Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Laptop won't boot after ComboFix


  • This topic is locked This topic is locked
15 replies to this topic

#1 aaygen

aaygen

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:56 AM

Posted 28 January 2012 - 01:31 AM

Hello
I had a malware which was running PING.exe and redirecting on Firefox and I decided to run ComboFix. It warned me about other antivirus software(I only have the microsoft security essentials), and started to work. It was trying to make a new system restore point but I have system restore turned off, so I thought it was stuck. I also had to restart the computer because MSE found a threat and cleaned it and asked me for a reboot, so I just rebooted and now it's stuck on a loop. I tried the repair option that comes up when you press F8, I tried a Win7 Recovery DVD but no luck, it couldnt find any problems to repair. The only thing I made progress is I moved the ComboFix folder in C:\ to another folder to see if that works, it only allowed the Startup Repair to find a problem but it couldnt repair it.(it said something like "changes to system files" or something)
I tried to explain it clear but if there are any points that are not clear, i can try to expand. Sorry if I have any mistakes in english
Thanks in Advance

BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:56 PM

Posted 29 January 2012 - 08:39 AM

Hello aaygen,

Welcome to this forum. I will be assisting you with the issue.

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]

#3 aaygen

aaygen
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:56 AM

Posted 31 January 2012 - 12:07 AM

Here's my log:
Scan result of Farbar Recovery Scan Tool Version: 28-01-2012
Ran by SYSTEM at 2012-01-31 04:00:08
Running from F:\
Windows 7 Home Premium (X64) OS Language: 041F
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2735400 2011-03-31] (Synaptics Incorporated)
HKLM\...\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe [2463232 2009-07-22] ()
HKLM\...\Run: [AlienFX Controller] "C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe" [63304 2010-05-21] (Alienware Corporation)
HKLM\...\Run: [] [x]
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [165912 2010-01-04] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [387608 2010-01-04] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [365592 2010-01-04] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [10144288 2010-04-18] (Realtek Semiconductor)
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1436736 2011-06-15] (Microsoft Corporation)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [AlienwareOn-ScreenDisplay] C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe [1362544 2010-08-13] ()
HKU\Ata\...\Run: [AdobeBridge] [x]
HKU\Ata\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [357696 2010-04-01] (DT Soft Ltd)
HKU\Ata\...\Run: [BitComet] "C:\Program Files (x86)\BitComet\BitComet.exe" /tray [10811696 2010-12-08] (www.BitComet.com)
HKU\Ata\...\Policies\system: [disableregistrytools] 0
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Winlogon\Notify\WB: C:\Program Files (x86)\Stardock\MyColors\fast64.dll [X]
Tcpip\Parameters: [DhcpNameServer] 10.0.1.1
Lsa: [Notification Packages] scecli
FAPassSync
SubSystems: [Windows] ==> ZeroAccess

==================== Services (Whitelisted) ======

2 AlienFusionService; "C:\Program Files\Alienware\Command Center\AlienFusionService.exe" [14648 2010-05-21] (Alienware)
4 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [462184 2011-08-31] (Apple Inc.)
4 DokanMounter; C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe [11776 2010-07-05] ()
2 FirebirdGuardianDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe -s DefaultInstance [81920 2007-10-16] (FirebirdSQL Project)
3 FirebirdServerDefaultInstance; C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe -s DefaultInstance [2711552 2007-10-16] (FirebirdSQL Project)
4 Hamachi2Svc; "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s [2329480 2011-08-04] (LogMeIn Inc.)
4 InstallFilterService; C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe [59904 2009-12-19] ()
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe" [12784 2011-04-27] (Microsoft Corporation)
4 Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [935208 2009-05-15] (Nero AG)
3 NisSrv; "C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe" [288272 2011-04-27] (Microsoft Corporation)
4 PMBDeviceInfoProvider; "C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe" [430136 2011-08-24] (Sony Corporation)
4 RapiMgr; C:\Windows\WindowsMobile\rapimgr.dll [225672 2007-05-31] (Microsoft Corporation)
2 Simraceway Update Service; C:\Program Files (x86)\Simraceway\SRWUpdate.exe [405504 2011-11-23] ()
4 TetherBerry; C:\Program Files (x86)\TetherBerry\TBService.exe [49056 2009-08-13] ()
4 VMAuthdService; "C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe" [113200 2009-10-21] (VMware, Inc.)
4 VMUSBArbService; C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [563760 2009-10-21] (VMware, Inc.)
4 WcesComm; C:\Windows\WindowsMobile\wcescomm.dll [443784 2007-05-31] (Microsoft Corporation)
4 WindowBlinds; C:\Program Files (x86)\Stardock\MyColors\VistaSrv.exe [337200 2009-06-09] (Stardock Corporation)
4 Akamai; c:\program files (x86)\common files\akamai/netsession_win_d768ebc.dll [x]
2 btwdins; c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [x]
2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [x]
2 PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [x]
4 ufad-ws60; "C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe" -d "C:\Program Files (x86)\VMware\VMware Workstation\\" -s ufad-p2v.xml [x]
2 VMnetDHCP; C:\Windows\system32\vmnetdhcp.exe [x]
2 VMware NAT Service; C:\Windows\system32\vmnat.exe [x]

========================== Drivers (Whitelisted) =============

3 BridgeMP; C:\Windows\System32\DRIVERS\bridge.sys [95232 2009-07-13] (Microsoft Corporation)
2 cpuz135; \??\C:\Windows\system32\drivers\cpuz135_x64.sys [21992 2010-11-09] (CPUID)
2 Dokan; \??\C:\Windows\system32\drivers\dokan.sys [106888 2010-07-05] (Windows ® Win 7 DDK provider)
0 EMSC; C:\Windows\System32\DRIVERS\EMSC.SYS [16752 2009-06-26] (Windows ® Win 7 DDK provider)
3 epmntdrv; \??\C:\Windows\system32\epmntdrv.sys [16776 2011-07-29] ()
3 EuGdiDrv; \??\C:\Windows\system32\EuGdiDrv.sys [9096 2011-07-29] ()
3 EuMusDesignVirtualAudioCableWdm; C:\Windows\System32\DRIVERS\vrtaucbl.sys [66728 2012-01-22] (Eugene V. Muzychenko)
3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [33856 2009-03-18] (LogMeIn, Inc.)
2 hcmon; \??\C:\Windows\system32\drivers\hcmon.sys [38960 2009-10-21] (VMware, Inc.)
3 hwdatacard; C:\Windows\System32\DRIVERS\ewusbmdm.sys [115328 2008-09-26] (Huawei Technologies Co., Ltd.)
0 johci; C:\Windows\System32\DRIVERS\johci.sys [20392 2009-11-10] (JMicron )
3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [43456 2011-12-07] (http://libusb-win32.sourceforge.net)
3 MotioninJoyXFilter; C:\Windows\System32\DRIVERS\MijXfilt.sys [97552 2010-10-21] (MotioninJoy)
0 speedfan; C:\Windows\SysWow64\speedfan.sys [14104 2007-02-07] (Windows ® Server 2003 DDK provider)
3 tapoas; C:\Windows\System32\DRIVERS\tapoas.sys [30720 2011-08-19] (The OpenVPN Project)
3 TetherBridge; C:\Windows\System32\DRIVERS\TBridgeDrv.sys [17408 2010-10-08] (TetherBridge)
2 vmci; \??\C:\Windows\system32\drivers\vmci.sys [80944 2009-10-21] (VMware, Inc.)
3 vmkbd; \??\C:\Windows\system32\drivers\VMkbd.sys [29744 2009-10-21] (VMware, Inc.)
3 VMnetAdapter; C:\Windows\System32\DRIVERS\vmnetadapter.sys [20016 2009-10-21] (VMware, Inc.)
2 VMnetBridge; C:\Windows\System32\DRIVERS\vmnetbridge.sys [45104 2009-10-21] (VMware, Inc.)
2 VMnetuserif; \??\C:\Windows\system32\drivers\vmnetuserif.sys [30256 2009-10-21] (VMware, Inc.)
3 vmusb; C:\Windows\System32\Drivers\vmusb.sys [37680 2009-10-21] (VMware, Inc.)
2 vmx86; \??\C:\Windows\system32\drivers\vmx86.sys [68144 2009-10-21] (VMware, Inc.)
2 vstor2-ws60; \??\C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys [32816 2009-10-12] (VMware, Inc.)
3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [x]
3 BCM43XX; C:\Windows\System32\DRIVERS\bcmwl664.sys [x]
1 cciugsis; \??\C:\WINDOWS\system32\drivers\cciugsis.sys [x]
3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
3 EraserUtilDrvI10; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI10.sys [x]
1 kyjjdnwk; \??\C:\WINDOWS\system32\drivers\kyjjdnwk.sys [x]
1 tylegoft; \??\C:\WINDOWS\system32\drivers\tylegoft.sys [x]
1 wmsukmhk; \??\C:\WINDOWS\system32\drivers\wmsukmhk.sys [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-01-27 22:41 - 2012-01-27 22:41 - 0000000 ____D C:\Windows\ERDNT
2012-01-27 22:41 - 2011-06-26 00:45 - 0256000 ____A C:\Windows\PEV.exe
2012-01-27 22:41 - 2010-11-07 11:20 - 0208896 ____A C:\Windows\MBR.exe
2012-01-27 22:41 - 2009-04-19 22:56 - 0060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-01-27 22:41 - 2000-08-30 18:00 - 0518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-01-27 22:41 - 2000-08-30 18:00 - 0406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-01-27 22:41 - 2000-08-30 18:00 - 0098816 ____A C:\Windows\sed.exe
2012-01-27 22:41 - 2000-08-30 18:00 - 0080412 ____A C:\Windows\grep.exe
2012-01-27 22:41 - 2000-08-30 18:00 - 0068096 ____A C:\Windows\zip.exe
2012-01-27 22:36 - 2012-01-27 22:37 - 0664576 ____A C:\Users\Ata\Downloads\MicrosoftFixit50562.msi
2012-01-27 22:33 - 2012-01-27 22:35 - 0093052 ____A C:\TDSSKiller.2.7.7.0_27.01.2012_20.33.42_log.txt
2012-01-27 22:33 - 2012-01-27 22:33 - 0000346 ____A C:\TDSSKiller.2.7.6.0_27.01.2012_20.33.19_log.txt
2012-01-27 22:33 - 2012-01-27 22:33 - 0000346 ____A C:\TDSSKiller.2.7.6.0_27.01.2012_20.33.06_log.txt
2012-01-27 22:26 - 2012-01-27 22:27 - 36317320 ____A (PC Tools ) C:\Users\Ata\Downloads\sdsetup.exe
2012-01-27 20:57 - 2012-01-27 20:57 - 0154774 ____A C:\Windows\ntbtlog.txt
2012-01-26 18:28 - 2012-01-26 18:28 - 0000550 ____A C:\Windows\PFRO.log
2012-01-24 22:37 - 2012-01-24 22:38 - 0000000 ____D C:\Program Files\Microsoft Security Client
2012-01-24 22:37 - 2012-01-24 22:38 - 0000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-01-24 22:35 - 2012-01-24 22:35 - 10378656 ____A (Microsoft Corporation) C:\Users\Ata\Downloads\mseinstall.exe
2012-01-24 22:12 - 2012-01-24 22:12 - 0003364 ____A C:\Users\Ata\Downloads\firewall.reg
2012-01-24 22:12 - 2012-01-24 22:12 - 0001495 ____A C:\Users\Ata\Downloads\bfe.reg
2012-01-24 22:07 - 2012-01-24 22:07 - 0334429 ____A C:\Users\Ata\Downloads\FSS.exe
2012-01-24 22:06 - 2012-01-24 22:07 - 0177996 ____A C:\TDSSKiller.2.7.7.0_24.01.2012_20.06.36_log.txt
2012-01-24 22:06 - 2012-01-24 22:06 - 0000346 ____A C:\TDSSKiller.2.7.6.0_24.01.2012_20.06.12_log.txt
2012-01-23 21:46 - 2012-01-23 21:47 - 0091924 ____A C:\TDSSKiller.2.7.6.0_23.01.2012_19.46.30_log.txt
2012-01-22 22:39 - 2012-01-22 22:40 - 2054448 ____A (Kaspersky Lab ZAO) C:\Users\Ata\Downloads\tdsskiller.exe
2012-01-22 19:28 - 2012-01-22 19:28 - 0034051 ____A C:\Users\Ata\Documents\401650_2716446224583_1059789143_32319617_1190513094_n.jpg
2012-01-22 18:21 - 2012-01-22 18:21 - 0000000 ____D C:\Users\Ata\Local Settings\Application Data\{4AC6DC22-A17C-4254-B1B0-526E8BF114BF}
2012-01-22 18:21 - 2012-01-22 18:21 - 0000000 ____D C:\Users\Ata\Local Settings\Application Data\{03AFEA7C-2BCB-468A-856C-E5B59D2B410D}
2012-01-22 18:21 - 2012-01-22 18:21 - 0000000 ____D C:\Users\Ata\Local Settings\{4AC6DC22-A17C-4254-B1B0-526E8BF114BF}
2012-01-22 18:21 - 2012-01-22 18:21 - 0000000 ____D C:\Users\Ata\Local Settings\{03AFEA7C-2BCB-468A-856C-E5B59D2B410D}
2012-01-22 18:21 - 2012-01-22 18:21 - 0000000 ____D C:\Users\Ata\AppData\Local\{4AC6DC22-A17C-4254-B1B0-526E8BF114BF}
2012-01-22 18:21 - 2012-01-22 18:21 - 0000000 ____D C:\Users\Ata\AppData\Local\{03AFEA7C-2BCB-468A-856C-E5B59D2B410D}
2012-01-22 04:59 - 2012-01-22 04:59 - 0000111 ____A C:\Windows\JFNetworkWt.INI
2012-01-22 04:57 - 2012-01-22 04:57 - 2983997 ____A C:\Users\Ata\Downloads\jetCast_DSP_plugin_for_Winamp_V2.exe
2012-01-22 04:34 - 2012-01-22 04:40 - 0000000 ____D C:\Users\Ata\Desktop\setlist
2012-01-22 04:31 - 2012-01-22 04:31 - 0000000 ____D C:\Windows\system64
2012-01-22 03:54 - 2012-01-22 03:54 - 0000000 ____D C:\Program Files\Virtual Audio Cable
2012-01-22 03:48 - 2012-01-22 03:54 - 0066728 ____A (Eugene V. Muzychenko) C:\Windows\System32\Drivers\vrtaucbl.sys
2012-01-22 02:52 - 2012-01-22 02:52 - 0002056 ____A C:\Users\Mcx1-ATA-BILGISAYAR\Desktop\SAM Broadcaster.lnk
2012-01-22 02:52 - 2012-01-22 02:52 - 0002056 ____A C:\Users\Ata\Desktop\SAM Broadcaster.lnk
2012-01-22 02:52 - 2007-10-16 12:08 - 0458752 ____A (IBPhoenix) C:\Windows\SysWOW64\Firebird2Control.cpl
2012-01-22 02:52 - 2007-10-16 12:07 - 0442368 ____A (FirebirdSQL Project) C:\Windows\SysWOW64\GDS32.DLL
2012-01-22 02:51 - 2012-01-22 02:51 - 0000000 ____D C:\Program Files (x86)\Firebird
2012-01-22 02:51 - 2005-09-23 02:05 - 0626688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcr80.dll
2012-01-22 02:51 - 2005-09-23 02:05 - 0548864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcp80.dll
2012-01-21 21:13 - 2012-01-27 22:18 - 0002829 ____A C:\Windows\setupact.log
2012-01-21 21:13 - 2012-01-21 21:13 - 0000000 ____A C:\Windows\setuperr.log
2012-01-21 21:07 - 2012-01-22 04:54 - 0000000 ____D C:\Program Files (x86)\edcast
2012-01-21 21:07 - 2012-01-22 02:52 - 0000000 ____D C:\users\Mcx1-ATA-BILGISAYAR
2012-01-21 21:07 - 2012-01-21 21:07 - 3385692 ____A C:\Users\Ata\Downloads\edcast_standalone_3.1.21.exe
2012-01-21 21:07 - 2012-01-21 21:07 - 0001073 ____A C:\Users\Mcx1-ATA-BILGISAYAR\Desktop\Edcast.lnk
2012-01-21 21:07 - 2012-01-21 21:07 - 0001073 ____A C:\Users\Ata\Desktop\Edcast.lnk
2012-01-21 21:06 - 2012-01-22 04:53 - 0000000 ____D C:\Users\Ata\Application Data\GetRightToGo
2012-01-21 21:06 - 2012-01-22 04:53 - 0000000 ____D C:\Users\Ata\AppData\Roaming\GetRightToGo
2012-01-21 21:06 - 2012-01-21 21:06 - 0367944 ____A (Conduit) C:\Users\Ata\Downloads\Brothersoftdownloader_for_Edcast.exe
2012-01-21 04:16 - 2012-01-21 04:32 - 0000000 ____D C:\Users\Ata\Application Data\Rainmeter
2012-01-21 04:16 - 2012-01-21 04:32 - 0000000 ____D C:\Users\Ata\AppData\Roaming\Rainmeter
2012-01-21 04:16 - 2012-01-21 04:17 - 0000000 ____D C:\Program Files\Rainmeter
2012-01-21 04:16 - 2012-01-21 04:16 - 0000000 ____D C:\Users\Ata\Documents\Rainmeter
2012-01-21 04:15 - 2012-01-21 04:15 - 0000000 ____D C:\Users\Ata\Desktop\theme
2012-01-21 04:14 - 2012-01-21 04:14 - 1392000 ____A C:\Users\Ata\Downloads\Rainmeter-2.2.exe
2012-01-21 02:59 - 2012-01-21 02:59 - 0000000 ____D C:\Users\Ata\Documents\America's Army 3
2012-01-20 18:41 - 2012-01-20 18:41 - 0000000 ____D C:\Users\Ata\Local Settings\Application Data\{ABB961FA-499D-4921-A76C-F28CE53215D9}
2012-01-20 18:41 - 2012-01-20 18:41 - 0000000 ____D C:\Users\Ata\Local Settings\Application Data\{5216B47A-CADB-454C-8111-51A46FAF0727}
2012-01-20 18:41 - 2012-01-20 18:41 - 0000000 ____D C:\Users\Ata\Local Settings\{ABB961FA-499D-4921-A76C-F28CE53215D9}
2012-01-20 18:41 - 2012-01-20 18:41 - 0000000 ____D C:\Users\Ata\Local Settings\{5216B47A-CADB-454C-8111-51A46FAF0727}
2012-01-20 18:41 - 2012-01-20 18:41 - 0000000 ____D C:\Users\Ata\AppData\Local\{ABB961FA-499D-4921-A76C-F28CE53215D9}
2012-01-20 18:41 - 2012-01-20 18:41 - 0000000 ____D C:\Users\Ata\AppData\Local\{5216B47A-CADB-454C-8111-51A46FAF0727}
2012-01-20 17:53 - 2012-01-20 17:53 - 0071576 ____A C:\Users\Ata\Downloads\raptr_installer.exe
2012-01-20 17:22 - 2012-01-20 17:22 - 0020187 ____A C:\Users\Ata\Documents\executive branch study guide.pdf
2012-01-19 21:34 - 2012-01-19 21:34 - 0000000 ____D C:\Users\All Users\CaptainSim
2012-01-19 21:34 - 2012-01-19 21:34 - 0000000 ____D C:\Users\All Users\Application Data\CaptainSim
2012-01-19 21:34 - 2012-01-19 21:34 - 0000000 ____D C:\ProgramData\CaptainSim
2012-01-19 20:06 - 2012-01-19 20:06 - 0000000 ____D C:\Users\Ata\Desktop\concorde
2012-01-19 19:45 - 2012-01-19 19:45 - 0000000 ____D C:\Program Files (x86)\Abacus
2012-01-19 04:59 - 2012-01-19 04:59 - 0125484 ____A C:\Users\Ata\Documents\FSX Autopilot .pdf
2012-01-19 00:53 - 2012-01-19 00:53 - 0000000 ____D C:\Users\Ata\Application Data\Unity
2012-01-19 00:53 - 2012-01-19 00:53 - 0000000 ____D C:\Users\Ata\AppData\Roaming\Unity
2012-01-16 16:11 - 2012-01-16 16:11 - 0013040 ____A C:\Users\Ata\Documents\Ads˝z.png
2012-01-15 05:49 - 2012-01-15 05:50 - 0000000 ____D C:\Program Files (x86)\Crazy Machines Elements
2012-01-15 05:49 - 2012-01-15 05:49 - 0001164 ____A C:\Users\Public\Desktop\Crazy Machines Elements 2011.lnk
2012-01-15 05:49 - 2012-01-15 05:49 - 0001164 ____A C:\Users\All Users\Desktop\Crazy Machines Elements 2011.lnk
2012-01-14 15:36 - 2012-01-14 15:37 - 8728741 ____A C:\Users\Ata\Downloads\Paradise (Tiesto Remix).mp3
2012-01-14 15:35 - 2012-01-14 15:37 - 14087376 ____A C:\Users\Ata\Downloads\Dirty South & Those Usual Suspects ft Erik Hecht - Walking Alone (Original Mix) [houseguiden.wordpress.com].mp3
2012-01-12 20:03 - 2012-01-12 20:03 - 0042567 ____A C:\Users\Ata\Documents\trackingNumber=11678.pdf
2012-01-12 19:39 - 2012-01-12 19:39 - 4367840 ____A C:\Users\Ata\Downloads\viper_srt10_high.bnk
2012-01-12 00:38 - 2012-01-13 19:09 - 0015816 ____A C:\Users\Ata\Documents\Madison Square Garden.docx
2012-01-11 02:19 - 2012-01-11 02:19 - 0000000 ____D C:\Program Files (x86)\MegaDev
2012-01-11 02:10 - 2012-01-11 02:10 - 6473436 ____A (Dark Byte ) C:\Users\Ata\Downloads\CheatEngine61.exe
2012-01-11 02:10 - 2012-01-11 02:10 - 0000000 ____D C:\Users\Ata\Documents\My Cheat Tables
2012-01-11 00:35 - 2012-01-11 00:35 - 0017522 ____A C:\Users\Ata\Documents\cba capital punishment revised.docx
2012-01-10 17:37 - 2011-11-19 09:07 - 0077312 ____A (Microsoft Corporation) C:\Windows\System32\packager.dll
2012-01-10 17:37 - 2011-11-19 08:06 - 0067072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2012-01-10 17:37 - 2011-11-17 01:14 - 1739160 ____A (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2012-01-10 17:37 - 2011-11-16 23:41 - 1292592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2012-01-10 17:37 - 2011-10-25 23:22 - 1572864 ____A (Microsoft Corporation) C:\Windows\System32\quartz.dll
2012-01-10 17:37 - 2011-10-25 23:22 - 0366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2012-01-10 17:37 - 2011-10-25 22:28 - 1328640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2012-01-10 17:37 - 2011-10-25 22:28 - 0514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2012-01-10 17:37 - 2011-10-13 23:21 - 0852480 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-01-10 17:37 - 2011-10-13 22:42 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-01-09 04:31 - 2012-01-09 04:31 - 5913655 ____A C:\Users\Ata\Downloads\6536223407_93f8660685_o.jpg
2012-01-09 04:10 - 2012-01-09 04:10 - 0554208 ____A (Microsoft Corporation) C:\Users\Ata\Downloads\arial32.exe
2012-01-08 23:20 - 2012-01-08 23:20 - 0000040 ____A C:\Users\Public\Documents\_rgpl
2012-01-08 23:20 - 2012-01-08 23:20 - 0000040 ____A C:\Users\All Users\Documents\_rgpl
2012-01-08 22:54 - 2012-01-08 22:54 - 0000011 ___RA C:\Windows\amunres.lsl
2012-01-08 15:36 - 2012-01-20 18:35 - 0000000 ____D C:\Users\Ata\Documents\Kindred
2012-01-04 23:51 - 2012-01-04 23:51 - 7077438 ____A C:\Users\Ata\Documents\business presentation final.pptx
2012-01-04 22:13 - 2012-01-04 22:13 - 1950704 ____A C:\Users\Ata\Downloads\business presentation.pptx
2012-01-03 22:14 - 2012-01-03 22:14 - 0000000 ____D C:\Users\Ata\Local Settings\Skyrim
2012-01-03 22:14 - 2012-01-03 22:14 - 0000000 ____D C:\Users\Ata\Local Settings\Application Data\Skyrim
2012-01-03 22:14 - 2012-01-03 22:14 - 0000000 ____D C:\Users\Ata\AppData\Local\Skyrim
2012-01-03 22:10 - 2012-01-03 22:10 - 0000730 ____A C:\Users\Public\Desktop\TESV Skyrim v1.3.lnk
2012-01-03 22:10 - 2012-01-03 22:10 - 0000730 ____A C:\Users\All Users\Desktop\TESV Skyrim v1.3.lnk
2012-01-03 00:30 - 2012-01-03 00:37 - 0011620 __ASH C:\Users\Ata\Local Settings\xda53wd01dg7tvresbbj463328i6mmi744d82okrvg7
2012-01-03 00:30 - 2012-01-03 00:37 - 0011620 __ASH C:\Users\Ata\Local Settings\Application Data\xda53wd01dg7tvresbbj463328i6mmi744d82okrvg7
2012-01-03 00:30 - 2012-01-03 00:37 - 0011620 __ASH C:\Users\Ata\AppData\Local\xda53wd01dg7tvresbbj463328i6mmi744d82okrvg7
2012-01-03 00:30 - 2012-01-03 00:37 - 0011620 __ASH C:\Users\All Users\xda53wd01dg7tvresbbj463328i6mmi744d82okrvg7
2012-01-03 00:30 - 2012-01-03 00:37 - 0011620 __ASH C:\Users\All Users\Application Data\xda53wd01dg7tvresbbj463328i6mmi744d82okrvg7
2012-01-03 00:30 - 2012-01-03 00:37 - 0011620 __ASH C:\ProgramData\xda53wd01dg7tvresbbj463328i6mmi744d82okrvg7


============ 3 Months Modified Files and Folders =============

2012-01-31 05:33 - 2010-12-20 14:08 - 509202432 __ASH C:\hiberfil.sys
2012-01-31 04:00 - 2012-01-31 03:58 - 0000000 ____D C:\FRST
2012-01-27 22:43 - 2009-07-13 23:10 - 1094097 ____A C:\Windows\WindowsUpdate.log
2012-01-27 22:41 - 2012-01-27 22:41 - 0000000 ____D C:\Windows\ERDNT
2012-01-27 22:39 - 2010-12-24 17:22 - 0000000 ____D C:\Users\Ata\Application Data\BitComet
2012-01-27 22:39 - 2010-12-24 17:22 - 0000000 ____D C:\Users\Ata\AppData\Roaming\BitComet
2012-01-27 22:37 - 2012-01-27 22:36 - 0664576 ____A C:\Users\Ata\Downloads\MicrosoftFixit50562.msi
2012-01-27 22:35 - 2012-01-27 22:33 - 0093052 ____A C:\TDSSKiller.2.7.7.0_27.01.2012_20.33.42_log.txt
2012-01-27 22:33 - 2012-01-27 22:33 - 0000346 ____A C:\TDSSKiller.2.7.6.0_27.01.2012_20.33.19_log.txt
2012-01-27 22:33 - 2012-01-27 22:33 - 0000346 ____A C:\TDSSKiller.2.7.6.0_27.01.2012_20.33.06_log.txt
2012-01-27 22:27 - 2012-01-27 22:26 - 36317320 ____A (PC Tools ) C:\Users\Ata\Downloads\sdsetup.exe
2012-01-27 22:27 - 2009-07-13 22:45 - 0014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-01-27 22:27 - 2009-07-13 22:45 - 0014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-01-27 22:18 - 2012-01-21 21:13 - 0002829 ____A C:\Windows\setupact.log
2012-01-27 22:18 - 2010-12-25 07:01 - 0000000 ____D C:\Users\All Users\VMware
2012-01-27 22:18 - 2010-12-25 07:01 - 0000000 ____D C:\Users\All Users\Application Data\VMware
2012-01-27 22:18 - 2010-12-25 07:01 - 0000000 ____D C:\ProgramData\VMware
2012-01-27 22:18 - 2009-07-13 23:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-01-27 22:15 - 2010-12-24 16:40 - 0000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-01-27 20:57 - 2012-01-27 20:57 - 0154774 ____A C:\Windows\ntbtlog.txt
2012-01-27 19:50 - 2010-12-24 22:03 - 0000000 __SHD C:\$RECYCLE.BIN
2012-01-26 18:28 - 2012-01-26 18:28 - 0000550 ____A C:\Windows\PFRO.log
2012-01-25 00:09 - 2011-09-27 21:16 - 0000000 ____D C:\Users\Ata\Local Settings\Spotify
2012-01-25 00:09 - 2011-09-27 21:16 - 0000000 ____D C:\Users\Ata\Local Settings\Application Data\Spotify
2012-01-25 00:09 - 2011-09-27 21:16 - 0000000 ____D C:\Users\Ata\AppData\Local\Spotify
2012-01-24 23:49 - 2011-09-29 21:46 - 0000000 ____D C:\Users\Ata\Application Data\Spotify
2012-01-24 23:49 - 2011-09-29 21:46 - 0000000 ____D C:\Users\Ata\AppData\Roaming\Spotify
2012-01-24 23:38 - 2011-01-03 09:56 - 0000000 ____D C:\Windows\Minidump
2012-01-24 23:38 - 2010-12-20 14:08 - 0336327 ____N C:\Windows\Minidump\012412-39655-01.dmp
2012-01-24 23:30 - 2011-07-12 15:39 - 0000000 ____D C:\Users\Ata\Local Settings\CrashDumps
2012-01-24 23:30 - 2011-07-12 15:39 - 0000000 ____D C:\Users\Ata\Local Settings\Application Data\CrashDumps
2012-01-24 23:30 - 2011-07-12 15:39 - 0000000 ____D C:\Users\Ata\AppData\Local\CrashDumps
2012-01-24 22:49 - 2011-01-09 12:23 - 0000000 ____D C:\Program Files (x86)\Rgistry Fixer
2012-01-24 22:38 - 2012-01-24 22:37 - 0000000 ____D C:\Program Files\Microsoft Security Client
2012-01-24 22:38 - 2012-01-24 22:37 - 0000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-01-24 22:38 - 2011-12-04 15:24 - 0001912 ____A C:\Windows\epplauncher.mif
2012-01-24 22:37 - 2010-12-25 07:01 - 1499734 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-01-24 22:37 - 2009-07-14 06:45 - 0626138 ____A C:\Windows\System32\perfh01F.dat
2012-01-24 22:37 - 2009-07-14 06:45 - 0125176 ____A C:\Windows\System32\perfc01F.dat
2012-01-24 22:35 - 2012-01-24 22:35 - 10378656 ____A (Microsoft Corporation) C:\Users\Ata\Downloads\mseinstall.exe
2012-01-24 22:29 - 2010-12-25 14:01 - 0000000 ____D C:\Users\Ata\Application Data\Skype
2012-01-24 22:29 - 2010-12-25 14:01 - 0000000 ____D C:\Users\Ata\AppData\Roaming\Skype
2012-01-24 22:12 - 2012-01-24 22:12 - 0003364 ____A C:\Users\Ata\Downloads\firewall.reg
2012-01-24 22:12 - 2012-01-24 22:12 - 0001495 ____A C:\Users\Ata\Downloads\bfe.reg
2012-01-24 22:07 - 2012-01-24 22:07 - 0334429 ____A C:\Users\Ata\Downloads\FSS.exe
2012-01-24 22:07 - 2012-01-24 22:06 - 0177996 ____A C:\TDSSKiller.2.7.7.0_24.01.2012_20.06.36_log.txt
2012-01-24 22:06 - 2012-01-24 22:06 - 0000346 ____A C:\TDSSKiller.2.7.6.0_24.01.2012_20.06.12_log.txt
2012-01-24 20:38 - 2011-07-06 12:23 - 0001020 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-842648719-1045245202-1770459396-1000UA.job
2012-01-24 19:48 - 2011-10-02 23:19 - 0000000 ____D C:\Program Files (x86)\Flickr Uploadr
2012-01-24 14:38 - 2011-07-06 12:23 - 0000998 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-842648719-1045245202-1770459396-1000Core.job
2012-01-23 21:47 - 2012-01-23 21:46 - 0091924 ____A C:\TDSSKiller.2.7.6.0_23.01.2012_19.46.30_log.txt
2012-01-22 22:40 - 2012-01-22 22:39 - 2054448 ____A (Kaspersky Lab ZAO) C:\Users\Ata\Downloads\tdsskiller.exe
2012-01-22 19:28 - 2012-01-22 19:28 - 0034051 ____A C:\Users\Ata\Documents\401650_2716446224583_1059789143_32319617_1190513094_n.jpg
2012-01-22 18:21 - 2012-01-22 18:21 - 0000000 ____D C:\Users\Ata\Local Settings\Application Data\{4AC6DC22-A17C-4254-B1B0-526E8BF114BF}
2012-01-22 18:21 - 2012-01-22 18:21 - 0000000 ____D C:\Users\Ata\Local Settings\Application Data\{03AFEA7C-2BCB-468A-856C-E5B59D2B410D}
2012-01-22 18:21 - 2012-01-22 18:21 - 0000000 ____D C:\Users\Ata\Local Settings\{4AC6DC22-A17C-4254-B1B0-526E8BF114BF}
2012-01-22 18:21 - 2012-01-22 18:21 - 0000000 ____D C:\Users\Ata\Local Settings\{03AFEA7C-2BCB-468A-856C-E5B59D2B410D}
2012-01-22 18:21 - 2012-01-22 18:21 - 0000000 ____D C:\Users\Ata\AppData\Local\{4AC6DC22-A17C-4254-B1B0-526E8BF114BF}
2012-01-22 18:21 - 2012-01-22 18:21 - 0000000 ____D C:\Users\Ata\AppData\Local\{03AFEA7C-2BCB-468A-856C-E5B59D2B410D}
2012-01-22 04:59 - 2012-01-22 04:59 - 0000111 ____A C:\Windows\JFNetworkWt.INI
2012-01-22 04:57 - 2012-01-22 04:57 - 2983997 ____A C:\Users\Ata\Downloads\jetCast_DSP_plugin_for_Winamp_V2.exe
2012-01-22 04:57 - 2010-12-24 17:40 - 0000000 ____D C:\Program Files (x86)\Winamp
2012-01-22 04:54 - 2012-01-21 21:07 - 0000000 ____D C:\Program Files (x86)\edcast
2012-01-22 04:53 - 2012-01-21 21:06 - 0000000 ____D C:\Users\Ata\Application Data\GetRightToGo
2012-01-22 04:53 - 2012-01-21 21:06 - 0000000 ____D C:\Users\Ata\AppData\Roaming\GetRightToGo
2012-01-22 04:43 - 2011-10-11 18:20 - 0000254 _RASH C:\Users\All Users\ntuser.pol
2012-01-22 04:43 - 2011-10-11 18:20 - 0000254 _RASH C:\Users\All Users\Application Data\ntuser.pol
2012-01-22 04:43 - 2011-10-11 18:20 - 0000254 _RASH C:\ProgramData\ntuser.pol
2012-01-22 04:43 - 2009-07-13 23:08 - 0032590 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-01-22 04:40 - 2012-01-22 04:34 - 0000000 ____D C:\Users\Ata\Desktop\setlist
2012-01-22 04:31 - 2012-01-22 04:31 - 0000000 ____D C:\Windows\system64
2012-01-22 03:54 - 2012-01-22 03:54 - 0000000 ____D C:\Program Files\Virtual Audio Cable
2012-01-22 03:54 - 2012-01-22 03:48 - 0066728 ____A (Eugene V. Muzychenko) C:\Windows\System32\Drivers\vrtaucbl.sys
2012-01-22 02:52 - 2012-01-22 02:52 - 0002056 ____A C:\Users\Mcx1-ATA-BILGISAYAR\Desktop\SAM Broadcaster.lnk
2012-01-22 02:52 - 2012-01-22 02:52 - 0002056 ____A C:\Users\Ata\Desktop\SAM Broadcaster.lnk
2012-01-22 02:52 - 2012-01-21 21:07 - 0000000 ____D C:\users\Mcx1-ATA-BILGISAYAR
2012-01-22 02:52 - 2011-01-26 09:39 - 0000000 ____D C:\Program Files (x86)\SpacialAudio
2012-01-22 02:51 - 2012-01-22 02:51 - 0000000 ____D C:\Program Files (x86)\Firebird
2012-01-21 23:44 - 2010-12-25 05:09 - 0000000 ____D C:\Users\Ata\Documents\Youcam
2012-01-21 21:13 - 2012-01-21 21:13 - 0000000 ____A C:\Windows\setuperr.log
2012-01-21 21:13 - 2010-12-20 14:08 - 0337583 ____N C:\Windows\Minidump\012112-73710-01.dmp
2012-01-21 21:13 - 2009-07-13 22:45 - 4987480 ____A C:\Windows\System32\FNTCACHE.DAT
2012-01-21 21:07 - 2012-01-21 21:07 - 3385692 ____A C:\Users\Ata\Downloads\edcast_standalone_3.1.21.exe
2012-01-21 21:07 - 2012-01-21 21:07 - 0001073 ____A C:\Users\Mcx1-ATA-BILGISAYAR\Desktop\Edcast.lnk
2012-01-21 21:07 - 2012-01-21 21:07 - 0001073 ____A C:\Users\Ata\Desktop\Edcast.lnk
2012-01-21 21:06 - 2012-01-21 21:06 - 0367944 ____A (Conduit) C:\Users\Ata\Downloads\Brothersoftdownloader_for_Edcast.exe
2012-01-21 04:32 - 2012-01-21 04:16 - 0000000 ____D C:\Users\Ata\Application Data\Rainmeter
2012-01-21 04:32 - 2012-01-21 04:16 - 0000000 ____D C:\Users\Ata\AppData\Roaming\Rainmeter
2012-01-21 04:18 - 2010-12-24 22:03 - 0115664 ____A C:\Users\Ata\Local Settings\GDIPFONTCACHEV1.DAT
2012-01-21 04:18 - 2010-12-24 22:03 - 0115664 ____A C:\Users\Ata\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2012-01-21 04:18 - 2010-12-24 22:03 - 0115664 ____A C:\Users\Ata\AppData\Local\GDIPFONTCACHEV1.DAT
2012-01-21 04:17 - 2012-01-21 04:16 - 0000000 ____D C:\Program Files\Rainmeter
2012-01-21 04:16 - 2012-01-21 04:16 - 0000000 ____D C:\Users\Ata\Documents\Rainmeter
2012-01-21 04:15 - 2012-01-21 04:15 - 0000000 ____D C:\Users\Ata\Desktop\theme
2012-01-21 04:14 - 2012-01-21 04:14 - 1392000 ____A C:\Users\Ata\Downloads\Rainmeter-2.2.exe
2012-01-21 04:14 - 2010-12-25 13:58 - 0000000 ____D C:\Program Files (x86)\Steam
2012-01-21 02:59 - 2012-01-21 02:59 - 0000000 ____D C:\Users\Ata\Documents\America's Army 3
2012-01-21 02:54 - 2011-03-02 16:04 - 0189480 ____A C:\Windows\SysWOW64\PnkBstrB.xtr
2012-01-21 02:54 - 2011-01-17 11:17 - 0189480 ____A C:\Windows\SysWOW64\PnkBstrB.exe
2012-01-20 19:08 - 2011-02-26 08:39 - 0000000 ____D C:\Users\Ata\Documents\Flight Simulator X Files
2012-01-20 18:55 - 2011-05-25 07:38 - 0000000 ____D C:\Users\All Users\Codemasters
2012-01-20 18:55 - 2011-05-25 07:38 - 0000000 ____D C:\Users\All Users\Application Data\Codemasters
2012-01-20 18:55 - 2011-05-25 07:38 - 0000000 ____D C:\ProgramData\Codemasters
2012-01-20 18:52 - 2011-01-09 15:14 - 0000000 ____D C:\Users\Ata\Documents\Test Drive Unlimited
2012-01-20 18:50 - 2010-02-08 19:41 - 0000000 ____D C:\Users\Ata\Documents\ders
2012-01-20 18:45 - 2011-11-16 23:10 - 0000000 ____D C:\Users\Ata\Local Settings\Application Data\Akamai
2012-01-20 18:45 - 2011-11-16 23:10 - 0000000 ____D C:\Users\Ata\Local Settings\Akamai
2012-01-20 18:45 - 2011-11-16 23:10 - 0000000 ____D C:\Users\Ata\AppData\Local\Akamai
2012-01-20 18:42 - 2010-12-24 22:02 - 0000000 ____D C:\Users\Ata\AppData\LocalLow
2012-01-20 18:41 - 2012-01-20 18:41 - 0000000 ____D C:\Users\Ata\Local Settings\Application Data\{ABB961FA-499D-4921-A76C-F28CE53215D9}
2012-01-20 18:41 - 2012-01-20 18:41 - 0000000 ____D C:\Users\Ata\Local Settings\Application Data\{5216B47A-CADB-454C-8111-51A46FAF0727}
2012-01-20 18:41 - 2012-01-20 18:41 - 0000000 ____D C:\Users\Ata\Local Settings\{ABB961FA-499D-4921-A76C-F28CE53215D9}
2012-01-20 18:41 - 2012-01-20 18:41 - 0000000 ____D C:\Users\Ata\Local Settings\{5216B47A-CADB-454C-8111-51A46FAF0727}
2012-01-20 18:41 - 2012-01-20 18:41 - 0000000 ____D C:\Users\Ata\AppData\Local\{ABB961FA-499D-4921-A76C-F28CE53215D9}
2012-01-20 18:41 - 2012-01-20 18:41 - 0000000 ____D C:\Users\Ata\AppData\Local\{5216B47A-CADB-454C-8111-51A46FAF0727}
2012-01-20 18:35 - 2012-01-08 15:36 - 0000000 ____D C:\Users\Ata\Documents\Kindred
2012-01-20 17:53 - 2012-01-20 17:53 - 0071576 ____A C:\Users\Ata\Downloads\raptr_installer.exe
2012-01-20 17:22 - 2012-01-20 17:22 - 0020187 ____A C:\Users\Ata\Documents\executive branch study guide.pdf
2012-01-19 21:34 - 2012-01-19 21:34 - 0000000 ____D C:\Users\All Users\CaptainSim
2012-01-19 21:34 - 2012-01-19 21:34 - 0000000 ____D C:\Users\All Users\Application Data\CaptainSim
2012-01-19 21:34 - 2012-01-19 21:34 - 0000000 ____D C:\ProgramData\CaptainSim
2012-01-19 20:06 - 2012-01-19 20:06 - 0000000 ____D C:\Users\Ata\Desktop\concorde
2012-01-19 19:45 - 2012-01-19 19:45 - 0000000 ____D C:\Program Files (x86)\Abacus
2012-01-19 19:44 - 2010-04-01 13:55 - 0000000 ____D C:\Windows\Downloaded Installations
2012-01-19 04:59 - 2012-01-19 04:59 - 0125484 ____A C:\Users\Ata\Documents\FSX Autopilot .pdf
2012-01-19 00:53 - 2012-01-19 00:53 - 0000000 ____D C:\Users\Ata\Application Data\Unity
2012-01-19 00:53 - 2012-01-19 00:53 - 0000000 ____D C:\Users\Ata\AppData\Roaming\Unity
2012-01-18 21:43 - 2009-07-13 23:13 - 1473086 ____A C:\Windows\System32\PerfStringBackup.INI
2012-01-18 02:30 - 2011-11-19 16:29 - 0000000 ____D C:\Program Files (x86)\TVersitybar
2012-01-16 16:49 - 2011-01-13 16:31 - 0149600 ___AH C:\Windows\SysWOW64\mlfcache.dat
2012-01-16 16:11 - 2012-01-16 16:11 - 0013040 ____A C:\Users\Ata\Documents\Ads˝z.png
2012-01-15 05:50 - 2012-01-15 05:49 - 0000000 ____D C:\Program Files (x86)\Crazy Machines Elements
2012-01-15 05:50 - 2011-02-23 06:38 - 0000000 ____D C:\Users\Ata\Documents\My Games
2012-01-15 05:49 - 2012-01-15 05:49 - 0001164 ____A C:\Users\Public\Desktop\Crazy Machines Elements 2011.lnk
2012-01-15 05:49 - 2012-01-15 05:49 - 0001164 ____A C:\Users\All Users\Desktop\Crazy Machines Elements 2011.lnk
2012-01-14 15:37 - 2012-01-14 15:36 - 8728741 ____A C:\Users\Ata\Downloads\Paradise (Tiesto Remix).mp3
2012-01-14 15:37 - 2012-01-14 15:35 - 14087376 ____A C:\Users\Ata\Downloads\Dirty South & Those Usual Suspects ft Erik Hecht - Walking Alone (Original Mix) [houseguiden.wordpress.com].mp3
2012-01-14 15:05 - 2011-11-18 02:00 - 0000000 ____D C:\Users\Ata\Application Data\redsn0w
2012-01-14 15:05 - 2011-11-18 02:00 - 0000000 ____D C:\Users\Ata\AppData\Roaming\redsn0w
2012-01-13 19:09 - 2012-01-12 00:38 - 0015816 ____A C:\Users\Ata\Documents\Madison Square Garden.docx
2012-01-12 20:03 - 2012-01-12 20:03 - 0042567 ____A C:\Users\Ata\Documents\trackingNumber=11678.pdf
2012-01-12 19:39 - 2012-01-12 19:39 - 4367840 ____A C:\Users\Ata\Downloads\viper_srt10_high.bnk
2012-01-11 02:28 - 2010-12-26 12:07 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-01-11 02:28 - 2010-12-26 12:07 - 0000000 ____D C:\Users\All Users\Application Data\Microsoft Help
2012-01-11 02:28 - 2010-12-26 12:07 - 0000000 ____D C:\ProgramData\Microsoft Help
2012-01-11 02:25 - 2011-10-02 21:08 - 54008112 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-01-11 02:19 - 2012-01-11 02:19 - 0000000 ____D C:\Program Files (x86)\MegaDev
2012-01-11 02:10 - 2012-01-11 02:10 - 6473436 ____A (Dark Byte ) C:\Users\Ata\Downloads\CheatEngine61.exe
2012-01-11 02:10 - 2012-01-11 02:10 - 0000000 ____D C:\Users\Ata\Documents\My Cheat Tables
2012-01-11 00:35 - 2012-01-11 00:35 - 0017522 ____A C:\Users\Ata\Documents\cba capital punishment revised.docx
2012-01-09 04:31 - 2012-01-09 04:31 - 5913655 ____A C:\Users\Ata\Downloads\6536223407_93f8660685_o.jpg
2012-01-09 04:10 - 2012-01-09 04:10 - 0554208 ____A (Microsoft Corporation) C:\Users\Ata\Downloads\arial32.exe
2012-01-08 23:24 - 2011-03-19 04:08 - 0000000 ____D C:\Users\Ata\Application Data\Propellerhead Software
2012-01-08 23:24 - 2011-03-19 04:08 - 0000000 ____D C:\Users\Ata\AppData\Roaming\Propellerhead Software
2012-01-08 23:23 - 2010-04-01 13:54 - 0000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2012-01-08 23:22 - 2011-09-14 17:40 - 0000000 ____D C:\Program Files (x86)\CrackUtil
2012-01-08 23:22 - 2010-04-01 14:03 - 0000000 ____D C:\Program Files (x86)\CyberLink
2012-01-08 23:20 - 2012-01-08 23:20 - 0000040 ____A C:\Users\Public\Documents\_rgpl
2012-01-08 23:20 - 2012-01-08 23:20 - 0000040 ____A C:\Users\All Users\Documents\_rgpl
2012-01-08 23:20 - 2011-05-13 08:29 - 0000000 ____D C:\Users\All Users\Skype Extras
2012-01-08 23:20 - 2011-05-13 08:29 - 0000000 ____D C:\Users\All Users\Application Data\Skype Extras
2012-01-08 23:20 - 2011-05-13 08:29 - 0000000 ____D C:\ProgramData\Skype Extras
2012-01-08 23:20 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\System32\zh-TW
2012-01-08 23:20 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\System32\zh-HK
2012-01-08 23:20 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\System32\zh-CN
2012-01-08 23:20 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\System32\tr-TR
2012-01-08 23:20 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\System32\th-TH
2012-01-08 23:20 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\System32\sv-SE
2012-01-08 23:20 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\System32\sl-SI
2012-01-08 23:20 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\System32\sk-SK
2012-01-08 23:20 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\System32\ru-RU
2012-01-08 23:20 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\System32\ro-RO
2012-01-08 23:20 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\System32\pt-PT
2012-01-08 23:20 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\System32\pt-BR
2012-01-08 23:20 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\System32\pl-PL
2012-01-08 23:20 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\System32\nl-NL
2012-01-08 23:20 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\System32\nb-NO
2012-01-08 23:20 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\System32\lv-LV
2012-01-08 23:20 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\System32\lt-LT
2012-01-08 23:20 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\System32\ko-KR
2012-01-08 23:20 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\System32\ja-JP
2012-01-08 23:20 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\System32\it-IT
2012-01-08 23:20 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\System32\hu-HU
2012-01-08 23:20 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\System32\hr-HR
2012-01-08 23:20 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\System32\he-IL
2012-01-08 23:20 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\System32\fr-FR
2012-01-08 23:20 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\System32\fi-FI
2012-01-08 23:20 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\System32\et-EE
2012-01-08 23:20 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\System32\es-ES
2012-01-08 23:20 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\System32\el-GR
2012-01-08 23:20 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\System32\de-DE
2012-01-08 23:20 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\System32\da-DK
2012-01-08 23:20 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\System32\cs-CZ
2012-01-08 23:20 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\System32\bg-BG
2012-01-08 23:20 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\System32\ar-SA
2012-01-08 23:20 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\Help
2012-01-08 23:11 - 2011-05-15 04:05 - 0000000 ____D C:\Program Files (x86)\Rockstar Games
2012-01-08 23:04 - 2011-03-13 15:38 - 0000000 ____D C:\Program Files (x86)\NanoSync
2012-01-08 23:02 - 2011-11-17 02:49 - 0000000 ____D C:\Program Files (x86)\PCSX2 0.9.8
2012-01-08 23:02 - 2011-02-05 15:09 - 0000000 ____D C:\Program Files (x86)\Phone Disk
2012-01-08 22:59 - 2011-01-26 23:13 - 0000000 ____D C:\Program Files (x86)\VstPlugins
2012-01-08 22:54 - 2012-01-08 22:54 - 0000011 ___RA C:\Windows\amunres.lsl
2012-01-08 22:51 - 2011-11-19 16:28 - 0000000 ____D C:\Users\All Users\TVersity
2012-01-08 22:51 - 2011-11-19 16:28 - 0000000 ____D C:\Users\All Users\Application Data\TVersity
2012-01-08 22:51 - 2011-11-19 16:28 - 0000000 ____D C:\ProgramData\TVersity
2012-01-08 22:50 - 2011-08-14 07:38 - 0000000 ____D C:\Program Files (x86)\Unsigned
2012-01-08 22:50 - 2010-12-27 11:45 - 0000000 ____D C:\Users\Ata\Documents\VirtualDJ
2012-01-08 22:45 - 2010-12-27 15:21 - 0000000 ____D C:\Program Files\Adobe
2012-01-06 22:59 - 2010-12-26 17:29 - 0000000 ____D C:\Program Files (x86)\SpeedFan
2012-01-05 17:36 - 2011-07-29 04:37 - 0000000 ____D C:\Windows\pss
2012-01-05 17:14 - 2011-12-06 00:11 - 0012838 ____A C:\Users\Ata\ovpntray.log
2012-01-05 17:09 - 2010-12-27 12:28 - 0000000 ____D C:\Users\Ata\Local Settings\LogMeIn Hamachi
2012-01-05 17:09 - 2010-12-27 12:28 - 0000000 ____D C:\Users\Ata\Local Settings\Application Data\LogMeIn Hamachi
2012-01-05 17:09 - 2010-12-27 12:28 - 0000000 ____D C:\Users\Ata\AppData\Local\LogMeIn Hamachi
2012-01-05 17:07 - 2009-07-13 23:32 - 0000000 ____D C:\Windows\System32\FxsTmp
2012-01-05 17:06 - 2011-12-05 23:05 - 0000000 ____D C:\Users\Ata\Application Data\Dropbox
2012-01-05 17:06 - 2011-12-05 23:05 - 0000000 ____D C:\Users\Ata\AppData\Roaming\Dropbox
2012-01-04 23:51 - 2012-01-04 23:51 - 7077438 ____A C:\Users\Ata\Documents\business presentation final.pptx
2012-01-04 22:13 - 2012-01-04 22:13 - 1950704 ____A C:\Users\Ata\Downloads\business presentation.pptx
2012-01-04 03:26 - 2010-12-24 17:04 - 0279096 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-01-03 22:14 - 2012-01-03 22:14 - 0000000 ____D C:\Users\Ata\Local Settings\Skyrim
2012-01-03 22:14 - 2012-01-03 22:14 - 0000000 ____D C:\Users\Ata\Local Settings\Application Data\Skyrim
2012-01-03 22:14 - 2012-01-03 22:14 - 0000000 ____D C:\Users\Ata\AppData\Local\Skyrim
2012-01-03 22:10 - 2012-01-03 22:10 - 0000730 ____A C:\Users\Public\Desktop\TESV Skyrim v1.3.lnk
2012-01-03 22:10 - 2012-01-03 22:10 - 0000730 ____A C:\Users\All Users\Desktop\TESV Skyrim v1.3.lnk
2012-01-03 00:37 - 2012-01-03 00:30 - 0011620 __ASH C:\Users\Ata\Local Settings\xda53wd01dg7tvresbbj463328i6mmi744d82okrvg7
2012-01-03 00:37 - 2012-01-03 00:30 - 0011620 __ASH C:\Users\Ata\Local Settings\Application Data\xda53wd01dg7tvresbbj463328i6mmi744d82okrvg7
2012-01-03 00:37 - 2012-01-03 00:30 - 0011620 __ASH C:\Users\Ata\AppData\Local\xda53wd01dg7tvresbbj463328i6mmi744d82okrvg7
2012-01-03 00:37 - 2012-01-03 00:30 - 0011620 __ASH C:\Users\All Users\xda53wd01dg7tvresbbj463328i6mmi744d82okrvg7
2012-01-03 00:37 - 2012-01-03 00:30 - 0011620 __ASH C:\Users\All Users\Application Data\xda53wd01dg7tvresbbj463328i6mmi744d82okrvg7
2012-01-03 00:37 - 2012-01-03 00:30 - 0011620 __ASH C:\ProgramData\xda53wd01dg7tvresbbj463328i6mmi744d82okrvg7
2011-12-31 02:34 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\System32\NDF
2011-12-23 17:14 - 2011-12-23 17:02 - 70254076 ____A C:\Users\Ata\Downloads\01-laidback_luke-super_you_and_me_radio-sat-17-12-2011-1king.mp3
2011-12-22 19:22 - 2010-12-31 01:16 - 0000000 ____D C:\Users\Ata\Local Settings\ElevatedDiagnostics
2011-12-22 19:22 - 2010-12-31 01:16 - 0000000 ____D C:\Users\Ata\Local Settings\Application Data\ElevatedDiagnostics
2011-12-22 19:22 - 2010-12-31 01:16 - 0000000 ____D C:\Users\Ata\AppData\Local\ElevatedDiagnostics
2011-12-22 16:59 - 2011-12-22 16:59 - 0000000 ____D C:\Users\Ata\Local Settings\i-Knyazev.ru
2011-12-22 16:59 - 2011-12-22 16:59 - 0000000 ____D C:\Users\Ata\Local Settings\Application Data\i-Knyazev.ru
2011-12-22 16:59 - 2011-12-22 16:59 - 0000000 ____D C:\Users\Ata\AppData\Local\i-Knyazev.ru
2011-12-22 16:46 - 2010-12-26 11:34 - 0000000 ___HD C:\Windows\msdownld.tmp
2011-12-22 16:46 - 2010-12-26 11:34 - 0000000 ____D C:\Windows\SysWOW64\directx
2011-12-22 14:51 - 2011-12-22 14:51 - 0001070 ____A C:\Users\Ata\Desktop\Jawbone Updater.lnk
2011-12-22 14:51 - 2011-12-22 14:51 - 0000000 ____D C:\Users\Ata\Application Data\JawboneUpdater
2011-12-22 14:51 - 2011-12-22 14:51 - 0000000 ____D C:\Users\Ata\AppData\Roaming\JawboneUpdater
2011-12-22 14:51 - 2011-12-22 14:51 - 0000000 ____D C:\Program Files (x86)\Jawbone
2011-12-22 14:47 - 2011-12-22 14:47 - 1181022 ____A C:\Windows\SysWOW64\TmpA1164391
2011-12-22 14:37 - 2011-12-22 14:36 - 4353088 ____A (Jawbone) C:\Users\Ata\Downloads\Jawbone_Updater-1.6.4.exe
2011-12-21 16:13 - 2011-05-01 11:56 - 0000000 ____D C:\Users\Ata\Local Settings\Application Data\2K Games
2011-12-21 16:13 - 2011-05-01 11:56 - 0000000 ____D C:\Users\Ata\Local Settings\2K Games
2011-12-21 16:13 - 2011-05-01 11:56 - 0000000 ____D C:\Users\Ata\AppData\Local\2K Games
2011-12-21 16:13 - 2011-02-27 07:32 - 0000000 ____D C:\Users\Ata\Local Settings\Deployment
2011-12-21 16:13 - 2011-02-27 07:32 - 0000000 ____D C:\Users\Ata\Local Settings\Application Data\Deployment
2011-12-21 16:13 - 2011-02-27 07:32 - 0000000 ____D C:\Users\Ata\AppData\Local\Deployment
2011-12-21 06:46 - 2011-12-21 06:46 - 0330854 ____A C:\Users\Ata\Documents\Skyrim Motherbleeper.jpg
2011-12-21 06:45 - 2011-12-21 06:45 - 0109370 ____A C:\Users\Ata\Documents\Gangplank-1680x1050.jpg
2011-12-20 22:35 - 2010-12-27 15:08 - 0000000 ___RD C:\Users\Ata\Desktop\Utilities
2011-12-20 22:34 - 2010-12-27 15:07 - 0000000 ____D C:\Users\Ata\Desktop\Audio-Video
2011-12-20 22:32 - 2011-12-20 22:31 - 0000000 ____D C:\Users\Ata\Desktop\Imaging
2011-12-20 16:36 - 2011-12-20 16:36 - 0026624 ____A C:\Users\Ata\Downloads\Can Kap final edited.doc
2011-12-20 04:14 - 2011-12-20 04:14 - 0000000 ____D C:\Users\Ata\Documents\ACR
2011-12-20 03:06 - 2011-12-12 21:29 - 0022950 ____A C:\Simraceway.log
2011-12-20 01:53 - 2011-12-20 01:52 - 1235950 ____A (Medieval Software) C:\Users\Ata\Downloads\cuesplitter_setup(1).exe
2011-12-18 23:30 - 2010-12-24 22:02 - 0000000 ____D C:\users\Ata
2011-12-18 14:23 - 2011-12-18 14:23 - 0000064 ____A C:\Users\Ata\Downloads\listen.pls
2011-12-17 17:54 - 2011-12-17 17:54 - 0636724 ____A C:\Users\Ata\Documents\nelson.png
2011-12-15 22:19 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\rescache
2011-12-14 23:47 - 2011-12-14 23:47 - 0025088 ____A C:\Users\Ata\Documents\Can Kap final.doc
2011-12-14 23:47 - 2011-12-14 23:47 - 0024064 ____A C:\Users\Ata\Documents\Can Kap rd.doc
2011-12-14 21:23 - 2011-12-12 21:30 - 0000000 ____D C:\Users\Ata\Application Data\Simraceway
2011-12-14 21:23 - 2011-12-12 21:30 - 0000000 ____D C:\Users\Ata\AppData\Roaming\Simraceway
2011-12-14 21:09 - 2011-12-14 21:00 - 8970240 ____A C:\Users\Ata\Downloads\759.exe
2011-12-14 21:03 - 2011-12-14 21:03 - 0000000 ____D C:\Users\All Users\EPSON
2011-12-14 21:03 - 2011-12-14 21:03 - 0000000 ____D C:\Users\All Users\Application Data\EPSON
2011-12-14 21:03 - 2011-12-14 21:03 - 0000000 ____D C:\ProgramData\EPSON
2011-12-14 21:03 - 2011-12-14 21:03 - 0000000 ____D C:\Program Files\Common Files\EPSON
2011-12-14 20:43 - 2011-12-14 20:43 - 0153366 ____A C:\Users\Ata\Documents\label.pdf
2011-12-14 20:19 - 2011-12-14 20:19 - 0172247 ____A C:\Users\Ata\Documents\label.xps
2011-12-14 20:02 - 2009-07-13 21:20 - 0000000 ____D C:\Windows\SysWOW64\tr-TR
2011-12-13 17:30 - 2011-12-13 17:30 - 3840632 ____A C:\Users\Ata\Downloads\battlelog-web-plugins-1.104.0-retail-prod.exe
2011-12-12 21:30 - 2011-12-12 21:29 - 0000000 ____D C:\Program Files (x86)\Simraceway
2011-12-11 16:12 - 2011-12-11 14:22 - 141683159 ____A C:\Users\Ata\Downloads\Laidback Luke - FG DJ Live (2011-12-10).mp3
2011-12-10 16:19 - 2011-12-10 16:19 - 0000000 ____D C:\Users\Ata\riotsGamesLogs
2011-12-10 16:06 - 2011-12-10 16:06 - 0000000 ____D C:\Users\Ata\Application Data\LolClient
2011-12-10 16:06 - 2011-12-10 16:06 - 0000000 ____D C:\Users\Ata\AppData\Roaming\LolClient
2011-12-10 01:45 - 2011-12-10 01:38 - 213144587 ____A (InstallShield Software Corporation) C:\Users\Ata\Downloads\Film.part3.rar
2011-12-09 18:53 - 2011-12-09 18:49 - 213144587 ____A (InstallShield Software Corporation) C:\Users\Ata\Downloads\Film.part2.rar
2011-12-08 02:25 - 2011-12-08 02:24 - 6532219 ____A C:\Users\Ata\Downloads\Tech N9ne - Worldwide Choppers-2dope.mp3
2011-12-08 01:40 - 2011-12-08 01:32 - 213144587 ____A (InstallShield Software Corporation) C:\Users\Ata\Downloads\Film.part1.rar
2011-12-07 12:04 - 2011-12-07 12:04 - 0075200 ____A (http://libusb-win32.sourceforge.net) C:\Windows\System32\libusb0.dll
2011-12-07 12:04 - 2011-12-07 12:04 - 0067008 ____A (http://libusb-win32.sourceforge.net) C:\Windows\SysWOW64\libusb0.dll
2011-12-07 12:04 - 2011-12-07 12:04 - 0043456 ____A (http://libusb-win32.sourceforge.net) C:\Windows\System32\Drivers\libusb0.sys
2011-12-06 17:53 - 2011-12-06 17:53 - 0000000 ____D C:\Users\Ata\Documents\Eden Games
2011-12-06 17:34 - 2011-12-06 17:34 - 0000000 __SHD C:\found.002
2011-12-06 00:13 - 2011-12-06 00:12 - 0000263 ____A C:\Users\Ata\openvpn-connect.json
2011-12-06 00:10 - 2011-12-06 00:10 - 5153131 ____A C:\Users\Ata\Downloads\openvpn-connect.msi
2011-12-06 00:10 - 2011-12-06 00:10 - 0000000 ____D C:\Program Files (x86)\OpenVPN Technologies
2011-12-05 23:09 - 2011-12-05 23:09 - 0001047 ____A C:\Users\Ata\Desktop\Dropbox.lnk
2011-12-05 22:58 - 2011-12-05 22:57 - 15033280 ____A (Dropbox, Inc.) C:\Users\Ata\Downloads\Dropbox 1.2.49.exe
2011-12-05 20:23 - 2011-10-03 00:45 - 0000000 ____D C:\Users\Ata\Application Data\Sony Corporation
2011-12-05 20:23 - 2011-10-03 00:45 - 0000000 ____D C:\Users\Ata\AppData\Roaming\Sony Corporation
2011-12-05 19:44 - 2011-09-29 21:46 - 0001805 ____A C:\Users\Ata\Desktop\Spotify.lnk
2011-12-05 01:28 - 2011-12-04 16:17 - 0015799 ____A C:\Users\Ata\Documents\The Pros and Cons of Capital Punishment.docx
2011-12-05 00:26 - 2011-12-04 15:27 - 0000000 ____D C:\Users\All Users\Synaptics
2011-12-05 00:26 - 2011-12-04 15:27 - 0000000 ____D C:\Users\All Users\Application Data\Synaptics
2011-12-05 00:26 - 2011-12-04 15:27 - 0000000 ____D C:\ProgramData\Synaptics
2011-12-05 00:05 - 2011-12-05 00:04 - 16996288 ____A (Spotify Ltd) C:\Users\Ata\Downloads\spotify_installer-0.8.0.535.g7d1e7e3b.exe
2011-12-04 23:41 - 2010-12-26 17:13 - 0000000 ____D C:\Program Files (x86)\Sony
2011-12-04 23:20 - 2011-01-09 12:44 - 0000000 ____D C:\Users\All Users\Test Drive Unlimited
2011-12-04 23:20 - 2011-01-09 12:44 - 0000000 ____D C:\Users\All Users\Application Data\Test Drive Unlimited
2011-12-04 23:20 - 2011-01-09 12:44 - 0000000 ____D C:\ProgramData\Test Drive Unlimited
2011-12-04 20:52 - 2011-12-04 20:52 - 0000000 ____D C:\Users\Ata\Application Data\Synaptics
2011-12-04 20:52 - 2011-12-04 20:52 - 0000000 ____D C:\Users\Ata\AppData\Roaming\Synaptics
2011-12-04 20:52 - 2010-12-24 22:03 - 0000174 ___SH C:\Users\Ata\Start Menu\Programs\Startup\desktop.ini
2011-12-04 20:52 - 2010-12-24 22:03 - 0000174 ___SH C:\Users\Ata\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2011-12-04 17:22 - 2011-12-04 17:22 - 0000000 ____D C:\Program Files (x86)\Western Digital Corporation
2011-12-04 15:27 - 2011-12-04 15:27 - 0000000 ____D C:\Program Files (x86)\Synaptics
2011-12-04 15:09 - 2011-12-04 15:09 - 0832512 ____A C:\Users\Ata\Downloads\MicrosoftFixit50416.msi
2011-12-04 15:09 - 2011-12-04 15:09 - 0807424 ____A C:\Users\Ata\Downloads\MicrosoftFixit50154.msi
2011-12-04 15:09 - 2011-12-04 15:09 - 0696320 ____A C:\Users\Ata\Downloads\MicrosoftFixit50450.msi
2011-12-03 04:55 - 2011-12-03 04:55 - 0311600 ____A C:\Users\Ata\Documents\Video call snapshot 16.png
2011-12-03 02:55 - 2011-12-03 02:54 - 13209737 ____A C:\Users\Ata\Downloads\lccwin64.exe
2011-12-02 16:09 - 2011-12-02 16:09 - 1543020 ____A C:\Users\Ata\Documents\YES_2012-13_Yazili_Sinav_Aday_List_-_Turkiye.pdf
2011-12-01 20:06 - 2011-12-01 20:01 - 80792658 ____A C:\Users\Ata\Downloads\Ozan_Do_ulu_-_Anadolu_Kartallar__Film_M_zikleri__2011_Full_Album.rar
2011-11-29 19:19 - 2011-11-23 22:55 - 0414368 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2011-11-29 19:15 - 2011-11-29 19:15 - 0000000 ____D C:\Users\All Users\TVU Networks
2011-11-29 19:15 - 2011-11-29 19:15 - 0000000 ____D C:\Users\All Users\Application Data\TVU Networks
2011-11-29 19:15 - 2011-11-29 19:15 - 0000000 ____D C:\ProgramData\TVU Networks
2011-11-29 19:14 - 2011-11-29 19:14 - 2136688 ____A (TVU networks) C:\Users\Ata\Downloads\PluginInstaller.exe
2011-11-29 19:14 - 2011-11-29 19:14 - 0000000 ____D C:\Windows\SysWOW64\TVUAx
2011-11-26 16:11 - 2011-11-26 16:11 - 0000000 ____D C:\Users\Ata\Local Settings\Application Data\{FB5E86B9-7EE1-4884-9C04-731A545E25FB}
2011-11-26 16:11 - 2011-11-26 16:11 - 0000000 ____D C:\Users\Ata\Local Settings\Application Data\{3070BBA5-55FA-4B33-ADF8-C1C1A9C4F4FC}
2011-11-26 16:11 - 2011-11-26 16:11 - 0000000 ____D C:\Users\Ata\Local Settings\{FB5E86B9-7EE1-4884-9C04-731A545E25FB}
2011-11-26 16:11 - 2011-11-26 16:11 - 0000000 ____D C:\Users\Ata\Local Settings\{3070BBA5-55FA-4B33-ADF8-C1C1A9C4F4FC}
2011-11-26 16:11 - 2011-11-26 16:11 - 0000000 ____D C:\Users\Ata\AppData\Local\{FB5E86B9-7EE1-4884-9C04-731A545E25FB}
2011-11-26 16:11 - 2011-11-26 16:11 - 0000000 ____D C:\Users\Ata\AppData\Local\{3070BBA5-55FA-4B33-ADF8-C1C1A9C4F4FC}
2011-11-26 16:07 - 2011-11-26 16:07 - 0000000 ____D C:\Users\Ata\Local Settings\Application Data\{21BB5BDD-B7B0-479D-B676-D4B139398CA5}
2011-11-26 16:07 - 2011-11-26 16:07 - 0000000 ____D C:\Users\Ata\Local Settings\{21BB5BDD-B7B0-479D-B676-D4B139398CA5}
2011-11-26 16:07 - 2011-11-26 16:07 - 0000000 ____D C:\Users\Ata\AppData\Local\{21BB5BDD-B7B0-479D-B676-D4B139398CA5}
2011-11-26 16:07 - 2011-11-26 16:06 - 0000000 ____D C:\Users\Ata\Local Settings\Application Data\{6A304A5A-9D60-4CD0-9C09-1BE418992B64}
2011-11-26 16:07 - 2011-11-26 16:06 - 0000000 ____D C:\Users\Ata\Local Settings\{6A304A5A-9D60-4CD0-9C09-1BE418992B64}
2011-11-26 16:07 - 2011-11-26 16:06 - 0000000 ____D C:\Users\Ata\AppData\Local\{6A304A5A-9D60-4CD0-9C09-1BE418992B64}
2011-11-26 15:24 - 2011-11-26 15:24 - 0000000 ____D C:\Users\Ata\Local Settings\Application Data\{88F46632-9E9E-46F2-AD3A-E3184BD35F2D}
2011-11-26 15:24 - 2011-11-26 15:24 - 0000000 ____D C:\Users\Ata\Local Settings\{88F46632-9E9E-46F2-AD3A-E3184BD35F2D}
2011-11-26 15:24 - 2011-11-26 15:24 - 0000000 ____D C:\Users\Ata\AppData\Local\{88F46632-9E9E-46F2-AD3A-E3184BD35F2D}
2011-11-26 15:24 - 2011-11-26 15:23 - 0000000 ____D C:\Users\Ata\Local Settings\Application Data\{B3227977-44DF-4F25-B08D-2D198C08D653}
2011-11-26 15:24 - 2011-11-26 15:23 - 0000000 ____D C:\Users\Ata\Local Settings\{B3227977-44DF-4F25-B08D-2D198C08D653}
2011-11-26 15:24 - 2011-11-26 15:23 - 0000000 ____D C:\Users\Ata\AppData\Local\{B3227977-44DF-4F25-B08D-2D198C08D653}
2011-11-26 15:15 - 2011-11-26 15:15 - 0000000 ____D C:\Users\Ata\Local Settings\Application Data\{42B8AD91-151C-46A2-B849-B6CC3A12304D}
2011-11-26 15:15 - 2011-11-26 15:15 - 0000000 ____D C:\Users\Ata\Local Settings\Application Data\{23B613CA-583C-47D8-B798-F77975CFAA70}
2011-11-26 15:15 - 2011-11-26 15:15 - 0000000 ____D C:\Users\Ata\Local Settings\{42B8AD91-151C-46A2-B849-B6CC3A12304D}
2011-11-26 15:15 - 2011-11-26 15:15 - 0000000 ____D C:\Users\Ata\Local Settings\{23B613CA-583C-47D8-B798-F77975CFAA70}
2011-11-26 15:15 - 2011-11-26 15:15 - 0000000 ____D C:\Users\Ata\AppData\Local\{42B8AD91-151C-46A2-B849-B6CC3A12304D}
2011-11-26 15:15 - 2011-11-26 15:15 - 0000000 ____D C:\Users\Ata\AppData\Local\{23B613CA-583C-47D8-B798-F77975CFAA70}
2011-11-26 03:06 - 2011-10-03 00:41 - 0000000 ____D C:\Users\All Users\Sony Corporation
2011-11-26 03:06 - 2011-10-03 00:41 - 0000000 ____D C:\Users\All Users\Application Data\Sony Corporation
2011-11-26 03:06 - 2011-10-03 00:41 - 0000000 ____D C:\ProgramData\Sony Corporation
2011-11-23 23:00 - 2011-12-13 17:44 - 3141632 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2011-11-23 22:55 - 2011-11-23 22:55 - 0000000 ____D C:\Windows\SysWOW64\Macromed
2011-11-23 00:43 - 2011-11-23 00:43 - 0019614 ____A C:\Users\Ata\Documents\age chapter 17 18.docx
2011-11-22 01:52 - 2011-11-22 01:52 - 0017713 ____A C:\Users\Ata\Downloads\301481_10150317612140197_170858255196_7922731_698430791_n.jpg
2011-11-19 17:13 - 2011-11-19 16:48 - 0000000 ____D C:\Program Files (x86)\PS3 Media Server
2011-11-19 16:38 - 2011-11-19 16:38 - 0462496 ____A (Adobe Systems, Inc.) C:\Users\Ata\Downloads\uninstall_flash_player_64bit.exe
2011-11-19 16:38 - 2011-11-19 16:38 - 0000000 ____D C:\Windows\System32\Macromed
2011-11-19 16:34 - 2011-11-19 16:34 - 15314705 ____A C:\Users\Ata\Downloads\pms-setup-windows-1.10.51.exe
2011-11-19 16:29 - 2011-11-19 16:29 - 0000000 ____D C:\Users\Ata\Local Settings\Conduit
2011-11-19 16:29 - 2011-11-19 16:29 - 0000000 ____D C:\Users\Ata\Local Settings\Application Data\Conduit
2011-11-19 16:29 - 2011-11-19 16:29 - 0000000 ____D C:\Users\Ata\AppData\Local\Conduit
2011-11-19 16:29 - 2011-11-19 16:29 - 0000000 ____D C:\Program Files (x86)\Xiph.Org
2011-11-19 16:29 - 2011-11-19 16:29 - 0000000 ____D C:\Program Files (x86)\Conduit
2011-11-19 16:28 - 2011-11-19 16:28 - 16880280 ____A C:\Users\Ata\Downloads\TVersitySetup_1_9_7.exe
2011-11-19 09:07 - 2012-01-10 17:37 - 0077312 ____A (Microsoft Corporation) C:\Windows\System32\packager.dll
2011-11-19 08:06 - 2012-01-10 17:37 - 0067072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2011-11-19 00:21 - 2011-11-19 00:21 - 0000000 ____D C:\Users\Ata\Documents\Need for Speed World
2011-11-18 23:57 - 2011-08-09 13:16 - 0000000 ____D C:\LFS
2011-11-18 21:23 - 2011-11-18 21:23 - 0000000 ____D C:\Users\Ata\Local Settings\Application Data\{9FCC0266-636B-4B0E-9C19-ABB5E34D38E8}
2011-11-18 21:23 - 2011-11-18 21:23 - 0000000 ____D C:\Users\Ata\Local Settings\Application Data\{785FA15B-82BE-4629-B77F-B4D0F70D3C03}
2011-11-18 21:23 - 2011-11-18 21:23 - 0000000 ____D C:\Users\Ata\Local Settings\{9FCC0266-636B-4B0E-9C19-ABB5E34D38E8}
2011-11-18 21:23 - 2011-11-18 21:23 - 0000000 ____D C:\Users\Ata\Local Settings\{785FA15B-82BE-4629-B77F-B4D0F70D3C03}
2011-11-18 21:23 - 2011-11-18 21:23 - 0000000 ____D C:\Users\Ata\AppData\Local\{9FCC0266-636B-4B0E-9C19-ABB5E34D38E8}
2011-11-18 21:23 - 2011-11-18 21:23 - 0000000 ____D C:\Users\Ata\AppData\Local\{785FA15B-82BE-4629-B77F-B4D0F70D3C03}
2011-11-18 02:09 - 2011-11-18 02:01 - 668193167 ____A C:\Users\Ata\Downloads\iPod3,1_5.0_9A334_Restore.ipsw
2011-11-18 01:54 - 2011-11-18 01:53 - 14576831 ____A C:\Users\Ata\Downloads\redsn0w_win_0.9.9b8.zip
2011-11-18 01:44 - 2011-11-18 01:40 - 0000000 ____D C:\Users\Ata\Application Data\Synthesia
2011-11-18 01:44 - 2011-11-18 01:40 - 0000000 ____D C:\Users\Ata\AppData\Roaming\Synthesia
2011-11-18 01:36 - 2011-11-18 01:36 - 4057288 ____A C:\Users\Ata\Downloads\Synthesia-0.8.2-installer.exe
2011-11-17 22:52 - 2011-11-17 22:52 - 0014094 ____A C:\Users\Ata\Documents\model un.docx
2011-11-17 19:54 - 2011-11-17 19:46 - 138730009 ____A (www.rigsofrods.com) C:\Users\Ata\Downloads\RoR-Setup-0.38.67.exe
2011-11-17 17:05 - 2011-11-17 17:05 - 0000000 ____D C:\Users\Ata\My Documents\My Games
2011-11-17 17:05 - 2011-11-17 17:05 - 0000000 ____D C:\Users\Ata\My Documents
2011-11-17 16:33 - 2011-11-17 16:29 - 0000000 ____D C:\Users\Ata\Local Settings\MX Simulator Demo
2011-11-17 16:33 - 2011-11-17 16:29 - 0000000 ____D C:\Users\Ata\Local Settings\Application Data\MX Simulator Demo
2011-11-17 16:33 - 2011-11-17 16:29 - 0000000 ____D C:\Users\Ata\AppData\Local\MX Simulator Demo
2011-11-17 15:39 - 2011-11-17 15:39 - 0000000 ____D C:\Users\Ata\Local Settings\Application Data\{A7864642-A223-48CC-A7A5-5985B07B7E2D}
2011-11-17 15:39 - 2011-11-17 15:39 - 0000000 ____D C:\Users\Ata\Local Settings\Application Data\{5FE6BB76-8FC3-4ADF-98C7-3214013BBEB8}
2011-11-17 15:39 - 2011-11-17 15:39 - 0000000 ____D C:\Users\Ata\Local Settings\{A7864642-A223-48CC-A7A5-5985B07B7E2D}
2011-11-17 15:39 - 2011-11-17 15:39 - 0000000 ____D C:\Users\Ata\Local Settings\{5FE6BB76-8FC3-4ADF-98C7-3214013BBEB8}
2011-11-17 15:39 - 2011-11-17 15:39 - 0000000 ____D C:\Users\Ata\AppData\Local\{A7864642-A223-48CC-A7A5-5985B07B7E2D}
2011-11-17 15:39 - 2011-11-17 15:39 - 0000000 ____D C:\Users\Ata\AppData\Local\{5FE6BB76-8FC3-4ADF-98C7-3214013BBEB8}
2011-11-17 15:24 - 2011-11-17 15:23 - 0000000 ____D C:\Users\Ata\Local Settings\Application Data\{28E97540-2D31-4EED-B59E-EB09E5FCB572}
2011-11-17 15:24 - 2011-11-17 15:23 - 0000000 ____D C:\Users\Ata\Local Settings\{28E97540-2D31-4EED-B59E-EB09E5FCB572}
2011-11-17 15:24 - 2011-11-17 15:23 - 0000000 ____D C:\Users\Ata\AppData\Local\{28E97540-2D31-4EED-B59E-EB09E5FCB572}
2011-11-17 15:23 - 2011-11-17 15:23 - 0000000 ____D C:\Users\Ata\Local Settings\Application Data\{90482F47-6412-42FA-A434-6033114AC52C}
2011-11-17 15:23 - 2011-11-17 15:23 - 0000000 ____D C:\Users\Ata\Local Settings\{90482F47-6412-42FA-A434-6033114AC52C}
2011-11-17 15:23 - 2011-11-17 15:23 - 0000000 ____D C:\Users\Ata\AppData\Local\{90482F47-6412-42FA-A434-6033114AC52C}
2011-11-17 02:50 - 2011-11-17 02:50 - 0000000 ____D C:\Users\Ata\Documents\PCSX2
2011-11-17 01:14 - 2012-01-10 17:37 - 1739160 ____A (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2011-11-17 00:12 - 2011-11-17 00:12 - 0000000 ____D C:\Users\Ata\Application Data\Need for Speed World
2011-11-17 00:12 - 2011-11-17 00:12 - 0000000 ____D C:\Users\Ata\AppData\Roaming\Need for Speed World
2011-11-16 23:41 - 2012-01-10 17:37 - 1292592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2011-11-16 23:12 - 2011-11-16 23:12 - 0000000 ____D C:\Users\Ata\Local Settings\Electronic_Arts_Inc
2011-11-16 23:12 - 2011-11-16 23:12 - 0000000 ____D C:\Users\Ata\Local Settings\Application Data\Electronic_Arts_Inc
2011-11-16 23:12 - 2011-11-16 23:12 - 0000000 ____D C:\Users\Ata\AppData\Local\Electronic_Arts_Inc
2011-11-16 23:08 - 2011-11-16 23:08 - 0001116 ____A C:\Users\Public\Desktop\Need For Speed World.lnk
2011-11-16 23:08 - 2011-11-16 23:08 - 0001116 ____A C:\Users\All Users\Desktop\Need For Speed World.lnk
2011-11-16 23:02 - 2011-11-16 23:02 - 5006472 ____A (Electronic Arts ) C:\Users\Ata\Downloads\setup_659.exe
2011-11-16 22:34 - 2011-11-16 22:34 - 12780479 ____A C:\Users\Ata\Downloads\pcsx2-0.9.8-r4600-setup.exe
2011-11-15 23:33 - 2011-11-15 23:33 - 0000000 ____D C:\Users\Ata\Local Settings\CrashRpt
2011-11-15 23:33 - 2011-11-15 23:33 - 0000000 ____D C:\Users\Ata\Local Settings\Application Data\CrashRpt
2011-11-15 23:33 - 2011-11-15 23:33 - 0000000 ____D C:\Users\Ata\AppData\Local\CrashRpt
2011-11-15 00:45 - 2011-11-14 23:55 - 0000000 ____D C:\Users\Ata\Desktop\GT5 Car Setups & Photomode
2011-11-14 18:43 - 2011-11-14 18:42 - 0000000 ____D C:\Users\Ata\Local Settings\Application Data\{70593F21-9DEE-4DB0-8E47-B96728EE7E6D}
2011-11-14 18:43 - 2011-11-14 18:42 - 0000000 ____D C:\Users\Ata\Local Settings\{70593F21-9DEE-4DB0-8E47-B96728EE7E6D}
2011-11-14 18:43 - 2011-11-14 18:42 - 0000000 ____D C:\Users\Ata\AppData\Local\{70593F21-9DEE-4DB0-8E47-B96728EE7E6D}
2011-11-14 18:42 - 2011-11-14 18:42 - 0000000 ____D C:\Users\Ata\Local Settings\Application Data\{9ACF3239-3D82-414B-91BE-9613504DF008}
2011-11-14 18:42 - 2011-11-14 18:42 - 0000000 ____D C:\Users\Ata\Local Settings\{9ACF3239-3D82-414B-91BE-9613504DF008}
2011-11-14 18:42 - 2011-11-14 18:42 - 0000000 ____D C:\Users\Ata\AppData\Local\{9ACF3239-3D82-414B-91BE-9613504DF008}
2011-11-14 01:30 - 2011-03-20 14:07 - 0000131 ____A C:\11.txt
2011-11-14 01:30 - 2011-03-20 14:07 - 0000000 ____D C:\tmp
2011-11-14 00:31 - 2010-12-25 04:51 - 0000000 ____D C:\Users\Ata\Local Settings\Windows Live
2011-11-14 00:31 - 2010-12-25 04:51 - 0000000 ____D C:\Users\Ata\Local Settings\Application Data\Windows Live
2011-11-14 00:31 - 2010-12-25 04:51 - 0000000 ____D C:\Users\Ata\AppData\Local\Windows Live
2011-11-14 00:26 - 2011-11-14 00:26 - 0001825 ____A C:\Users\Public\Desktop\iTunes.lnk
2011-11-14 00:26 - 2011-11-14 00:26 - 0001825 ____A C:\Users\All Users\Desktop\iTunes.lnk
2011-11-14 00:26 - 2011-11-14 00:26 - 0000000 ____D C:\Program Files\iTunes
2011-11-14 00:26 - 2011-11-14 00:26 - 0000000 ____D C:\Program Files\iPod
2011-11-14 00:26 - 2011-11-14 00:26 - 0000000 ____D C:\Program Files (x86)\iTunes
2011-11-12 11:31 - 2011-11-12 11:31 - 0000000 ____D C:\Users\Ata\Local Settings\Application Data\{71AD8033-4D41-4EE0-B630-F8C1204C599B}
2011-11-12 11:31 - 2011-11-12 11:31 - 0000000 ____D C:\Users\Ata\Local Settings\{71AD8033-4D41-4EE0-B630-F8C1204C599B}
2011-11-12 11:31 - 2011-11-12 11:31 - 0000000 ____D C:\Users\Ata\AppData\Local\{71AD8033-4D41-4EE0-B630-F8C1204C599B}
2011-11-12 11:31 - 2011-11-12 11:30 - 0000000 ____D C:\Users\Ata\Local Settings\Application Data\{53F62718-0D5A-4335-9768-DCBFEAE13017}
2011-11-12 11:31 - 2011-11-12 11:30 - 0000000 ____D C:\Users\Ata\Local Settings\{53F62718-0D5A-4335-9768-DCBFEAE13017}
2011-11-12 11:31 - 2011-11-12 11:30 - 0000000 ____D C:\Users\Ata\AppData\Local\{53F62718-0D5A-4335-9768-DCBFEAE13017}
2011-11-11 00:41 - 2011-12-13 17:45 - 12370944 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2011-11-11 00:41 - 2011-12-13 17:45 - 0247808 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2011-11-10 23:50 - 2011-12-13 17:45 - 10990080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2011-11-10 23:50 - 2011-12-13 17:45 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2011-11-10 17:09 - 2011-07-15 15:18 - 0002310 ____A C:\Users\Ata\Application Data\Rim.DesktopHelper.Exception.log
2011-11-10 17:09 - 2011-07-15 15:18 - 0002310 ____A C:\Users\Ata\AppData\Roaming\Rim.DesktopHelper.Exception.log
2011-11-10 17:09 - 2011-07-15 15:18 - 0002156 ____A C:\Users\Ata\Application Data\Rim.Desktop.Exception.log
2011-11-10 17:09 - 2011-07-15 15:18 - 0002156 ____A C:\Users\Ata\AppData\Roaming\Rim.Desktop.Exception.log
2011-11-10 17:05 - 2011-11-10 17:04 - 0000000 ____D C:\Users\Ata\Local Settings\Application Data\{2B002181-52CC-4FCB-8098-288EF72C4A7F}
2011-11-10 17:05 - 2011-11-10 17:04 - 0000000 ____D C:\Users\Ata\Local Settings\{2B002181-52CC-4FCB-8098-288EF72C4A7F}
2011-11-10 17:05 - 2011-11-10 17:04 - 0000000 ____D C:\Users\Ata\AppData\Local\{2B002181-52CC-4FCB-8098-288EF72C4A7F}
2011-11-10 17:04 - 2011-11-10 17:04 - 0000000 ____D C:\Users\Ata\Local Settings\Application Data\{1EFC55FB-E130-44A4-B4A3-A8738290167A}
2011-11-10 17:04 - 2011-11-10 17:04 - 0000000 ____D C:\Users\Ata\Local Settings\{1EFC55FB-E130-44A4-B4A3-A8738290167A}
2011-11-10 17:04 - 2011-11-10 17:04 - 0000000 ____D C:\Users\Ata\AppData\Local\{1EFC55FB-E130-44A4-B4A3-A8738290167A}
2011-11-10 16:56 - 2009-07-13 21:20 - 0000000 ____D C:\Program Files\Common Files\System
2011-11-09 01:26 - 2011-11-09 00:22 - 0000000 ____D C:\Users\Ata\Local Settings\Ubisoft Game Launcher
2011-11-09 01:26 - 2011-11-09 00:22 - 0000000 ____D C:\Users\Ata\Local Settings\Application Data\Ubisoft Game Launcher
2011-11-09 01:26 - 2011-11-09 00:22 - 0000000 ____D C:\Users\Ata\AppData\Local\Ubisoft Game Launcher
2011-11-09 00:18 - 2011-11-09 00:18 - 0000000 ____D C:\Users\Ata\Documents\Ubisoft
2011-11-09 00:18 - 2011-11-09 00:18 - 0000000 ____D C:\Program Files (x86)\Ubisoft
2011-11-09 00:06 - 2011-11-09 00:06 - 0000000 ___HD C:\Users\Ata\InstallAnywhere
2011-11-09 00:05 - 2011-11-09 00:05 - 0013811 ____A C:\Users\Ata\Documents\age poem.docx
2011-11-08 00:17 - 2011-11-08 00:17 - 0226915 ____A C:\Users\Ata\Documents\lead.flp
2011-11-07 01:32 - 2011-11-07 01:32 - 21862723 ____A C:\Users\Ata\Documents\LoaderBackup-(2011-11-06).ipd
2011-11-07 01:27 - 2010-12-25 13:29 - 0000000 ____D C:\Users\Ata\Local Settings\Downloaded Installations
2011-11-07 01:27 - 2010-12-25 13:29 - 0000000 ____D C:\Users\Ata\Local Settings\Application Data\Downloaded Installations
2011-11-07 01:27 - 2010-12-25 13:29 - 0000000 ____D C:\Users\Ata\AppData\Local\Downloaded Installations
2011-11-07 00:26 - 2011-07-15 15:20 - 0019968 ____A C:\Users\Ata\Local Settings\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-11-07 00:26 - 2011-07-15 15:20 - 0019968 ____A C:\Users\Ata\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-11-07 00:26 - 2011-07-15 15:20 - 0019968 ____A C:\Users\Ata\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-11-06 21:44 - 2011-11-06 21:44 - 0001942 ____A C:\Users\Ata\Desktop\Hulu Desktop.lnk
2011-11-06 21:44 - 2011-11-06 21:44 - 0000000 ____D C:\Users\Ata\Local Settings\HuluDesktop
2011-11-06 21:44 - 2011-11-06 21:44 - 0000000 ____D C:\Users\Ata\Local Settings\Application Data\HuluDesktop
2011-11-06 21:44 - 2011-11-06 21:44 - 0000000 ____D C:\Users\Ata\AppData\Local\HuluDesktop
2011-11-06 14:44 - 2011-11-06 14:44 - 0000000 ____D C:\Users\Ata\Local Settings\Application Data\{AD5B8901-D4EE-4417-BEF9-D37D6D99F69C}
2011-11-06 14:44 - 2011-11-06 14:44 - 0000000 ____D C:\Users\Ata\Local Settings\Application Data\{29C2F228-E8D9-41D6-9376-EF0A2682D7B1}
2011-11-06 14:44 - 2011-11-06 14:44 - 0000000 ____D C:\Users\Ata\Local Settings\{AD5B8901-D4EE-4417-BEF9-D37D6D99F69C}
2011-11-06 14:44 - 2011-11-06 14:44 - 0000000 ____D C:\Users\Ata\Local Settings\{29C2F228-E8D9-41D6-9376-EF0A2682D7B1}
2011-11-06 14:44 - 2011-11-06 14:44 - 0000000 ____D C:\Users\Ata\AppData\Local\{AD5B8901-D4EE-4417-BEF9-D37D6D99F69C}
2011-11-06 14:44 - 2011-11-06 14:44 - 0000000 ____D C:\Users\Ata\AppData\Local\{29C2F228-E8D9-41D6-9376-EF0A2682D7B1}
2011-11-06 00:12 - 2011-11-06 00:12 - 0883752 ____A (Hulu) C:\Users\Ata\Downloads\HuluDesktopSetup.exe
2011-11-04 23:26 - 2011-12-13 17:45 - 1501184 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2011-11-04 23:26 - 2011-12-13 17:45 - 1197568 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2011-11-04 23:26 - 2011-12-13 17:44 - 0134144 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2011-11-04 23:23 - 2011-12-13 17:45 - 9332736 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2011-11-04 23:23 - 2011-12-13 17:45 - 1026560 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll
2011-11-04 23:23 - 2011-12-13 17:45 - 0703488 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2011-11-04 23:23 - 2011-12-13 17:45 - 0097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2011-11-04 23:23 - 2011-12-13 17:45 - 0082944 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2011-11-04 23:23 - 2011-12-13 17:45 - 0057856 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2011-11-04 23:22 - 2011-12-13 17:45 - 2458624 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2011-11-04 23:22 - 2011-12-13 17:45 - 0445952 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2011-11-04 23:22 - 2011-12-13 17:45 - 0256000 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2011-11-04 23:22 - 2011-12-13 17:44 - 0064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2011-11-04 23:19 - 2011-12-13 17:44 - 0012288 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2011-11-04 23:17 - 2011-12-13 17:44 - 0002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2011-11-04 22:35 - 2011-12-13 17:45 - 1230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2011-11-04 22:35 - 2011-12-13 17:45 - 0981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2011-11-04 22:35 - 2011-12-13 17:44 - 0132096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2011-11-04 22:34 - 2011-12-13 17:45 - 5997568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2011-11-04 22:34 - 2011-12-13 17:45 - 2072576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2011-11-04 22:34 - 2011-12-13 17:45 - 0606208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstime.dll
2011-11-04 22:34 - 2011-12-13 17:45 - 0599552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2011-11-04 22:34 - 2011-12-13 17:45 - 0185856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2011-11-04 22:34 - 2011-12-13 17:45 - 0067072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2011-11-04 22:34 - 2011-12-13 17:45 - 0064512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2011-11-04 22:34 - 2011-12-13 17:45 - 0044544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2011-11-04 22:34 - 2011-12-13 17:44 - 0048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2011-11-04 22:33 - 2011-12-13 17:45 - 0381440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2011-11-04 22:32 - 2011-12-13 17:44 - 0012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2011-11-04 22:30 - 2011-12-13 17:44 - 0002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2011-11-04 22:07 - 2011-12-13 17:44 - 0482816 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2011-11-04 21:28 - 2011-12-13 17:44 - 0386048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2011-11-04 21:25 - 2011-12-13 17:44 - 1638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2011-11-04 20:55 - 2011-12-13 17:44 - 1638912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2011-11-03 22:01 - 2011-11-03 14:49 - 0001950 ____A C:\Users\Public\Desktop\Vampire - The Masquerade Bloodlines.lnk
2011-11-03 22:01 - 2011-11-03 14:49 - 0001950 ____A C:\Users\All Users\Desktop\Vampire - The Masquerade Bloodlines.lnk
2011-11-03 14:49 - 2011-11-03 14:49 - 0000298 ____A C:\Windows\vtmb.ini
2011-11-03 14:44 - 2011-11-03 14:44 - 0000000 ____D C:\Program Files (x86)\Activision

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 12%
Total physical RAM: 6108.82 MB
Available physical RAM: 5359.18 MB
Total Pagefile: 6106.97 MB
Available Pagefile: 5369.16 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:225.57 GB) (Free:16.41 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: (Data) (Fixed) (Total:166.53 GB) (Free:44.98 GB) NTFS
3 Drive e: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:10.44 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive f: () (Removable) (Total:3.94 GB) (Free:0.76 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Telif Hakk © 1999-2008 Bilgisayar: MININT-5LVRB19

Disk ### Durum Boyut Bo Din Gpt
-------- ------------- ------- ------- --- ---
Disk 0 evrimii 465 GB 1024 KB
Disk 1 evrimii 4039 MB 0 B

DiskPart'tan klyor...

Partitions of Disk 0:
===============

Telif Hakk © 1999-2008 Bilgisayar: MININT-5LVRB19

Disk 0 imdi seili disk.

Blm ### Tr Boyut Ofset
------------- ---------------- ------- -------
Blm 1 OEM 39 MB 31 KB
Blm 2 Birincil 14 GB 40 MB
Blm 3 Birincil 225 GB 14 GB
Blm 0 Uzatlm 225 GB 240 GB
Blm 4 Mantksal 166 GB 240 GB
Blm 5 Mantksal 58 GB 406 GB

DiskPart'tan klyor...

Partitions of Disk 1:
===============

Telif Hakk © 1999-2008 Bilgisayar: MININT-5LVRB19

Disk 1 imdi seili disk.

Blm ### Tr Boyut Ofset
------------- ---------------- ------- -------
Blm 1 Birincil 4039 MB 32 KB

DiskPart'tan klyor...
==========================================================

Last Boot: 2012-01-11 19:06

======================= End Of Log ==========================

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:56 PM

Posted 31 January 2012 - 06:52 AM

Well done.

We are going to try to boot. After boot please don't run any scan or programs and don't remove anything until I tell you it is safe.

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
HKU\Ata\...\Run: [BitComet] "C:\Program Files (x86)\BitComet\BitComet.exe" /tray [10811696 2010-12-08] (www.BitComet.com)
SubSystems: [Windows] ==> ZeroAccess
1 cciugsis; \??\C:\WINDOWS\system32\drivers\cciugsis.sys [x]
1 kyjjdnwk; \??\C:\WINDOWS\system32\drivers\kyjjdnwk.sys [x]
1 tylegoft; \??\C:\WINDOWS\system32\drivers\tylegoft.sys [x]
1 wmsukmhk; \??\C:\WINDOWS\system32\drivers\wmsukmhk.sys [x]
2012-01-22 04:31 - 2012-01-22 04:31 - 0000000 ____D C:\Windows\system64
2012-01-03 00:30 - 2012-01-03 00:37 - 0011620 __ASH C:\Users\Ata\Local Settings\xda53wd01dg7tvresbbj463328i6mmi744d82okrvg7
2012-01-03 00:30 - 2012-01-03 00:37 - 0011620 __ASH C:\Users\Ata\Local Settings\Application Data\xda53wd01dg7tvresbbj463328i6mmi744d82okrvg7
2012-01-03 00:30 - 2012-01-03 00:37 - 0011620 __ASH C:\Users\Ata\AppData\Local\xda53wd01dg7tvresbbj463328i6mmi744d82okrvg7
2012-01-03 00:30 - 2012-01-03 00:37 - 0011620 __ASH C:\Users\All Users\xda53wd01dg7tvresbbj463328i6mmi744d82okrvg7
2012-01-03 00:30 - 2012-01-03 00:37 - 0011620 __ASH C:\Users\All Users\Application Data\xda53wd01dg7tvresbbj463328i6mmi744d82okrvg7
2012-01-03 00:30 - 2012-01-03 00:37 - 0011620 __ASH C:\ProgramData\xda53wd01dg7tvresbbj463328i6mmi744d82okrvg7
end

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options.

From command prompt run FRST64 (by typing f:\frst64) and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Also restart, let it boot normally and tell me how it went.

#5 aaygen

aaygen
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:56 AM

Posted 31 January 2012 - 07:10 PM

The computer booted up perfectly, also Windows Firewall, which wasn't working before i used ComboFix, does work now.
Here's my fix log:
Fix result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 28-01-2012
Ran by SYSTEM at 2012-01-31 23:03:29 R:1
Running from E:\

==============================================

HKEY_USERS\Ata\Software\Microsoft\Windows\CurrentVersion\Run\\BitComet Value deleted successfully.
HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored.
cciugsis service deleted successfully.
kyjjdnwk service deleted successfully.
tylegoft service deleted successfully.
wmsukmhk service deleted successfully.
C:\Windows\system64 moved successfully.
C:\Users\Ata\Local Settings\xda53wd01dg7tvresbbj463328i6mmi744d82okrvg7 moved successfully.
C:\Users\Ata\Local Settings\Application Data\xda53wd01dg7tvresbbj463328i6mmi744d82okrvg7 not found.
C:\Users\Ata\AppData\Local\xda53wd01dg7tvresbbj463328i6mmi744d82okrvg7 not found.
C:\Users\All Users\xda53wd01dg7tvresbbj463328i6mmi744d82okrvg7 moved successfully.
C:\Users\All Users\Application Data\xda53wd01dg7tvresbbj463328i6mmi744d82okrvg7 not found.
C:\ProgramData\xda53wd01dg7tvresbbj463328i6mmi744d82okrvg7 not found.

==== End of Fixlog ====

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:56 PM

Posted 01 February 2012 - 01:54 AM

  • Please download unhide.exe to your desktop and run it.
  • Please download Malwarebytes' Anti-Malware from one of these locations:
    malwarebytes.org
    majorgeeks.com
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the MBAM log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


#7 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:56 PM

Posted 04 February 2012 - 08:33 AM

Are you still there? Do you need assistance or you can do it from here?

#8 aaygen

aaygen
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:56 AM

Posted 04 February 2012 - 04:00 PM

I couldn't get access to the infected computer for a few days, I ran the scan and here's my log(though it's in Turkish, it found 5 infections and removed them all without any issues)
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Veritabanı sürümü: v2012.02.03.04

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Ata :: ATA-BILGISAYAR [yönetici]

04.02.2012 01:14:17
mbam-log-2012-02-04 (01-14-17).txt

Tarama kipi: Hızlı tarama
Devrede olan tarama ayarları: Hafıza | Başlangıç | Kayıt defteri | Dosya Sistemi | Sezgisel/Ek | Sezgisel/Shuriken | PUP | PUM
Devre dışı olan tarama ayarları: P2P
Taranmış öğeler: 208979
Geçen süre: 8 dakika, 28 saniye

Bulunan Hafıza İşlemleri: 0
(Zararlı öğe tespit edilmedi)

Bulunan Hafıza Modülleri: 0
(Zararlı öğe tespit edilmedi)

Bulunan Kayıt Anahtarları: 1
HKCR\.fsharproj (Trojan.BHO) -> Başarıyla karantinaya alınıp silindi.

Bulunan Kayıt Değerleri: 0
(Zararlı öğe tespit edilmedi)

Bulunan Veri Öğeleri: 3
HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command| (Hijack.StartMenuInternet) -> Kötü: ("C:\Users\Ata\AppData\Local\gsg.exe" -a "C:\Program Files (x86)\Mozilla Firefox\firefox.exe") İyi: (firefox.exe) -> Başarıyla karantinaya alınıp, onarıldı.
HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command| (Hijack.StartMenuInternet) -> Kötü: ("C:\Users\Ata\AppData\Local\gsg.exe" -a "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode) İyi: (firefox.exe -safe-mode) -> Başarıyla karantinaya alınıp, onarıldı.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command| (Hijack.StartMenuInternet) -> Kötü: ("C:\Users\Ata\AppData\Local\gsg.exe" -a "C:\Program Files (x86)\Internet Explorer\iexplore.exe") İyi: (iexplore.exe) -> Başarıyla karantinaya alınıp, onarıldı.

Bulunan Klasörler: 0
(Zararlı öğe tespit edilmedi)

Bulunan Dosyalar: 1
C:\Users\Ata\AppData\Local\Temp\ms0cfg32.exe (Exploit.Drop.CFG) -> Başarıyla karantinaya alınıp silindi.

(son)

Edited by aaygen, 04 February 2012 - 04:35 PM.


#9 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:56 PM

Posted 04 February 2012 - 07:08 PM

Thanks for the translation.

I would like to see a couple of logs before declaring it clean.

Please download OTL by OldTimer.
  • Save it to your desktop.
  • Double click on the OTL icon on your desktop.
  • Check the "Scan All Users" checkbox.
  • Check the "Standard Output".
  • Click Run Scan button.
  • Two reports will open:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  • Copy and paste OTL.txt and attach Extra.txt to your reply.


#10 aaygen

aaygen
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:56 AM

Posted 04 February 2012 - 09:00 PM

OTL logfile created on: 04.02.2012 17:51:08 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Ata\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 0000041F | Country: Trkiye | Language: TRK | Date Format: dd.MM.yyyy

5,97 Gb Total Physical Memory | 4,06 Gb Available Physical Memory | 68,04% Memory free
6,35 Gb Paging File | 4,27 Gb Available in Paging File | 67,13% Paging File free
Paging file location(s): c:\pagefile.sys 400 400 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 225,57 Gb Total Space | 16,38 Gb Free Space | 7,26% Space Free | Partition Type: NTFS
Drive D: | 166,53 Gb Total Space | 33,05 Gb Free Space | 19,84% Space Free | Partition Type: NTFS

Computer Name: ATA-BILGISAYAR | User Name: Ata | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.02.04 17:50:27 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Ata\Desktop\OTL.exe
PRC - [2012.01.21 00:54:43 | 000,189,480 | ---- | M] () -- C:\WINDOWS\SysWOW64\PnkBstrB.exe
PRC - [2012.01.02 22:17:39 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011.11.23 11:41:56 | 000,405,504 | ---- | M] () -- C:\Program Files (x86)\Simraceway\SRWUpdate.exe
PRC - [2011.03.02 14:02:31 | 000,075,064 | ---- | M] () -- C:\WINDOWS\SysWOW64\PnkBstrA.exe
PRC - [2011.02.25 00:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010.12.08 04:42:32 | 010,811,696 | ---- | M] (www.BitComet.com) -- C:\Program Files (x86)\BitComet\BitComet.exe
PRC - [2010.08.13 06:33:38 | 001,362,544 | ---- | M] () -- C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
PRC - [2010.05.21 03:34:38 | 000,013,624 | ---- | M] (Alienware) -- C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe
PRC - [2010.05.21 03:33:48 | 000,063,304 | ---- | M] (Alienware Corporation) -- C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
PRC - [2009.10.21 19:00:04 | 000,395,824 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\SysWOW64\vmnat.exe
PRC - [2009.10.21 18:59:48 | 000,334,384 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\SysWOW64\vmnetdhcp.exe
PRC - [2009.07.22 04:52:34 | 002,463,232 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe
PRC - [2009.07.01 15:54:04 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2007.10.16 10:08:08 | 000,081,920 | ---- | M] (FirebirdSQL Project) -- C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe
PRC - [2007.10.16 10:07:38 | 002,711,552 | ---- | M] (FirebirdSQL Project) -- C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe


========== Modules (No Company Name) ==========

MOD - [2012.01.02 22:17:39 | 002,124,760 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011.11.23 20:55:18 | 008,527,008 | ---- | M] () -- C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011.10.18 20:26:37 | 000,997,888 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\cc6713be0e405d5a89a2783103f7e771\System.Management.ni.dll
MOD - [2011.10.18 20:17:31 | 002,295,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\6d859463c9e6a7423ddb335211a79dda\System.Core.ni.dll
MOD - [2011.10.17 15:57:28 | 006,618,112 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\e60d100ca68ee9fc43954f917a3cffa9\System.Data.ni.dll
MOD - [2011.10.17 15:57:09 | 014,322,688 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\09e39322b47f9b4e8dd2199ff03acb2e\PresentationFramework.ni.dll
MOD - [2011.10.17 15:56:42 | 012,431,360 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d76221993c2fdfb991b8c12ae50a30eb\System.Windows.Forms.ni.dll
MOD - [2011.10.17 15:56:29 | 001,586,688 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e245eb9c1067cabd5673fe832d28613\System.Drawing.ni.dll
MOD - [2011.10.17 15:56:22 | 012,216,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\d2dc021a8311197516e4fa325b292f21\PresentationCore.ni.dll
MOD - [2011.10.17 15:56:02 | 003,325,952 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\3136e12cfb8809d39813e76c766c782c\WindowsBase.ni.dll
MOD - [2011.10.17 15:55:49 | 005,452,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\275680f2b9db0501d53c50ea7d7a43f0\System.Xml.ni.dll
MOD - [2011.10.17 15:55:39 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\e9ebeb7959f1c916ebf6fca8f7077d6c\System.Configuration.ni.dll
MOD - [2011.10.17 15:55:34 | 007,949,312 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\95b9866ab6e4437ef5dc5855ebab4e33\System.ni.dll
MOD - [2011.10.17 15:55:11 | 011,490,304 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll
MOD - [2011.03.27 10:22:28 | 000,011,264 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AlienLabs.MasterIOBoard.Communication\1.0.92.0__bebb3c8816410241\AlienLabs.MasterIOBoard.Communication.dll
MOD - [2011.03.27 10:22:28 | 000,008,192 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AlienLabs.MasterIOBoard.Communication.Core\1.0.92.0__bebb3c8816410241\AlienLabs.MasterIOBoard.Communication.Core.dll
MOD - [2011.03.27 10:22:27 | 004,790,608 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AlienwareAlienFXModelResources\1.0.92.0__bebb3c8816410241\AlienwareAlienFXModelResources.dll
MOD - [2011.03.27 10:22:27 | 000,443,200 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AlienwareAlienFXTools\1.0.92.0__bebb3c8816410241\AlienwareAlienFXTools.dll
MOD - [2011.03.27 10:22:27 | 000,075,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AlienLabsTools\1.0.92.0__bebb3c8816410241\AlienLabsTools.dll
MOD - [2011.03.27 10:22:27 | 000,037,712 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Alienlabs.CommandCenter.Tools\1.0.92.0__bebb3c8816410241\Alienlabs.CommandCenter.Tools.dll
MOD - [2011.03.27 10:22:27 | 000,027,424 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LightFX\1.0.92.0__bebb3c8816410241\LightFX.dll
MOD - [2011.03.27 10:22:27 | 000,025,408 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AlienFX.DeviceDiscovery\1.0.92.0__bebb3c8816410241\AlienFX.DeviceDiscovery.dll
MOD - [2011.03.27 10:22:27 | 000,024,904 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AlienFX.Communication.XPS\1.0.92.0__bebb3c8816410241\AlienFX.Communication.XPS.dll
MOD - [2011.03.27 10:22:26 | 000,037,200 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AlienFX.Communication.PID0x511\1.0.92.0__bebb3c8816410241\AlienFX.Communication.PID0x511.dll
MOD - [2011.03.27 10:22:26 | 000,036,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AlienFX.Communication.PID0x514\1.0.92.0__bebb3c8816410241\AlienFX.Communication.PID0x514.dll
MOD - [2011.03.27 10:22:26 | 000,036,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AlienFX.Communication.PID0x512\1.0.92.0__bebb3c8816410241\AlienFX.Communication.PID0x512.dll
MOD - [2011.03.27 10:22:26 | 000,028,496 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AlienFX.Communication.PID0x516\1.0.92.0__bebb3c8816410241\AlienFX.Communication.PID0x516.dll
MOD - [2011.03.27 10:22:26 | 000,027,984 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AlienFX.Communication.PID0x515\1.0.92.0__bebb3c8816410241\AlienFX.Communication.PID0x515.dll
MOD - [2011.03.27 10:22:26 | 000,019,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AlienFX.Communication.PID0x513\1.0.92.0__bebb3c8816410241\AlienFX.Communication.PID0x513.dll
MOD - [2011.03.27 10:22:26 | 000,017,224 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AlienFX.Communication.Core\1.0.92.0__bebb3c8816410241\AlienFX.Communication.Core.dll
MOD - [2011.03.27 10:22:26 | 000,011,584 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AlienFX.Communication\1.0.92.0__bebb3c8816410241\AlienFX.Communication.dll
MOD - [2010.08.13 06:33:38 | 001,362,544 | ---- | M] () -- C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
MOD - [2009.12.18 00:07:06 | 000,577,536 | ---- | M] () -- C:\Program Files (x86)\Alienware On-Screen Display\EMSC.dll
MOD - [2009.07.22 04:52:34 | 002,463,232 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe
MOD - [2009.06.10 13:23:17 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011.04.27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011.04.27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010.09.22 08:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010.05.20 23:39:22 | 000,014,648 | ---- | M] (Alienware) [Auto | Stopped] -- C:\Program Files\Alienware\Command Center\AlienFusionService.exe -- (AlienFusionService)
SRV:64bit: - [2010.04.18 09:17:10 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009.07.01 15:54:02 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2012.01.21 00:54:43 | 000,189,480 | ---- | M] () [Auto | Running] -- C:\WINDOWS\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2011.11.23 11:41:56 | 000,405,504 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Simraceway\SRWUpdate.exe -- (Simraceway Update Service)
SRV - [2011.11.17 17:31:52 | 003,313,752 | ---- | M] () [Disabled | Stopped] -- c:\program files (x86)\common files\akamai/netsession_win_d768ebc.dll -- (Akamai)
SRV - [2011.08.24 16:30:58 | 000,430,136 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2011.08.04 03:34:48 | 002,329,480 | ---- | M] (LogMeIn Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011.03.02 14:02:31 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\WINDOWS\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011.03.01 06:47:56 | 002,296,696 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011.02.28 08:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [Disabled | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.02.25 00:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011.01.14 09:36:24 | 000,407,336 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010.07.05 04:37:08 | 000,011,776 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe -- (DokanMounter)
SRV - [2010.03.18 03:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 03:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.12.19 07:25:24 | 000,059,904 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe -- (InstallFilterService)
SRV - [2009.12.02 13:47:00 | 000,656,624 | ---- | M] (SoftThinks) [Disabled | Stopped] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2009.10.21 19:00:04 | 000,395,824 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\WINDOWS\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2009.10.21 18:59:58 | 000,113,200 | ---- | M] (VMware, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2009.10.21 18:59:48 | 000,334,384 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\WINDOWS\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2009.10.21 17:47:54 | 000,563,760 | ---- | M] (VMware, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2009.10.12 04:32:24 | 000,191,024 | ---- | M] (VMware, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60)
SRV - [2009.08.13 11:48:56 | 000,049,056 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\TetherBerry\TBService.exe -- (TetherBerry)
SRV - [2009.06.10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.06.08 23:56:16 | 000,337,200 | ---- | M] (Stardock Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Stardock\MyColors\VistaSrv.exe -- (WindowBlinds)
SRV - [2009.05.15 04:35:52 | 000,935,208 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2007.10.16 10:08:08 | 000,081,920 | ---- | M] (FirebirdSQL Project) [Auto | Running] -- C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe -- (FirebirdGuardianDefaultInstance)
SRV - [2007.10.16 10:07:38 | 002,711,552 | ---- | M] (FirebirdSQL Project) [On_Demand | Running] -- C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe -- (FirebirdServerDefaultInstance)
SRV - [2007.05.31 07:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 07:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.01.22 01:54:17 | 000,066,728 | ---- | M] (Eugene V. Muzychenko) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\vrtaucbl.sys -- (EuMusDesignVirtualAudioCableWdm) Virtual Audio Cable (WDM)
DRV:64bit: - [2011.12.07 10:04:24 | 000,043,456 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\libusb0.sys -- (libusb0)
DRV:64bit: - [2011.08.19 01:46:06 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\tapoas.sys -- (tapoas)
DRV:64bit: - [2011.07.29 12:54:56 | 000,016,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\epmntdrv.sys -- (epmntdrv)
DRV:64bit: - [2011.07.29 12:54:56 | 000,009,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\EuGdiDrv.sys -- (EuGdiDrv)
DRV:64bit: - [2011.06.27 01:37:00 | 002,753,536 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011.05.10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.04.27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011.03.31 18:32:00 | 001,424,944 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011.03.10 22:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.10 22:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.16 07:23:46 | 000,074,240 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2011.02.16 05:53:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2010.11.09 04:35:24 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2010.10.21 05:11:04 | 000,097,552 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV:64bit: - [2010.10.08 05:01:28 | 000,017,408 | --S- | M] (TetherBridge) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\TBridgeDrv.sys -- (TetherBridge)
DRV:64bit: - [2010.09.22 14:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010.08.19 09:24:34 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2010.07.05 17:29:12 | 000,106,888 | ---- | M] (Windows ® Win 7 DDK provider) [File_System | Auto | Running] -- C:\WINDOWS\SysNative\drivers\dokan.sys -- (Dokan)
DRV:64bit: - [2010.04.27 06:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2010.04.27 06:57:14 | 000,036,936 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\WmHidLo.sys -- (WmHidLo)
DRV:64bit: - [2010.04.27 06:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2010.04.27 04:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2010.04.27 04:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2010.01.04 11:40:30 | 000,084,584 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009.12.28 22:24:40 | 000,025,136 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Acceler.sys -- (Acceler)
DRV:64bit: - [2009.12.28 21:25:16 | 000,067,072 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009.11.27 10:38:14 | 000,019,504 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\stdflt.sys -- (stdflt)
DRV:64bit: - [2009.11.10 15:18:32 | 000,020,392 | ---- | M] (JMicron ) [Kernel | Boot | Stopped] -- C:\WINDOWS\SysNative\drivers\johci.sys -- (johci)
DRV:64bit: - [2009.10.21 19:01:10 | 000,080,944 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2009.10.21 19:01:04 | 000,029,744 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2009.10.21 19:00:58 | 000,068,144 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2009.10.21 19:00:56 | 000,030,256 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2009.10.21 17:47:50 | 000,038,960 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2009.10.21 14:13:34 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\vmusb.sys -- (vmusb)
DRV:64bit: - [2009.10.21 14:13:28 | 000,045,104 | R--- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2009.10.21 14:13:28 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2009.10.13 08:16:40 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.09.29 17:45:20 | 000,144,496 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2009.07.31 04:40:06 | 000,050,856 | ---- | M] (Tether) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\qrkis.sys -- (qrkis)
DRV:64bit: - [2009.07.13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.13 17:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.13 16:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.07.13 16:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009.07.13 16:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009.07.13 16:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009.07.02 20:26:34 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009.07.02 20:26:34 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009.07.02 20:26:34 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009.07.02 20:26:34 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009.06.10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.03.18 06:35:42 | 000,033,856 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009.01.09 04:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2008.09.26 07:02:36 | 000,115,328 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2008.09.24 19:36:14 | 000,238,848 | ---- | M] (Sensible Vision ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\facap.sys -- (FACAP)
DRV:64bit: - [2006.11.01 08:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2011.07.29 12:54:56 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\epmntdrv.sys -- (epmntdrv)
DRV - [2011.07.29 12:54:56 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2009.10.12 04:31:04 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2009.07.13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.06.26 12:43:42 | 000,013,680 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\EMSC.SYS -- (EMSC)
DRV - [2007.02.07 10:27:46 | 000,014,104 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\SysWOW64\speedfan.sys -- (speedfan)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {66bd2442-241b-44cd-8c7a-b51037053cdb} - C:\Program Files (x86)\TVersitybar\prxtbTVe0.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-842648719-1045245202-1770459396-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.alienware.com/
IE - HKU\S-1-5-21-842648719-1045245202-1770459396-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://support.alienware.com [binary data]
IE - HKU\S-1-5-21-842648719-1045245202-1770459396-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://support.alienware.com [binary data]
IE - HKU\S-1-5-21-842648719-1045245202-1770459396-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.alienware.com/
IE - HKU\S-1-5-21-842648719-1045245202-1770459396-1000\..\URLSearchHook: {66bd2442-241b-44cd-8c7a-b51037053cdb} - C:\Program Files (x86)\TVersitybar\prxtbTVe0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-842648719-1045245202-1770459396-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-842648719-1045245202-1770459396-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\WINDOWS\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Users\Ata\AppData\Local\HuluDesktop\instances\0.9.14.1\npHDPlg.dll (Hulu LLC)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Ata\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Ata\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011.02.27 09:58:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.01.02 22:17:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.05.13 09:36:04 | 000,000,000 | ---D | M]

[2011.10.04 17:42:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ata\AppData\Roaming\mozilla\Extensions
[2011.10.04 17:42:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ata\AppData\Roaming\mozilla\Extensions\uploadr@flickr.com
[2012.02.03 21:34:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ata\AppData\Roaming\mozilla\Firefox\Profiles\lc5gcfp0.default\extensions
[2011.07.27 05:40:30 | 000,000,000 | ---D | M] (SHOUTcast Radio Toolbar) -- C:\Users\Ata\AppData\Roaming\mozilla\Firefox\Profiles\lc5gcfp0.default\extensions\{12e4c684-c03e-4e4d-85bc-0c065e7a9489}
[2012.01.08 21:00:58 | 000,000,000 | ---D | M] (TVersitybar Community Toolbar) -- C:\Users\Ata\AppData\Roaming\mozilla\Firefox\Profiles\lc5gcfp0.default\extensions\{66bd2442-241b-44cd-8c7a-b51037053cdb}
[2012.02.03 21:34:35 | 000,000,000 | ---D | M] (FT DeepDark) -- C:\Users\Ata\AppData\Roaming\mozilla\Firefox\Profiles\lc5gcfp0.default\extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66}
[2012.01.10 21:01:00 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Users\Ata\AppData\Roaming\mozilla\Firefox\Profiles\lc5gcfp0.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2010.12.24 15:22:32 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Users\Ata\AppData\Roaming\mozilla\Firefox\Profiles\lc5gcfp0.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2011.12.21 14:13:28 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Ata\AppData\Roaming\mozilla\Firefox\Profiles\lc5gcfp0.default\extensions\{df04d266-01d7-49a7-b171-01a22aae97fd}
[2012.01.20 00:36:46 | 000,000,000 | ---D | M] (Evernote Web Clipper) -- C:\Users\Ata\AppData\Roaming\mozilla\Firefox\Profiles\lc5gcfp0.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
[2012.01.27 20:25:04 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Ata\AppData\Roaming\mozilla\Firefox\Profiles\lc5gcfp0.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011.03.08 12:53:59 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\Ata\AppData\Roaming\mozilla\Firefox\Profiles\lc5gcfp0.default\extensions\battlefieldplay4free@ea.com
[2011.11.29 17:14:56 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Ata\AppData\Roaming\mozilla\Firefox\Profiles\lc5gcfp0.default\extensions\firefox@tvunetworks.com
[2011.12.19 15:08:23 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Ata\AppData\Roaming\mozilla\Firefox\Profiles\lc5gcfp0.default\extensions\foxyproxy@eric.h.jung
[2011.05.13 06:31:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.10.21 16:08:43 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.01.02 22:17:39 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.08.24 01:31:30 | 000,773,120 | ---- | M] (BitComet) -- C:\Program Files (x86)\mozilla firefox\plugins\npBitCometAgent.dll
[2011.03.22 10:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2010.01.01 00:00:00 | 000,001,182 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-tr.xml
[2010.01.01 00:00:00 | 000,000,956 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-tr.xml

Hosts file not found
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.4.12.6.dll (BitComet)
O2 - BHO: (TVersitybar Toolbar) - {66bd2442-241b-44cd-8c7a-b51037053cdb} - C:\Program Files (x86)\TVersitybar\prxtbTVe0.dll (Conduit Ltd.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (SSOIEAddonBHO Class) - {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll (Sensible Vision )
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (TVersitybar Toolbar) - {66bd2442-241b-44cd-8c7a-b51037053cdb} - C:\Program Files (x86)\TVersitybar\prxtbTVe0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-842648719-1045245202-1770459396-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-842648719-1045245202-1770459396-1000\..\Toolbar\WebBrowser: (TVersitybar Toolbar) - {66BD2442-241B-44CD-8C7A-B51037053CDB} - C:\Program Files (x86)\TVersitybar\prxtbTVe0.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [AlienFX Controller] C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe (Alienware Corporation)
O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\Accelerometer\FF_Protection.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\WINDOWS\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\WINDOWS\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AlienwareOn-ScreenDisplay] C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe ()
O4 - HKU\S-1-5-21-842648719-1045245202-1770459396-1000..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-842648719-1045245202-1770459396-1000..\Run: [BitComet] C:\Program Files (x86)\BitComet\BitComet.exe (www.BitComet.com)
O4 - HKU\S-1-5-21-842648719-1045245202-1770459396-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-842648719-1045245202-1770459396-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 177
O7 - HKU\S-1-5-21-842648719-1045245202-1770459396-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8:64bit: - Extra context menu item: &BitComet ile indir - C:\Program Files (x86)\BitComet\BitComet.exe (www.BitComet.com)
O8:64bit: - Extra context menu item: &Tm Linkleri BitComet Kullanarak İndir - C:\Program Files (x86)\BitComet\BitComet.exe (www.BitComet.com)
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Grnty &Bluetooth Aygıtına Gnder... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Microsoft Excel'e &Ver - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: OneNote'a G&nder - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Sayfayı &Bluetooth Aygıtına Gnder... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: &BitComet ile indir - C:\Program Files (x86)\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &Tm Linkleri BitComet Kullanarak İndir - C:\Program Files (x86)\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Grnty &Bluetooth Aygıtına Gnder... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Microsoft Excel'e &Ver - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: OneNote'a G&nder - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Sayfayı &Bluetooth Aygıtına Gnder... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\WINDOWS\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\WINDOWS\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Bluetooth'a Gnder - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : &Bluetooth Aygıtına Gnder... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.4.12.6.dll (BitComet)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll (VMware, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{79D01AAD-EC96-4337-A723-8031A52394E5}: DhcpNameServer = 10.0.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\WINDOWS\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\WB: DllName - (C:\Program Files (x86)\Stardock\MyColors\fast64.dll) - File not found
O20 - Winlogon\Notify\FastAccess: DllName - (C:\Program Files\Alienware\Command Center\AlienSense\FALogNot.dll) - C:\Program Files\Alienware\Command Center\AlienSense\FALogNot.dll ()
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{05aced6a-208c-11e0-815e-0026b9bee65d}\Shell - "" = AutoRun
O33 - MountPoints2\{05aced6a-208c-11e0-815e-0026b9bee65d}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{05aced7c-208c-11e0-815e-0026b9bee65d}\Shell - "" = AutoRun
O33 - MountPoints2\{05aced7c-208c-11e0-815e-0026b9bee65d}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{05acedaa-208c-11e0-815e-0026b9bee65d}\Shell - "" = AutoRun
O33 - MountPoints2\{05acedaa-208c-11e0-815e-0026b9bee65d}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{669a1add-0fed-11e0-9ab7-0026b9bee65d}\Shell - "" = AutoRun
O33 - MountPoints2\{669a1add-0fed-11e0-9ab7-0026b9bee65d}\Shell\AutoRun\command - "" = E:\EE3AutoRun.exe
O33 - MountPoints2\{7674b0af-81fb-11e0-beea-d609b5cd54a9}\Shell - "" = AutoRun
O33 - MountPoints2\{7674b0af-81fb-11e0-beea-d609b5cd54a9}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{7674b0b3-81fb-11e0-beea-d609b5cd54a9}\Shell - "" = AutoRun
O33 - MountPoints2\{7674b0b3-81fb-11e0-beea-d609b5cd54a9}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{7674b0b5-81fb-11e0-beea-d609b5cd54a9}\Shell - "" = AutoRun
O33 - MountPoints2\{7674b0b5-81fb-11e0-beea-d609b5cd54a9}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{7674b0b7-81fb-11e0-beea-d609b5cd54a9}\Shell - "" = AutoRun
O33 - MountPoints2\{7674b0b7-81fb-11e0-beea-d609b5cd54a9}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{87796540-a41f-11e0-9b64-0026b9b63da8}\Shell - "" = AutoRun
O33 - MountPoints2\{87796540-a41f-11e0-9b64-0026b9b63da8}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{a872fd7d-47e2-11e0-a1ae-0026b9bee65d}\Shell - "" = AutoRun
O33 - MountPoints2\{a872fd7d-47e2-11e0-a1ae-0026b9bee65d}\Shell\AutoRun\command - "" = E:\Setup.exe
O33 - MountPoints2\{ad6ab09b-fde4-11e0-b4c3-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{ad6ab09b-fde4-11e0-b4c3-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Install.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-842648719-1045245202-1770459396-1000\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2012.02.04 17:50:21 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Ata\Desktop\OTL.exe
[2012.02.03 22:50:28 | 000,000,000 | ---D | C] -- C:\Users\Ata\AppData\Roaming\.minecraft
[2012.02.03 00:48:59 | 000,000,000 | ---D | C] -- C:\Users\Ata\AppData\Roaming\Malwarebytes
[2012.02.03 00:48:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.02.03 00:48:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.02.03 00:48:39 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mbam.sys
[2012.02.03 00:48:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.02.02 22:29:37 | 000,000,000 | ---D | C] -- C:\Users\Ata\AppData\Local\mciPathEnum
[2012.01.31 16:21:07 | 001,446,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\lsasrv.dll
[2012.01.31 16:21:06 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\webio.dll
[2012.01.31 16:21:06 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\webio.dll
[2012.01.31 16:21:06 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\sspicli.dll
[2012.01.31 16:21:06 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\sspisrv.dll
[2012.01.31 16:21:06 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\secur32.dll
[2012.01.31 01:58:47 | 000,000,000 | ---D | C] -- C:\FRST
[2012.01.27 20:41:54 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012.01.27 20:41:54 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012.01.27 20:41:54 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012.01.27 20:41:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012.01.24 20:37:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012.01.24 20:37:33 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012.01.22 16:21:13 | 000,000,000 | ---D | C] -- C:\Users\Ata\AppData\Local\{03AFEA7C-2BCB-468A-856C-E5B59D2B410D}
[2012.01.22 16:21:02 | 000,000,000 | ---D | C] -- C:\Users\Ata\AppData\Local\{4AC6DC22-A17C-4254-B1B0-526E8BF114BF}
[2012.01.22 02:34:31 | 000,000,000 | ---D | C] -- C:\Users\Ata\Desktop\setlist
[2012.01.22 01:54:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual Audio Cable
[2012.01.22 01:54:17 | 000,000,000 | ---D | C] -- C:\Program Files\Virtual Audio Cable
[2012.01.22 01:48:37 | 000,066,728 | ---- | C] (Eugene V. Muzychenko) -- C:\WINDOWS\SysNative\drivers\vrtaucbl.sys
[2012.01.22 00:52:05 | 000,000,000 | ---D | C] -- C:\Users\Ata\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SAM Broadcaster
[2012.01.22 00:52:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SAM Broadcaster
[2012.01.22 00:52:00 | 000,458,752 | ---- | C] (IBPhoenix) -- C:\WINDOWS\SysWow64\Firebird2Control.cpl
[2012.01.22 00:52:00 | 000,442,368 | ---- | C] (FirebirdSQL Project) -- C:\WINDOWS\SysWow64\GDS32.DLL
[2012.01.22 00:52:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firebird 2.1 (Win32)
[2012.01.22 00:51:59 | 000,626,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msvcr80.dll
[2012.01.22 00:51:59 | 000,548,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msvcp80.dll
[2012.01.22 00:51:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Firebird
[2012.01.21 19:07:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\edcast
[2012.01.21 19:06:46 | 000,000,000 | ---D | C] -- C:\Users\Ata\AppData\Roaming\GetRightToGo
[2012.01.21 19:06:46 | 000,000,000 | ---D | C] -- C:\Users\Ata\Documents\Downloads
[2012.01.21 02:16:54 | 000,000,000 | ---D | C] -- C:\Users\Ata\Documents\Rainmeter
[2012.01.21 02:16:54 | 000,000,000 | ---D | C] -- C:\Users\Ata\AppData\Roaming\Rainmeter
[2012.01.21 02:16:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rainmeter
[2012.01.21 02:16:28 | 000,000,000 | ---D | C] -- C:\Program Files\Rainmeter
[2012.01.21 02:15:31 | 000,000,000 | ---D | C] -- C:\Users\Ata\Desktop\theme
[2012.01.21 00:59:33 | 000,000,000 | ---D | C] -- C:\Users\Ata\Documents\America's Army 3
[2012.01.20 16:41:21 | 000,000,000 | ---D | C] -- C:\Users\Ata\AppData\Local\{5216B47A-CADB-454C-8111-51A46FAF0727}
[2012.01.20 16:41:09 | 000,000,000 | ---D | C] -- C:\Users\Ata\AppData\Local\{ABB961FA-499D-4921-A76C-F28CE53215D9}
[2012.01.19 19:36:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FsPassengersX
[2012.01.19 19:35:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Captain Sim
[2012.01.19 19:35:09 | 000,000,000 | ---D | C] -- C:\Users\Ata\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Captain Sim
[2012.01.19 19:34:51 | 000,000,000 | ---D | C] -- C:\ProgramData\CaptainSim
[2012.01.19 18:06:48 | 000,000,000 | ---D | C] -- C:\Users\Ata\Desktop\concorde
[2012.01.19 17:45:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Abacus
[2012.01.19 17:45:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Abacus
[2012.01.18 22:53:25 | 000,000,000 | ---D | C] -- C:\Users\Ata\AppData\Roaming\Unity
[2012.01.15 03:49:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crazy Machines Elements
[2012.01.15 03:49:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Crazy Machines Elements
[2012.01.11 00:20:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MegaDev
[2012.01.11 00:19:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MegaDev
[2012.01.11 00:10:56 | 000,000,000 | ---D | C] -- C:\Users\Ata\Documents\My Cheat Tables
[2012.01.10 15:37:58 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\quartz.dll
[2012.01.10 15:37:58 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\quartz.dll
[2012.01.10 15:37:58 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\qdvd.dll
[2012.01.10 15:37:58 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\qdvd.dll
[2012.01.10 15:37:57 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript.dll
[2012.01.10 15:37:57 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\jscript.dll
[2012.01.10 15:37:55 | 001,739,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntdll.dll
[2012.01.10 15:37:53 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\packager.dll
[2012.01.10 15:37:53 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\packager.dll
[2012.01.08 13:36:18 | 000,000,000 | ---D | C] -- C:\Users\Ata\Documents\Kindred
[3 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.02.04 17:50:27 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Ata\Desktop\OTL.exe
[2012.02.04 16:29:14 | 000,014,240 | ---- | M] () -- C:\WINDOWS\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.04 16:29:14 | 000,014,240 | ---- | M] () -- C:\WINDOWS\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.04 16:22:16 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.02.04 16:22:13 | 509,202,431 | -HS- | M] () -- C:\hiberfil.sys
[2012.02.04 15:38:02 | 000,001,020 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-842648719-1045245202-1770459396-1000UA.job
[2012.02.04 13:11:04 | 000,000,998 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-842648719-1045245202-1770459396-1000Core.job
[2012.02.04 01:01:11 | 000,000,254 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012.02.03 00:48:48 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.01.24 20:38:31 | 000,001,912 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012.01.24 20:37:52 | 001,499,734 | ---- | M] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2012.01.24 20:37:52 | 000,626,138 | ---- | M] () -- C:\WINDOWS\SysNative\perfh01F.dat
[2012.01.24 20:37:52 | 000,623,958 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2012.01.24 20:37:52 | 000,125,176 | ---- | M] () -- C:\WINDOWS\SysNative\perfc01F.dat
[2012.01.24 20:37:52 | 000,109,704 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2012.01.22 17:28:38 | 000,034,051 | ---- | M] () -- C:\Users\Ata\Documents\401650_2716446224583_1059789143_32319617_1190513094_n.jpg
[2012.01.22 02:59:56 | 000,000,111 | ---- | M] () -- C:\WINDOWS\JFNetworkWt.INI
[2012.01.22 01:54:17 | 000,066,728 | ---- | M] (Eugene V. Muzychenko) -- C:\WINDOWS\SysNative\drivers\vrtaucbl.sys
[2012.01.22 00:52:05 | 000,002,080 | ---- | M] () -- C:\Users\Ata\Application Data\Microsoft\Internet Explorer\Quick Launch\SAM Broadcaster.lnk
[2012.01.22 00:52:05 | 000,002,056 | ---- | M] () -- C:\Users\Ata\Desktop\SAM Broadcaster.lnk
[2012.01.21 19:13:54 | 004,987,480 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2012.01.21 19:07:45 | 000,001,073 | ---- | M] () -- C:\Users\Ata\Desktop\Edcast.lnk
[2012.01.21 00:54:43 | 000,189,480 | ---- | M] () -- C:\WINDOWS\SysWow64\PnkBstrB.xtr
[2012.01.21 00:54:43 | 000,189,480 | ---- | M] () -- C:\WINDOWS\SysWow64\PnkBstrB.exe
[2012.01.20 15:22:38 | 000,020,187 | ---- | M] () -- C:\Users\Ata\Documents\executive branch study guide.pdf
[2012.01.19 02:59:00 | 000,125,484 | ---- | M] () -- C:\Users\Ata\Documents\FSX Autopilot .pdf
[2012.01.18 19:43:26 | 001,473,086 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2012.01.16 14:49:20 | 000,149,600 | -H-- | M] () -- C:\WINDOWS\SysWow64\mlfcache.dat
[2012.01.16 14:11:56 | 000,013,040 | ---- | M] () -- C:\Users\Ata\Documents\Adsız.png
[2012.01.15 03:49:22 | 000,001,164 | ---- | M] () -- C:\Users\Public\Desktop\Crazy Machines Elements 2011.lnk
[2012.01.12 18:03:04 | 000,042,567 | ---- | M] () -- C:\Users\Ata\Documents\trackingNumber=11678.pdf
[2012.01.08 21:20:31 | 000,000,040 | ---- | M] () -- C:\Users\Public\Documents\_rgpl
[2012.01.08 20:54:56 | 000,000,011 | R--- | M] () -- C:\WINDOWS\amunres.lsl
[3 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.02.03 00:48:48 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.01.27 20:41:54 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012.01.27 20:41:54 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012.01.27 20:41:54 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012.01.27 20:41:54 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012.01.27 20:41:54 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012.01.24 20:37:43 | 000,001,939 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012.01.22 17:28:27 | 000,034,051 | ---- | C] () -- C:\Users\Ata\Documents\401650_2716446224583_1059789143_32319617_1190513094_n.jpg
[2012.01.22 02:59:56 | 000,000,111 | ---- | C] () -- C:\WINDOWS\JFNetworkWt.INI
[2012.01.22 00:52:05 | 000,002,080 | ---- | C] () -- C:\Users\Ata\Application Data\Microsoft\Internet Explorer\Quick Launch\SAM Broadcaster.lnk
[2012.01.22 00:52:05 | 000,002,056 | ---- | C] () -- C:\Users\Ata\Desktop\SAM Broadcaster.lnk
[2012.01.21 19:07:45 | 000,001,073 | ---- | C] () -- C:\Users\Ata\Desktop\Edcast.lnk
[2012.01.20 15:22:38 | 000,020,187 | ---- | C] () -- C:\Users\Ata\Documents\executive branch study guide.pdf
[2012.01.19 02:59:00 | 000,125,484 | ---- | C] () -- C:\Users\Ata\Documents\FSX Autopilot .pdf
[2012.01.16 14:11:55 | 000,013,040 | ---- | C] () -- C:\Users\Ata\Documents\Adsız.png
[2012.01.15 03:49:22 | 000,001,164 | ---- | C] () -- C:\Users\Public\Desktop\Crazy Machines Elements 2011.lnk
[2012.01.12 18:03:04 | 000,042,567 | ---- | C] () -- C:\Users\Ata\Documents\trackingNumber=11678.pdf
[2012.01.08 21:20:31 | 000,000,040 | ---- | C] () -- C:\Users\Public\Documents\_rgpl
[2012.01.08 20:54:56 | 000,000,011 | R--- | C] () -- C:\WINDOWS\amunres.lsl
[2011.12.04 13:27:32 | 000,066,856 | ---- | C] () -- C:\WINDOWS\SysWow64\SynTPEnhPS.dll
[2011.11.30 16:48:17 | 000,022,528 | ---- | C] () -- C:\WINDOWS\exeshl.dll
[2011.11.03 12:49:39 | 000,000,298 | ---- | C] () -- C:\WINDOWS\vtmb.ini
[2011.10.22 00:18:07 | 002,469,760 | ---- | C] () -- C:\WINDOWS\SysWow64\BootMan.exe
[2011.10.22 00:18:07 | 000,086,408 | ---- | C] () -- C:\WINDOWS\SysWow64\setupempdrv03.exe
[2011.10.22 00:18:07 | 000,019,840 | ---- | C] () -- C:\WINDOWS\SysWow64\EuEpmGdi.dll
[2011.10.22 00:18:07 | 000,014,216 | ---- | C] () -- C:\WINDOWS\SysWow64\epmntdrv.sys
[2011.10.22 00:18:07 | 000,008,456 | ---- | C] () -- C:\WINDOWS\SysWow64\EuGdiDrv.sys
[2011.10.11 16:20:12 | 000,000,254 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011.07.15 13:20:28 | 000,019,968 | ---- | C] () -- C:\Users\Ata\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.07.05 08:21:41 | 000,010,240 | ---- | C] () -- C:\WINDOWS\SysWow64\vidx16.dll
[2011.05.11 12:19:51 | 000,000,030 | ---- | C] () -- C:\WINDOWS\USDL GrandPrix v1.6.4 VISTA.INI
[2011.04.09 07:55:28 | 000,179,261 | ---- | C] () -- C:\WINDOWS\SysWow64\xlive.dll.cat
[2011.03.08 18:20:26 | 000,000,122 | ---- | C] () -- C:\WINDOWS\msmmdx9.ini
[2011.03.02 14:02:19 | 003,360,624 | ---- | C] () -- C:\WINDOWS\SysWow64\pbsvc.exe
[2011.02.16 13:03:51 | 000,000,030 | ---- | C] () -- C:\WINDOWS\USDL_GrandPrix_v1.6.4_VISTA.INI
[2011.02.16 12:11:54 | 000,000,030 | ---- | C] () -- C:\WINDOWS\GrandPrix_v1.5.2_XP.INI
[2011.01.17 09:17:14 | 000,189,480 | ---- | C] () -- C:\WINDOWS\SysWow64\PnkBstrB.exe
[2011.01.17 09:17:13 | 000,075,064 | ---- | C] () -- C:\WINDOWS\SysWow64\PnkBstrA.exe
[2011.01.13 14:31:00 | 000,149,600 | -H-- | C] () -- C:\WINDOWS\SysWow64\mlfcache.dat
[2010.12.30 14:09:27 | 000,000,083 | ---- | C] () -- C:\WINDOWS\wwp.INI
[2010.12.26 01:42:18 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\SysWow64\ezsidmv.dat
[2010.12.25 11:13:10 | 000,165,376 | ---- | C] () -- C:\WINDOWS\SysWow64\unrar.dll
[2010.12.25 05:01:50 | 001,499,734 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2010.07.05 04:37:06 | 000,033,792 | ---- | C] () -- C:\WINDOWS\SysWow64\dokan.dll
[2010.06.17 07:40:52 | 000,057,904 | ---- | C] () -- C:\WINDOWS\SysWow64\wbload.dll
[2010.05.21 03:38:00 | 000,097,584 | ---- | C] () -- C:\WINDOWS\SysWow64\CCBiosSupportAPI.dll
[2010.04.04 10:45:06 | 000,089,416 | ---- | C] () -- C:\WINDOWS\SysWow64\FAIEExtension.dll
[2010.04.04 10:44:12 | 000,059,208 | ---- | C] () -- C:\WINDOWS\SysWow64\FAib.dll
[2010.04.04 10:42:44 | 000,247,624 | ---- | C] () -- C:\WINDOWS\SysWow64\FACrashRpt.dll
[2010.04.01 14:14:53 | 000,982,220 | ---- | C] () -- C:\WINDOWS\SysWow64\igkrng500.bin
[2010.04.01 14:14:52 | 000,439,300 | ---- | C] () -- C:\WINDOWS\SysWow64\igcompkrng500.bin
[2010.04.01 14:14:52 | 000,134,592 | ---- | C] () -- C:\WINDOWS\SysWow64\igfcg500.bin
[2010.04.01 14:14:52 | 000,092,216 | ---- | C] () -- C:\WINDOWS\SysWow64\igfcg500m.bin
[2010.04.01 03:42:38 | 000,146,432 | ---- | C] () -- C:\WINDOWS\SysWow64\APOMngr.DLL
[2010.04.01 03:42:38 | 000,072,704 | ---- | C] () -- C:\WINDOWS\SysWow64\CmdRtr.DLL
[2009.09.09 15:18:28 | 000,577,536 | ---- | C] () -- C:\WINDOWS\SysWow64\EMSC.DLL
[2009.07.13 21:38:36 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009.07.13 18:35:51 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2009.07.13 18:34:42 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2009.07.13 16:10:29 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2009.07.13 15:42:10 | 000,064,000 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2009.07.13 13:03:59 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2009.06.10 13:26:10 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2007.02.20 04:59:08 | 000,053,248 | ---- | C] () -- C:\WINDOWS\SysWow64\AgCPanelJapanese.dll
[2007.02.20 04:59:06 | 000,053,248 | ---- | C] () -- C:\WINDOWS\SysWow64\AgCPanelTraditionalChinese.dll
[2007.02.20 04:59:06 | 000,053,248 | ---- | C] () -- C:\WINDOWS\SysWow64\AgCPanelSwedish.dll
[2007.02.20 04:59:06 | 000,053,248 | ---- | C] () -- C:\WINDOWS\SysWow64\AgCPanelSimplifiedChinese.dll
[2007.02.20 04:59:06 | 000,053,248 | ---- | C] () -- C:\WINDOWS\SysWow64\AgCPanelPortugese.dll
[2007.02.20 04:59:06 | 000,053,248 | ---- | C] () -- C:\WINDOWS\SysWow64\AgCPanelKorean.dll
[2007.02.20 04:59:06 | 000,053,248 | ---- | C] () -- C:\WINDOWS\SysWow64\AgCPanelGerman.dll
[2007.02.20 04:59:06 | 000,053,248 | ---- | C] () -- C:\WINDOWS\SysWow64\AgCPanelFrench.dll
[2007.02.20 04:59:04 | 000,053,248 | ---- | C] () -- C:\WINDOWS\SysWow64\AgCPanelSpanish.dll
[2004.07.27 20:44:08 | 000,040,960 | ---- | C] () -- C:\WINDOWS\SPARKEY.DLL
[2002.09.17 23:45:00 | 000,119,808 | ---- | C] () -- C:\WINDOWS\lsb_un20.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\WINDOWS\.DS_Store:AFP_AfpInfo
@Alternate Data Stream - 64 bytes -> C:\.TemporaryItems:AFP_AfpInfo
@Alternate Data Stream - 64 bytes -> C:\.DS_Store:AFP_AfpInfo
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:63238B95

< End of report >

Attached Files


Edited by aaygen, 04 February 2012 - 09:00 PM.


#11 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:56 PM

Posted 05 February 2012 - 06:08 AM

  • Please download GooredFix from one of the locations below and save it to your Desktop
    Download Mirror #1
    Download Mirror #2
    • Ensure all Firefox windows are closed.
    • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
    • When prompted to run the scan, click Yes.
    • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).
  • You need to install an antivirus program to have a proper protection. I recommend this good free antivirus:

    Avira
    • Download the installer from softpedia.com link as it has a secure download mirror.
    • Install it but if it asked you to install any additional toolbar select no or uncheck the option.
    • Update it then let it scan the computer and remove what it finds.
    • Copy and paste the content of the report to your reply.
  • Please open OTL.
    • Copy the text in code box and paste it to Custom Scans/Fixes section:

      :otl
      O33 - MountPoints2\{05aced6a-208c-11e0-815e-0026b9bee65d}\Shell - "" = AutoRun
      O33 - MountPoints2\{05aced7c-208c-11e0-815e-0026b9bee65d}\Shell - "" = AutoRun
      O33 - MountPoints2\{05acedaa-208c-11e0-815e-0026b9bee65d}\Shell - "" = AutoRun
      O33 - MountPoints2\{669a1add-0fed-11e0-9ab7-0026b9bee65d}\Shell - "" = AutoRun
      O33 - MountPoints2\{7674b0af-81fb-11e0-beea-d609b5cd54a9}\Shell - "" = AutoRun
      O33 - MountPoints2\{7674b0b3-81fb-11e0-beea-d609b5cd54a9}\Shell - "" = AutoRun
      O33 - MountPoints2\{7674b0b5-81fb-11e0-beea-d609b5cd54a9}\Shell - "" = AutoRun
      O33 - MountPoints2\{7674b0b7-81fb-11e0-beea-d609b5cd54a9}\Shell - "" = AutoRun
      O33 - MountPoints2\{87796540-a41f-11e0-9b64-0026b9b63da8}\Shell - "" = AutoRun
      O33 - MountPoints2\{a872fd7d-47e2-11e0-a1ae-0026b9bee65d}\Shell - "" = AutoRun
      O33 - MountPoints2\{ad6ab09b-fde4-11e0-b4c3-806e6f6e6963}\Shell - "" = AutoRun
      O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      
    • Click Run Fix button.
    • If the fix needed a reboot please do it.
    • After finished a log will open. Copy and paste the log to your reply.
  • Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to remove older version Java components and update:
    • Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
    • Look for "Java Platform, Standard Edition".
    • Click the "Download JRE" button to the right.
    • Read the License Agreement, and then check the box that says: "Accept License Agreement".
    • From the list, select your OS and Platform (32-bit or 64-bit).
    • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
    • Close any programs you may have running - especially your web browser.
    Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
    • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
    • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
    • Repeat as many times as necessary to remove each Java versions.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on jre-7-windows-i586.exe to install the newest version.
    • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
    • When the Java Setup - Welcome window opens, click the Install > button.
    • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
    • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
    Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
    To disable the JQS service if you don't want to use it:
    • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
    • Click Ok and reboot your computer.
  • To Clear the Java Runtime Environment (JRE) cache, do this:
    • Click Start > Settings > Control Panel.
    • Double-click the Java icon.
      -The Java Control Panel appears.
    • Click "Settings" under Temporary Internet Files.
      -The Temporary Files Settings dialog box appears.
    • Click "Delete Files".
      -The Delete Temporary Files dialog box appears.
      -There are three options on this window to clear the cache.
    • Make sure all the options are checked.
    • Click "OK" on Delete Temporary Files window.
      -Note: This deletes all the Downloaded Applications and Applets from the cache.
    • Click "OK" on Temporary Files Settings window.
    • Close the Java Control Panel.
    You can also view these instructions along with screenshots here.


#12 aaygen

aaygen
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:56 AM

Posted 05 February 2012 - 06:31 PM

Here are the GooredFix and OTL logs
GooredFix by jpshortstuff (03.07.10.1)
Log created at 15:28 on 05/02/2012 (Ata)
Firefox version 9.0.1 (tr)

========== GooredScan ==========

Deleting "C:\Users\Ata\Application Data\Mozilla\Firefox\Profiles\lc5gcfp0.default\extensions\{df04d266-01d7-49a7-b171-01a22aae97fd}" -> Success!

========== GooredLog ==========

C:\Program Files (x86)\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [14:31 13/05/2011]
{972ce4c6-7e08-4474-a285-3208198ce6fd} [23:31 26/03/2011]

C:\Users\Ata\Application Data\Mozilla\Firefox\Profiles\lc5gcfp0.default\extensions\
battlefieldplay4free@ea.com [20:53 08/03/2011]
firefox@tvunetworks.com [01:14 30/11/2011]
foxyproxy@eric.h.jung [23:08 19/12/2011]
{12e4c684-c03e-4e4d-85bc-0c065e7a9489} [13:40 27/07/2011]
{66bd2442-241b-44cd-8c7a-b51037053cdb} [05:00 09/01/2012]
{77d2ed30-4cd2-11e0-b8af-0800200c9a66} [05:34 04/02/2012]
{7b13ec3e-999a-4b70-b9cb-2617b8323822} [05:00 11/01/2012]
{B042753D-F57E-4e8e-A01B-7379A6D4CEFB} [23:22 24/12/2010]
{E0B8C461-F8FB-49b4-8373-FE32E9252800} [08:36 20/01/2012]
{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [04:25 28/01/2012]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"web2pdfextension@web2pdf.adobedotcom"="C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn" [17:58 27/02/2011]

-=E.O.F=-

--------------------------------------

========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{05aced6a-208c-11e0-815e-0026b9bee65d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{05aced6a-208c-11e0-815e-0026b9bee65d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{05aced7c-208c-11e0-815e-0026b9bee65d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{05aced7c-208c-11e0-815e-0026b9bee65d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{05acedaa-208c-11e0-815e-0026b9bee65d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{05acedaa-208c-11e0-815e-0026b9bee65d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{669a1add-0fed-11e0-9ab7-0026b9bee65d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{669a1add-0fed-11e0-9ab7-0026b9bee65d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7674b0af-81fb-11e0-beea-d609b5cd54a9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7674b0af-81fb-11e0-beea-d609b5cd54a9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7674b0b3-81fb-11e0-beea-d609b5cd54a9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7674b0b3-81fb-11e0-beea-d609b5cd54a9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7674b0b5-81fb-11e0-beea-d609b5cd54a9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7674b0b5-81fb-11e0-beea-d609b5cd54a9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7674b0b7-81fb-11e0-beea-d609b5cd54a9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7674b0b7-81fb-11e0-beea-d609b5cd54a9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{87796540-a41f-11e0-9b64-0026b9b63da8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{87796540-a41f-11e0-9b64-0026b9b63da8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a872fd7d-47e2-11e0-a1ae-0026b9bee65d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a872fd7d-47e2-11e0-a1ae-0026b9bee65d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ad6ab09b-fde4-11e0-b4c3-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ad6ab09b-fde4-11e0-b4c3-806e6f6e6963}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

OTL by OldTimer - Version 3.2.31.0 log created on 02052012_152852

#13 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:56 PM

Posted 06 February 2012 - 02:00 AM

That is good. :thumbup2:

How is the system running?

#14 aaygen

aaygen
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:56 AM

Posted 06 February 2012 - 02:06 AM

That is good. :thumbup2:

How is the system running?

So far so good, thanks for all your help!

#15 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:56 PM

Posted 06 February 2012 - 02:14 AM

It looks good and you are good to go. :thumbup2:

  • Please delete FRST tool as we don't need it any more. Also go to C:\FRST and delete the entire FRST folder.
  • Please run OTL.
    • Click Clean Up button.
    • Accept any prompts.
    • This will remove OTL, and will require a reboot.
  • Remove the old restore points and create a new restore point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Setting a new restore point AFTER cleaning your system will enable your computer to "roll-back" to a clean working state if needed. :
    • Go to Start => Right-click "Computer" and select "Properties".
    • In the left pane select "System Protection".
    • Press "Configure".
    • Select "Delete". Then press "Continue" close and "OK".
    • Select your drive (drive C) and press "Create".
      Fill in a name for the restore point and press "Create".
      After finished press "Close".
Recommendations:
  • I recommend using Site Advisor for safe surfing. It is a free extension both for Internet Explorer and Firefox. When you search a site it gives you an indication of how safe a site is.
  • I recommend installing this small application for safe surfing: Javacools SpywareBlaster
    SpywareBlaster will add a large list of programs and sites into your Internet Explorer and Firefox settings and that will protect you from running and downloading known malicious programs.
  • Download and install it.
  • Update it manually by clicking on Updates in the left pane and then Check for Updates.
  • Then enable all the protections by clicking on Protection Status on the left pane. Then click on Enable All Protection.
  • The free version doesn't have an automatic update. Update it once in two or three weeks and enable all protection again.
Happy Surfing aaygen.:)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users