1\prxtbWhit.dll
uURLSearchHooks: {ba14329e-9550-4989-b3f2-9732e92d17cc} - <orphaned>
mURLSearchHooks: Veoh Web Player Toolbar: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - c:\program files\veoh_web_player\prxtbVeo0.dll
mURLSearchHooks: WhiteSmoke US New E1 Toolbar: {72a0f495-ba60-4524-827b-b36b8c18587a} - c:\program files\whitesmoke_us_new_e1\prxtbWhit.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine : {30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: Web Assistant: {336D0C35-8A85-403a-B9D2-65C292C39087} - c:\program files\web assistant\Extension32.dll
BHO: SaveAs: {4B0933D2-7555-D706-1896-9B1E9FC19CBF} - c:\programdata\saveas\50ebb9812c024.dll
BHO: SaveAs: {6DEF724F-A540-C52F-865E-2E18E9AE63A3} - c:\programdata\saveas\50ebbcc7a4f9a.dll
BHO: Incredibar.com Helper Object: {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - c:\program files\incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: WhiteSmoke US New E1 Toolbar: {72a0f495-ba60-4524-827b-b36b8c18587a} - c:\program files\whitesmoke_us_new_e1\prxtbWhit.dll
BHO: Funmoods Helper Object: {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - c:\program files\funmoods\1.5.23.22\bh\escort.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: SaveAs: {C9922BDC-EF8B-F3E4-1815-6A1B7113773A} - c:\programdata\saveas\50ebd10418305.dll
BHO: Veoh Web Player Toolbar: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - c:\program files\veoh_web_player\prxtbVeo0.dll
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: TheBflix Class: {DF71846E-BC5B-5554-C1E1-82B7C6C83A19} - c:\programdata\thebflix\bhoclass.dll
BHO: SweetPacks Browser Helper: {EEE6C35C-6118-11DC-9C72-001320C79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll
BHO: Zoomex: {F520B011-70B3-B894-1752-668BED0CED52} - c:\programdata\zoomex\50ebb54b7c1f5.dll
BHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - c:\program files\yontoo\YontooIEClient.dll
TB: Veoh Web Player Toolbar: {CD90BF73-20F6-44EF-993D-BB920303BD2E} - c:\program files\veoh_web_player\prxtbVeo0.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: WhiteSmoke US New E1 Toolbar: {72A0F495-BA60-4524-827B-B36B8C18587A} - c:\program files\whitesmoke_us_new_e1\prxtbWhit.dll
TB: Veoh Web Player Toolbar: {cd90bf73-20f6-44ef-993d-bb920303bd2e} - c:\program files\veoh_web_player\prxtbVeo0.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Funmoods Toolbar: {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - c:\program files\funmoods\1.5.23.22\escorTlbr.dll
TB: Incredibar Toolbar: {F9639E4A-801B-4843-AEE3-03D9DA199E77} - c:\program files\incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll
TB: WhiteSmoke US New E1 Toolbar: {72a0f495-ba60-4524-827b-b36b8c18587a} - c:\program files\whitesmoke_us_new_e1\prxtbWhit.dll
TB: SweetPacks Toolbar for Internet Explorer: {EEE6C35B-6118-11DC-9C72-001320C79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll
uRun: [VeohPlugin] "c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe"
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED
uRun: [Akamai NetSession Interface] "c:\users\marko\appdata\local\akamai\netsession_win.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [FCS Notify Icon] "c:\program files\microsoft forefront\forefront system\client\ux\FSysClientUI.exe" -IconOnly
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [PMBVolumeWatcher] c:\program files\sony\pmb\PMBVolumeWatcher.exe
mRun: [USBToolTip] c:\progra~1\pinnacle\shared~1\programs\usbtip\USBTip.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [PrivitizeVPN] c:\program files\privitizevpn\PrivitizeVPN.exe /autorun
mRun: [SweetIM] c:\program files\sweetim\messenger\SweetIM.exe
mRun: [Sweetpacks Communicator] c:\program files\sweetim\communicator\SweetPacksUpdateManager.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\manage~1.lnk - c:\manageengine\desktopcentral_server\bin\DesktopCentral.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.0.1 192.168.1.254
TCP: Interfaces\{BB223F9E-E17E-4FAE-B5AA-55CAE2DD3C07} : DHCPNameServer = 192.168.0.1 192.168.1.254
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
AppInit_DLLs= c:\progra~1\zoomex\sprote~1.dll c:\progra~1\saveas\sprote~1.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
============= SERVICES / DRIVERS ===============
.
R1 AppleCharger;AppleCharger;c:\windows\system32\drivers\AppleCharger.sys [2010-9-25 19496]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 142832]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-14 20992]
R2 DesktopCentralServer;ManageEngine Desktop Central Server;c:\manageengine\desktopcentral_server\bin\wrapper.exe -s c:\manageengine\desktopcentral_server\conf\wrapper.conf --> c:\manageengine\desktopcentral_server\bin\wrapper.exe -s c:\manageengine\desktopcentral_server\conf\wrapper.conf [?]
R2 FCSAM;Microsoft Antimalware Service;c:\program files\microsoft forefront\forefront system\client\antimalware\MsMpEng.exe [2009-7-2 17904]
R2 FSysAgent;Microsoft Forefront System Agent;c:\program files\microsoft forefront\forefront system\client\agent\FSysAgent.exe [2009-9-3 193376]
R2 HealthService;System Center Management;c:\program files\system center operations manager 2007\HealthService.exe [2009-5-8 27008]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sony\pmb\PMBDeviceInfoProvider.exe [2009-10-24 360224]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2012-10-2 382824]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\intel\intel(r) management engine components\uns\UNS.exe [2010-9-25 2320920]
R2 Web Assistant Updater;Web Assistant Updater;c:\program files\web assistant\ExtensionUpdaterService.exe [2012-7-2 188760]
R2 WebOptimizer;WebOptimizer;c:\windows\system32\dmwu.exe [2012-9-17 1006448]
R3 MEDC Server Component - Notification Server;MEDC Server Component - Notification Server;c:\manageengine\desktopcentral_server\bin\dcnotificationserver.exe [2013-1-11 230952]
R3 MEDCServerComponent-Apache;MEDC Server Component - Apache;c:\manageengine\desktopcentral_server\apache\bin\dcserverhttpd.exe [2013-1-11 20549]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2009-6-18 42480]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-9-25 277536]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-11-9 160944]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [2010-7-29 25112]
S3 PIXMCV;Victor Communication PIX-MCV Driver;c:\windows\system32\drivers\pixmcvc.sys [2004-6-3 33792]
S3 PIXMCVA;Victor PIX-MCV Audio Capture;c:\windows\system32\drivers\pixmcva.sys [2004-3-20 38144]
S3 PIXMCVV;Victor PIX-MCV Video Capture;c:\windows\system32\drivers\pixmcvv.sys [2004-3-27 32768]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-9-25 1343400]
S4 AdtAgent;Operations Manager Audit Forwarding Service;c:\windows\system32\AdtAgent.exe [2009-5-8 269696]
.
=============== Created Last 30 ================
.
2013-01-11 12:12:27 -------- d-----w- C:\ManageEngine
2013-01-11 12:11:39 77824 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll
2013-01-11 12:11:39 32768 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll
2013-01-11 12:11:39 225280 ----a-w- c:\program files\common files\installshield\iscript\iscript.dll
2013-01-11 12:11:39 176128 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll
2013-01-11 12:11:38 610436 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\IKernel.exe
2013-01-09 19:41:05 6812136 ----a-w- c:\programdata\microsoft\microsoft forefront\client security\client\antimalware\definition updates\{4566a895-2d4a-4dff-bda5-5a52638f0ae1}\mpengine.dll
2013-01-09 19:36:49 46592 ----a-w- c:\windows\system32\fpb.rs
2013-01-08 07:52:30 -------- d-----w- c:\programdata\SweetIM
2013-01-08 07:52:30 -------- d-----w- c:\program files\SweetIM
2013-01-08 07:52:27 -------- d-----w- c:\program files\sweetpacks bundle uninstaller
2013-01-08 07:51:46 -------- d-----w- c:\program files\Gophoto.it
2013-01-08 07:41:00 -------- d-----w- c:\users\marko\appdata\local\WinZip
2013-01-08 07:39:42 -------- d-----w- c:\users\marko\appdata\roaming\Nico Mak Computing
2013-01-08 07:39:39 17224 ----a-w- c:\windows\system32\roboot.exe
2013-01-08 07:39:35 -------- d-----w- c:\program files\WinZip Registry Optimizer
2013-01-08 07:39:30 -------- d-----w- c:\users\marko\.swt
2013-01-08 07:39:08 -------- d-----w- c:\program files\Vuze_Remote
2013-01-08 07:38:50 -------- d-----w- c:\users\marko\appdata\roaming\Azureus
2013-01-08 07:38:43 -------- d-----w- c:\program files\Vuze
2013-01-08 05:55:27 -------- d-----w- c:\program files\WhiteSmoke_US_New_E1
2013-01-08 05:55:06 -------- d-----w- c:\users\marko\appdata\local\SwvUpdater
2013-01-08 05:54:30 -------- d-----w- c:\program files\SaveAs
2013-01-08 05:54:20 -------- d-----w- c:\programdata\SaveAs
2013-01-08 05:36:51 -------- d-----w- c:\program files\PrivitizeVPN
2013-01-08 05:36:45 -------- d-----w- c:\programdata\WoW Worldwide Software LTD
2013-01-08 05:36:28 -------- d-----w- c:\program files\ZoomEx
2013-01-08 05:36:17 -------- d-----w- c:\programdata\Zoomex
2012-12-27 02:19:16 -------- d-----w- c:\users\marko\appdata\roaming\NVIDIA
2012-12-21 05:52:57 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-21 05:52:57 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-13 06:13:43 245616 ----a-w- c:\windows\system32\drivers\volsnap.sys
2012-12-13 06:13:41 376832 ----a-w- c:\windows\system32\dpnet.dll
2012-12-13 06:13:17 2048 ----a-w- c:\windows\system32\tzres.dll
.
==================== Find3M ====================
.
2012-12-07 05:04:20 308736 ----a-w- c:\windows\system32\Wpc.dll
2012-12-07 04:57:38 2576384 ----a-w- c:\windows\system32\gameux.dll
2012-11-30 05:06:15 169984 ----a-w- c:\windows\system32\winsrv.dll
2012-11-30 05:00:06 293376 ----a-w- c:\windows\system32\KernelBase.dll
2012-11-30 03:07:41 271360 ----a-w- c:\windows\system32\conhost.exe
2012-11-30 02:51:41 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:51:41 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:51:41 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:51:41 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-11-23 03:06:48 2344960 ----a-w- c:\windows\system32\win32k.sys
2012-11-22 09:33:26 627712 ----a-w- c:\windows\system32\usp10.dll
2012-11-20 05:10:07 219136 ----a-w- c:\windows\system32\ncrypt.dll
2012-11-14 02:09:22 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-09 04:49:55 492032 ----a-w- c:\windows\system32\win32spl.dll
2012-11-02 04:50:33 1388544 ----a-w- c:\windows\system32\msxml6.dll
2012-10-16 20:34:37 559104 ----a-w- c:\windows\apppatch\AcLayers.dll
.
============= FINISH: 23:19:56.61 ===============

Attached Files

Attach.zip (7.1 KB)