Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirect virus + random ads playing in background


  • This topic is locked This topic is locked
23 replies to this topic

#1 tony egri

tony egri

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:04 AM

Posted 28 February 2012 - 05:59 AM

Hi, I've got a google redirect virus, everytime i click on results it redirects me to other websites. Also random audio ads are playing in background.
Any help would be very much apreciated, Here is the log from combofix:

ComboFix 12-02-27.02 - Tony 02/28/2012 10:02:42.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2996.1641 [GMT 0:00]
Running from: c:\users\Tony\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files (x86)\BPK
c:\program files (x86)\BPK\pk.bin
c:\programdata\djvkbaa.tmp
c:\programdata\gjglaaa.tmp
c:\programdata\iamlbaa.tmp
c:\programdata\jamlbaa.tmp
c:\programdata\NOTEPAD.EXE-x.txt
c:\programdata\RUNDLL32.EXE-x.txt
c:\programdata\trbqbaa.tmp
c:\windows\SysWow64\Cache
c:\windows\SysWow64\tmp2E50.tmp
c:\windows\SysWow64\tmp2EAF.tmp
.
c:\windows\SysWow64\drivers\ntfs.sys . . . is infected!!
.
.
((((((((((((((((((((((((( Files Created from 2012-01-28 to 2012-02-28 )))))))))))))))))))))))))))))))
.
.
2012-02-28 10:16 . 2012-02-28 10:16 -------- d-----w- c:\users\Mcx1-TONY-PC\AppData\Local\temp
2012-02-28 10:16 . 2012-02-28 10:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-24 10:16 . 2011-07-06 19:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2012-02-24 10:16 . 2012-02-24 10:24 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-02-24 10:16 . 2011-12-10 15:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-22 13:55 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll
2012-02-22 13:55 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll
2012-02-22 13:26 . 2012-02-22 13:26 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-02-22 12:31 . 2010-12-18 06:12 3138048 ----a-w- c:\windows\system32\mstscax.dll
2012-02-22 12:30 . 2011-02-12 06:14 267776 ----a-w- c:\windows\system32\FXSCOVER.exe
2012-02-22 12:29 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2012-02-22 12:28 . 2011-03-11 05:40 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll
2012-02-22 12:26 . 2011-02-18 06:33 31232 ----a-w- c:\windows\system32\prevhost.exe
2012-02-22 12:26 . 2011-02-18 05:33 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
2012-02-22 12:26 . 2011-11-17 07:14 1739160 ----a-w- c:\windows\system32\ntdll.dll
2012-02-22 12:26 . 2011-11-17 05:41 1292592 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-02-22 12:26 . 2011-02-24 06:30 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2012-02-22 12:26 . 2011-02-24 05:32 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2012-02-22 12:25 . 2011-06-23 05:29 5507968 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-02-22 12:25 . 2011-06-23 04:38 3957120 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-02-22 12:25 . 2011-06-23 04:38 3902336 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-02-22 12:25 . 2011-04-22 20:18 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2012-02-22 12:23 . 2011-11-05 05:17 2048 ----a-w- c:\windows\system32\tzres.dll
2012-02-22 12:23 . 2011-11-05 04:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-02-22 12:21 . 2011-10-15 06:25 723456 ----a-w- c:\windows\system32\EncDec.dll
2012-02-22 12:21 . 2011-10-15 05:48 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2012-02-22 12:21 . 2011-08-27 05:40 861184 ----a-w- c:\windows\system32\oleaut32.dll
2012-02-22 12:21 . 2011-08-27 05:40 331776 ----a-w- c:\windows\system32\oleacc.dll
2012-02-22 12:21 . 2011-08-27 04:43 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2012-02-22 12:21 . 2011-08-27 04:43 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2012-02-22 12:21 . 2011-02-23 05:15 90624 ----a-w- c:\windows\system32\drivers\bowser.sys
2012-02-22 12:21 . 2011-11-19 15:07 77312 ----a-w- c:\windows\system32\packager.dll
2012-02-22 12:21 . 2011-11-19 14:06 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-02-22 09:46 . 2012-02-22 09:46 -------- d-----w- c:\users\Tony\AppData\Roaming\Malwarebytes
2012-02-22 09:46 . 2012-02-22 09:46 -------- d-----w- c:\programdata\Malwarebytes
2012-02-21 10:13 . 2012-02-21 10:15 -------- d-----w- c:\users\Tony\AppData\Local\Google
2012-02-21 10:12 . 2012-02-21 10:12 -------- d-----w- c:\users\Tony\AppData\Local\Apps
2012-02-21 10:12 . 2012-02-21 10:13 -------- d-----w- c:\users\Tony\AppData\Local\Deployment
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 09:52 . 2011-11-30 12:50 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-08 07:13 . 2012-02-27 02:58 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2352196C-CFB8-40D5-85D7-3B43E89EBE6A}\mpengine.dll
2012-01-29 05:10 . 2010-05-03 13:22 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-07-14 . E68AE3533936A9F321BBB39EDFAC7972 . 857600 . . [6.1.7600.16385] .. c:\windows\SysWOW64\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{C8748F11-F4AD-47AF-AB50-C7DF5792096B}]
2009-11-25 11:47 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\MESSEN~1\YahooMessenger.exe" [2010-04-29 5248312]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2010-09-27 328056]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"VivoxHDN"="c:\users\Tony\AppData\Local\Vivox\HDN\Current\Vivox.HDN.Up.exe" [2012-02-22 8507752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-11 98304]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-11-01 1100368]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"DataCardMonitor"="c:\program files (x86)\Virgin Mobile\Broadband Home\DataCardMonitor.exe" [2008-07-21 253952]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"ServiceManager.exe"="c:\program files (x86)\Virgin Media\Service Manager\ServiceManager.exe" [2011-03-25 4371768]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\users\Tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Banshee Screamer Alarm.lnk - c:\program files (x86)\Banshee Screamer Alarm\alarm.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\WI3C8A~1\Datamngr\datamngr.dll c:\progra~2\WI3C8A~1\Datamngr\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x]
R3 NMgamingmsFltr;USB Optical Mouse;c:\windows\system32\drivers\NMgamingms.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2009-05-14 731840]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 ServicepointService;ServicepointService;c:\program files (x86)\Virgin Media\Service Manager\ServicepointService.exe [2011-03-25 689464]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-09-30 2320920]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3560637341-1125862931-88969083-1000Core.job
- c:\users\Tony\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-21 10:13]
.
2012-02-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3560637341-1125862931-88969083-1000UA.job
- c:\users\Tony\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-21 10:13]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}]
2011-03-24 12:30 1058712 ----a-w- c:\progra~2\WI3C8A~1\Datamngr\x64\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-28 8312352]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-07-22 323072]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2692520]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\progra~2\WI3C8A~1\Datamngr\x64\datamngr.dll c:\progra~2\WI3C8A~1\Datamngr\x64\IEBHO.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.ro/
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchURL,(Default) = hxxp://www.google.ro
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\egqogi9n.default\
FF - prefs.js: browser.startup.homepage - google.com
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
Wow6432Node-HKLM-Run-Computer Alarm Clock - c:\program files (x86)\Computer Alarm Clock\cac.exe
Wow6432Node-HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows\SysWow64\Macromed\Flash\FlashUtil10e.exe
Toolbar-10 - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{99079A25-328F-4BD4-BE04-00955ACAA0A7}"=hex:51,66,7a,6c,4c,1d,38,12,4b,99,14,
9d,bd,7c,ba,0e,c1,12,43,d5,5f,94,e4,b3
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}"=hex:51,66,7a,6c,4c,1d,38,12,ab,c5,1e,
a0,e2,37,c6,09,de,93,cc,b9,8c,f1,55,01
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:d2,3e,15,89,73,f0,cc,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1c,d7,c4,63,89,15,0f,43,be,fd,5d,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1c,d7,c4,63,89,15,0f,43,be,fd,5d,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files (x86)\Internet Explorer\iexplore.exe
c:\program files (x86)\Internet Explorer\iexplore.exe
c:\program files (x86)\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 2012-02-28 10:28:41 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-28 10:28
.
Pre-Run: 7,787,196,416 bytes free
Post-Run: 50,705,362,944 bytes free
.
- - End Of File - - 446E2EE0003E07F325258BA95AFD8B89

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:04 PM

Posted 02 March 2012 - 02:01 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:04 PM

Posted 05 March 2012 - 01:45 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 tony egri

tony egri
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:04 AM

Posted 07 March 2012 - 04:46 AM

Sorry for the delay
here is the dds report:


DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Run by Tony at 9:34:31 on 2012-03-07
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2996.1816 [GMT 0:00]
.
AV: ESET NOD32 Antivirus 4.0 *Enabled/Outdated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Enabled/Outdated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Virgin Media\Service Manager\ServicepointService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\SysWoW64\svchost.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Users\Tony\AppData\Local\Vivox\HDN\Current\Vivox.HDN.Up.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Virgin Mobile\Broadband Home\DataCardMonitor.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Virgin Media\Service Manager\ServiceManager.exe
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Tony\AppData\Local\Vivox\VVS\Current\VivoxVoiceService.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\werfault.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ro/
uSearchURL,(Default) = hxxp://www.google.ro
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Bobsled by T-Mobile: {c8748f11-f4ad-47af-ab50-c7df5792096b} - mscoree.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
uRun: [VivoxHDN] "C:\Users\Tony\AppData\Local\Vivox\HDN\Current\Vivox.HDN.Up.exe" /d
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [DataCardMonitor] C:\Program Files (x86)\Virgin Mobile\Broadband Home\DataCardMonitor.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [ServiceManager.exe] "C:\Program Files (x86)\Virgin Media\Service Manager\ServiceManager.exe" /AUTORUN
mRun: [DATAMNGR] C:\PROGRA~2\WI3C8A~1\Datamngr\DATAMN~1.EXE
StartupFolder: C:\Users\Tony\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\BANSHE~1.LNK - C:\Program Files (x86)\Banshee Screamer Alarm\alarm.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{30BDE3FA-D3F3-427E-BB10-FFB5EE4E4515} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{30BDE3FA-D3F3-427E-BB10-FFB5EE4E4515}\14C65687 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{30BDE3FA-D3F3-427E-BB10-FFB5EE4E4515}\244584F6D656845726D233936424 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{30BDE3FA-D3F3-427E-BB10-FFB5EE4E4515}\2456C6B696E6F5E4F575962756C6563737F5541413147313 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{30BDE3FA-D3F3-427E-BB10-FFB5EE4E4515}\350756564645F6573686035424546313 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{30BDE3FA-D3F3-427E-BB10-FFB5EE4E4515}\4586F6D637F6E6132433637363 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{30BDE3FA-D3F3-427E-BB10-FFB5EE4E4515}\C456679672370284F6D65602E4564777F627B6 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{562FBE57-0AFB-4BCF-AA01-5D7914EE3943} : DhcpNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
AppInit_DLLs: c:\PROGRA~2\WI3C8A~1\Datamngr\datamngr.dll c:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Bobsled by T-Mobile: {C8748F11-F4AD-47AF-AB50-C7DF5792096B} - mscoree.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [DataCardMonitor] C:\Program Files (x86)\Virgin Mobile\Broadband Home\DataCardMonitor.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [ServiceManager.exe] "C:\Program Files (x86)\Virgin Media\Service Manager\ServiceManager.exe" /AUTORUN
mRun-x64: [DATAMNGR] C:\PROGRA~2\WI3C8A~1\Datamngr\DATAMN~1.EXE
AppInit_DLLs-X64: c:\PROGRA~2\WI3C8A~1\Datamngr\datamngr.dll c:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\egqogi9n.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Virgin Media\Service Manager\nprpspa.dll
FF - plugin: C:\Users\Tony\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Users\Tony\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
FF - plugin: C:\Windows\system32\TVUAx\npTVUAx.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2009-5-14 731840]
R2 epfwwfpr;epfwwfpr;C:\Windows\system32\DRIVERS\epfwwfpr.sys --> C:\Windows\system32\DRIVERS\epfwwfpr.sys [?]
R2 ServicepointService;ServicepointService;C:\Program Files (x86)\Virgin Media\Service Manager\ServicepointService.exe [2011-5-14 689464]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.EXE [2010-5-3 2320920]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\system32\Drivers\ssadadb.sys --> C:\Windows\system32\Drivers\ssadadb.sys [?]
S3 NMgamingmsFltr;USB Optical Mouse;C:\Windows\system32\drivers\NMgamingms.sys --> C:\Windows\system32\drivers\NMgamingms.sys [?]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys --> C:\Windows\system32\DRIVERS\ssadbus.sys [?]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys --> C:\Windows\system32\DRIVERS\ssadmdfl.sys [?]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys --> C:\Windows\system32\DRIVERS\ssadmdm.sys [?]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\system32\DRIVERS\ssadserd.sys --> C:\Windows\system32\DRIVERS\ssadserd.sys [?]
S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-2 126352]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-03-07 02:37:53 8643640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B00F93D4-639C-4106-8F6B-BF652725105D}\mpengine.dll
2012-02-28 22:20:26 -------- d-sh--w- C:\$RECYCLE.BIN
2012-02-28 10:00:02 98816 ----a-w- C:\Windows\sed.exe
2012-02-28 10:00:02 518144 ----a-w- C:\Windows\SWREG.exe
2012-02-28 10:00:02 256000 ----a-w- C:\Windows\PEV.exe
2012-02-28 10:00:02 208896 ----a-w- C:\Windows\MBR.exe
2012-02-24 10:16:01 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-02-22 13:55:53 367104 ----a-w- C:\Windows\System32\wcncsvc.dll
2012-02-22 13:55:53 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll
2012-02-22 13:26:00 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2012-02-22 12:31:58 3138048 ----a-w- C:\Windows\System32\mstscax.dll
2012-02-22 12:30:46 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe
2012-02-22 12:29:59 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
2012-02-22 12:28:59 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
2012-02-22 12:26:47 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
2012-02-22 12:26:47 31232 ----a-w- C:\Windows\System32\prevhost.exe
2012-02-22 12:26:46 1739160 ----a-w- C:\Windows\System32\ntdll.dll
2012-02-22 12:26:45 1292592 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-02-22 12:26:43 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2012-02-22 12:26:42 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2012-02-22 12:25:44 5507968 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-02-22 12:25:41 3957120 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-02-22 12:25:41 3902336 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-02-22 12:25:39 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2012-02-22 12:23:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-02-22 12:23:49 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-02-22 12:21:24 723456 ----a-w- C:\Windows\System32\EncDec.dll
2012-02-22 12:21:23 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2012-02-22 12:21:21 861184 ----a-w- C:\Windows\System32\oleaut32.dll
2012-02-22 12:21:21 331776 ----a-w- C:\Windows\System32\oleacc.dll
2012-02-22 12:21:20 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2012-02-22 12:21:20 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2012-02-22 12:21:08 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2012-02-22 12:21:07 77312 ----a-w- C:\Windows\System32\packager.dll
2012-02-22 12:21:07 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-02-22 09:46:39 -------- d-----w- C:\Users\Tony\AppData\Roaming\Malwarebytes
2012-02-22 09:46:15 -------- d-----w- C:\ProgramData\Malwarebytes
2012-02-21 22:04:03 134104 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
2012-02-21 22:04:01 834840 ----a-w- C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
2012-02-21 10:13:07 -------- d-----w- C:\Users\Tony\AppData\Local\Google
2012-02-21 10:12:09 -------- d-----w- C:\Users\Tony\AppData\Local\Apps
2012-02-21 10:12:08 -------- d-----w- C:\Users\Tony\AppData\Local\Deployment
.
==================== Find3M ====================
.
2012-02-23 09:52:34 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-23 09:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-01-14 04:02:25 3143168 ----a-w- C:\Windows\System32\win32k.sys
2012-01-04 09:58:13 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-01-04 09:03:07 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2012-01-03 06:24:52 515584 ----a-w- C:\Windows\System32\timedate.cpl
2012-01-03 05:44:24 478208 ----a-w- C:\Windows\SysWow64\timedate.cpl
2011-12-28 03:59:11 499200 ----a-w- C:\Windows\System32\drivers\afd.sys
2011-12-16 08:42:13 634368 ----a-w- C:\Windows\System32\msvcrt.dll
2011-12-16 07:59:17 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2011-12-14 07:11:03 2308096 ----a-w- C:\Windows\System32\jscript9.dll
2011-12-14 07:04:30 1390080 ----a-w- C:\Windows\System32\wininet.dll
2011-12-14 07:03:38 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-12-14 06:57:28 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-12-14 03:04:54 1798656 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-12-14 02:57:18 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-12-14 02:56:58 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-12-14 02:50:04 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 9:38:27.49 ===============

I had no problems running the programs

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:04 PM

Posted 07 March 2012 - 09:17 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 tony egri

tony egri
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:04 AM

Posted 07 March 2012 - 06:42 PM

ComboFix 12-03-07.05 - Tony 03/07/2012 23:15:00.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2996.1748 [GMT 0:00]
Running from: c:\users\Tony\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\becibaa.tmp
c:\programdata\wrekbaa.tmp
c:\programdata\zcxjbaa.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-02-07 to 2012-03-07 )))))))))))))))))))))))))))))))
.
.
2012-03-07 23:25 . 2012-03-07 23:25 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-03-07 23:25 . 2012-03-07 23:25 -------- d-----w- c:\users\Mcx1-TONY-PC\AppData\Local\temp
2012-03-07 23:25 . 2012-03-07 23:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-24 10:16 . 2012-03-07 23:05 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-02-22 13:55 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll
2012-02-22 13:55 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll
2012-02-22 13:26 . 2012-02-22 13:26 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-02-22 12:31 . 2010-12-18 06:12 3138048 ----a-w- c:\windows\system32\mstscax.dll
2012-02-22 12:30 . 2011-02-12 06:14 267776 ----a-w- c:\windows\system32\FXSCOVER.exe
2012-02-22 12:29 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2012-02-22 12:28 . 2011-03-11 05:40 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll
2012-02-22 12:26 . 2011-02-18 06:33 31232 ----a-w- c:\windows\system32\prevhost.exe
2012-02-22 12:26 . 2011-02-18 05:33 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
2012-02-22 12:26 . 2011-11-17 07:14 1739160 ----a-w- c:\windows\system32\ntdll.dll
2012-02-22 12:26 . 2011-11-17 05:41 1292592 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-02-22 12:26 . 2011-02-24 06:30 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2012-02-22 12:26 . 2011-02-24 05:32 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2012-02-22 12:25 . 2011-06-23 05:29 5507968 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-02-22 12:25 . 2011-06-23 04:38 3957120 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-02-22 12:25 . 2011-06-23 04:38 3902336 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-02-22 12:25 . 2011-04-22 20:18 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2012-02-22 12:23 . 2011-11-05 05:17 2048 ----a-w- c:\windows\system32\tzres.dll
2012-02-22 12:23 . 2011-11-05 04:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-02-22 12:21 . 2011-10-15 06:25 723456 ----a-w- c:\windows\system32\EncDec.dll
2012-02-22 12:21 . 2011-10-15 05:48 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2012-02-22 12:21 . 2011-08-27 05:40 861184 ----a-w- c:\windows\system32\oleaut32.dll
2012-02-22 12:21 . 2011-08-27 05:40 331776 ----a-w- c:\windows\system32\oleacc.dll
2012-02-22 12:21 . 2011-08-27 04:43 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2012-02-22 12:21 . 2011-08-27 04:43 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2012-02-22 12:21 . 2011-02-23 05:15 90624 ----a-w- c:\windows\system32\drivers\bowser.sys
2012-02-22 12:21 . 2011-11-19 15:07 77312 ----a-w- c:\windows\system32\packager.dll
2012-02-22 12:21 . 2011-11-19 14:06 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-02-22 09:46 . 2012-02-22 09:46 -------- d-----w- c:\users\Tony\AppData\Roaming\Malwarebytes
2012-02-22 09:46 . 2012-02-22 09:46 -------- d-----w- c:\programdata\Malwarebytes
2012-02-21 10:13 . 2012-02-21 10:15 -------- d-----w- c:\users\Tony\AppData\Local\Google
2012-02-21 10:12 . 2012-02-21 10:12 -------- d-----w- c:\users\Tony\AppData\Local\Apps
2012-02-21 10:12 . 2012-02-21 10:13 -------- d-----w- c:\users\Tony\AppData\Local\Deployment
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 09:52 . 2011-11-30 12:50 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-23 09:18 . 2010-05-03 13:22 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-08 07:13 . 2012-03-07 02:37 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B00F93D4-639C-4106-8F6B-BF652725105D}\mpengine.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-07-14 . E68AE3533936A9F321BBB39EDFAC7972 . 857600 . . [6.1.7600.16385] .. c:\windows\SysWOW64\user32.dll
[7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
.
((((((((((((((((((((((((((((( SnapShot@2012-02-28_10.20.55 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-07 23:30 . 2012-03-07 23:30 32768 c:\windows\temp\Temporary Internet Files\Content.IE5\index.dat
+ 2012-03-07 23:30 . 2012-03-07 23:30 32768 c:\windows\temp\History\History.IE5\index.dat
+ 2012-03-07 23:30 . 2012-03-07 23:30 16384 c:\windows\temp\Cookies\index.dat
+ 2012-03-07 09:46 . 2012-03-07 09:46 26112 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{64BE8249-683A-11E1-B0FD-00262D9A1E92}.dat
+ 2012-03-07 10:05 . 2012-03-07 10:05 12800 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{FFF4362B-683C-11E1-B0FD-00262D9A1E92}.dat
+ 2012-02-29 12:07 . 2012-02-29 12:12 38400 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{FFBC32F0-62CD-11E1-BDBC-00262D9A1E92}.dat
+ 2012-03-07 10:55 . 2012-03-07 10:55 11776 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{FE9C51C3-6843-11E1-B0FD-00262D9A1E92}.dat
+ 2012-02-28 10:43 . 2012-02-28 10:43 27648 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{FE3B4D53-61F8-11E1-B06B-00262D9A1E92}.dat
+ 2012-03-01 10:12 . 2012-03-01 10:19 47616 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{FDA439FE-6386-11E1-A416-00262D9A1E92}.dat
+ 2012-02-29 11:46 . 2012-02-29 11:46 14336 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{FA6BB9FA-62CA-11E1-BDBC-00262D9A1E92}.dat
+ 2012-03-07 11:23 . 2012-03-07 11:23 12288 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F6FCF769-6847-11E1-B0FD-00262D9A1E92}.dat
+ 2012-02-28 10:42 . 2012-02-28 10:43 27648 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F6648100-61F8-11E1-B06B-00262D9A1E92}.dat
+ 2012-03-07 10:33 . 2012-03-07 10:33 15360 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F50C225C-6840-11E1-B0FD-00262D9A1E92}.dat
+ 2012-02-29 18:05 . 2012-02-29 18:05 12288 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F396B1D5-62FF-11E1-A416-00262D9A1E92}.dat
+ 2012-02-28 11:18 . 2012-02-28 11:18 17920 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F35540CD-61FD-11E1-B06B-00262D9A1E92}.dat
+ 2012-02-29 11:46 . 2012-02-29 11:48 20480 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F3415CCE-62CA-11E1-BDBC-00262D9A1E92}.dat
+ 2012-02-29 11:10 . 2012-02-29 11:11 17920 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F2ED780C-62C5-11E1-BDBC-00262D9A1E92}.dat
+ 2012-03-01 14:50 . 2012-03-01 14:51 12288 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F2A1E458-63AD-11E1-A416-00262D9A1E92}.dat
+ 2012-02-28 10:28 . 2012-02-28 10:33 30720 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F18A4E32-61F6-11E1-B06B-00262D9A1E92}.dat
+ 2012-03-07 12:13 . 2012-03-07 12:13 23040 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F0E08607-684E-11E1-B0FD-00262D9A1E92}.dat
+ 2012-02-29 01:15 . 2012-02-29 01:16 13312 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{EF8A84D9-6272-11E1-BDBC-00262D9A1E92}.dat
+ 2012-02-28 10:42 . 2012-02-28 10:43 34816 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{ED35C0C7-61F8-11E1-B06B-00262D9A1E92}.dat
+ 2012-02-28 10:42 . 2012-02-28 10:43 34304 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{ED35C0C5-61F8-11E1-B06B-00262D9A1E92}.dat
+ 2012-02-29 18:12 . 2012-02-29 18:12 11264 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{ED1E720F-6300-11E1-A416-00262D9A1E92}.dat
+ 2012-03-01 09:57 . 2012-03-01 10:00 12800 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E92EB3E5-6384-11E1-A416-00262D9A1E92}.dat
+ 2012-03-01 16:02 . 2012-03-01 16:02 12800 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E82A8245-63B7-11E1-A416-00262D9A1E92}.dat
+ 2012-03-01 10:32 . 2012-03-01 10:39 77312 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E4182A6A-6389-11E1-A416-00262D9A1E92}.dat
+ 2012-02-28 10:42 . 2012-02-28 10:43 34816 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E1F0C2E6-61F8-11E1-B06B-00262D9A1E92}.dat
+ 2012-03-01 16:09 . 2012-03-01 16:09 11776 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E14C9222-63B8-11E1-A416-00262D9A1E92}.dat
+ 2012-03-01 18:53 . 2012-03-01 18:56 12800 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DFC231CF-63CF-11E1-A416-00262D9A1E92}.dat
+ 2012-03-07 09:42 . 2012-03-07 09:42 22528 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DF24D55A-6839-11E1-B0FD-00262D9A1E92}.dat
+ 2012-03-07 09:49 . 2012-03-07 09:53 12800 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DED74192-683A-11E1-B0FD-00262D9A1E92}.dat
+ 2012-02-28 22:30 . 2012-02-28 22:35 17408 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DD997A51-625B-11E1-BDBC-00262D9A1E92}.dat
+ 2012-03-07 12:12 . 2012-03-07 12:13 26112 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DD56DD3E-684E-11E1-B0FD-00262D9A1E92}.dat
+ 2012-02-29 14:08 . 2012-02-29 14:08 17920 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DB97C6C7-62DE-11E1-BDBC-00262D9A1E92}.dat
+ 2012-02-29 14:08 . 2012-02-29 14:08 93696 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DB97C6C5-62DE-11E1-BDBC-00262D9A1E92}.dat
+ 2012-02-28 10:49 . 2012-02-28 10:54 12288 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DB2AEEFD-61F9-11E1-B06B-00262D9A1E92}.dat
+ 2012-02-29 17:57 . 2012-02-29 18:02 11264 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DAFC3061-62FE-11E1-A416-00262D9A1E92}.dat
+ 2012-03-07 10:18 . 2012-03-07 10:18 22016 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DA28C994-683E-11E1-B0FD-00262D9A1E92}.dat
+ 2012-03-07 10:18 . 2012-03-07 10:18 17408 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DA28C993-683E-11E1-B0FD-00262D9A1E92}.dat
+ 2012-03-07 10:18 . 2012-03-07 10:18 14336 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DA28C992-683E-11E1-B0FD-00262D9A1E92}.dat
+ 2012-03-07 10:18 . 2012-03-07 10:18 13312 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DA28C991-683E-11E1-B0FD-00262D9A1E92}.dat
+ 2012-03-07 10:18 . 2012-03-07 10:18 13312 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DA28C990-683E-11E1-B0FD-00262D9A1E92}.dat
+ 2012-03-07 10:18 . 2012-03-07 10:18 13312 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DA28C98F-683E-11E1-B0FD-00262D9A1E92}.dat
+ 2012-03-07 10:18 . 2012-03-07 10:18 23040 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DA28C98E-683E-11E1-B0FD-00262D9A1E92}.dat
+ 2012-03-07 10:18 . 2012-03-07 10:18 67584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DA28C98C-683E-11E1-B0FD-00262D9A1E92}.dat
+ 2012-03-07 09:49 . 2012-03-07 09:53 22528 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D99EF7AE-683A-11E1-B0FD-00262D9A1E92}.dat
+ 2012-03-07 09:49 . 2012-03-07 09:53 26112 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D99EF7AC-683A-11E1-B0FD-00262D9A1E92}.dat
+ 2012-03-07 09:56 . 2012-03-07 09:59 44032 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D6949531-683B-11E1-B0FD-00262D9A1E92}.dat
+ 2012-02-28 22:30 . 2012-02-28 22:35 17408 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D5D15435-625B-11E1-BDBC-00262D9A1E92}.dat
+ 2012-02-29 11:02 . 2012-02-29 11:04 20480 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D578FEE9-62C4-11E1-BDBC-00262D9A1E92}.dat
+ 2012-03-07 23:04 . 2012-03-07 23:04 14848 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D346429B-68A9-11E1-9136-00262D9A1E92}.dat
+ 2012-02-29 14:08 . 2012-02-29 14:08 46080 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C8827BC5-62DE-11E1-BDBC-00262D9A1E92}.dat
+ 2012-02-29 14:08 . 2012-02-29 14:08 47616 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C8827BC3-62DE-11E1-BDBC-00262D9A1E92}.dat
+ 2012-02-29 14:07 . 2012-02-29 14:08 47616 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C8827BC2-62DE-11E1-BDBC-00262D9A1E92}.dat
+ 2012-03-07 09:56 . 2012-03-07 09:59 37888 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C81CB86D-683B-11E1-B0FD-00262D9A1E92}.dat
+ 2012-02-28 21:33 . 2012-02-28 21:33 18944 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C81C7EFE-6253-11E1-B06B-00262D9A1E92}.dat
+ 2012-03-07 10:03 . 2012-03-07 10:06 11264 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C80927BD-683C-11E1-B0FD-00262D9A1E92}.dat
+ 2012-03-02 01:33 . 2012-03-02 01:39 14336 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C625B593-6407-11E1-A416-00262D9A1E92}.dat
+ 2012-03-01 14:35 . 2012-03-01 14:42 12800 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C44A7224-63AB-11E1-A416-00262D9A1E92}.dat
+ 2012-02-28 10:27 . 2012-02-28 10:28 11776 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C40A36ED-61F6-11E1-B06B-00262D9A1E92}.dat
+ 2012-03-07 11:07 . 2012-03-07 11:10 10752 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C35880D1-6845-11E1-B0FD-00262D9A1E92}.dat
+ 2012-03-07 10:53 . 2012-03-07 11:00 28160 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C338D02B-6843-11E1-B0FD-00262D9A1E92}.dat
+ 2012-03-07 12:12 . 2012-03-07 12:13 13824 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{BFF623CC-684E-11E1-B0FD-00262D9A1E92}.dat
+ 2012-02-28 10:41 . 2012-02-28 10:43 34304 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{BF92A693-61F8-11E1-B06B-00262D9A1E92}.dat
+ 2012-03-01 00:08 . 2012-03-01 00:14 38400 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{BD05FA11-6332-11E1-A416-00262D9A1E92}.dat
+ 2012-02-29 20:48 . 2012-02-29 20:55 99840 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{BB95F8B0-6316-11E1-A416-00262D9A1E92}.dat
+ 2012-03-07 10:24 . 2012-03-07 10:24 54784 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B55DD8DD-683F-11E1-B0FD-00262D9A1E92}.dat
+ 2012-02-28 22:58 . 2012-02-28 22:58 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B4CDF86F-625F-11E1-BDBC-00262D9A1E92}.dat
+ 2012-03-07 23:03 . 2012-03-07 23:03 55296 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B43784C1-68A9-11E1-9136-00262D9A1E92}.dat
+ 2012-03-07 23:03 . 2012-03-07 23:03 54784 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B43784C0-68A9-11E1-9136-00262D9A1E92}.dat
+ 2012-02-28 10:40 . 2012-02-28 10:43 34304 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B2AE98A1-61F8-11E1-B06B-00262D9A1E92}.dat
+ 2012-02-28 22:29 . 2012-02-28 22:35 34816 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{AFFFFD38-625B-11E1-BDBC-00262D9A1E92}.dat
+ 2012-03-01 17:40 . 2012-03-01 17:47 36352 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{AE59512F-63C5-11E1-A416-00262D9A1E92}.dat
+ 2012-03-07 10:24 . 2012-03-07 10:24 11776 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{ADB98393-683F-11E1-B0FD-00262D9A1E92}.dat
+ 2012-03-02 00:43 . 2012-03-02 00:50 17408 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{AC2FD7FC-6400-11E1-A416-00262D9A1E92}.dat
+ 2012-02-28 10:40 . 2012-02-28 10:43 34816 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A982BEA0-61F8-11E1-B06B-00262D9A1E92}.dat
+ 2012-03-07 09:55 . 2012-03-07 09:59 64000 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A8F6FF6D-683B-11E1-B0FD-00262D9A1E92}.dat
+ 2012-02-29 12:19 . 2012-02-29 12:25 53248 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A773D3A8-62CF-11E1-BDBC-00262D9A1E92}.dat
+ 2012-03-07 23:09 . 2012-03-07 23:11 12800 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A021A778-68AA-11E1-9615-00262D9A1E92}.dat
+ 2012-02-28 22:57 . 2012-02-28 22:58 34304 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9F281E79-625F-11E1-BDBC-00262D9A1E92}.dat
+ 2012-03-07 11:20 . 2012-03-07 11:26 51712 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9AD5877B-6847-11E1-B0FD-00262D9A1E92}.dat
+ 2012-03-07 11:20 . 2012-03-07 11:26 84992 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9AD5877A-6847-11E1-B0FD-00262D9A1E92}.dat
+ 2012-02-29 01:13 . 2012-02-29 01:13 65024 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{971618A9-6272-11E1-BDBC-00262D9A1E92}.dat
+ 2012-02-28 10:40 . 2012-02-28 10:43 34816 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9591EE12-61F8-11E1-B06B-00262D9A1E92}.dat
+ 2012-02-29 05:59 . 2012-02-29 06:06 31232 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{94ECF8FF-629A-11E1-BDBC-00262D9A1E92}.dat
+ 2012-03-07 23:02 . 2012-03-07 23:02 15360 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{93EE467A-68A9-11E1-9136-00262D9A1E92}.dat
+ 2012-03-01 02:59 . 2012-03-01 03:03 72704 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{929DC33B-634A-11E1-A416-00262D9A1E92}.dat
+ 2012-02-29 18:52 . 2012-02-29 18:59 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{925582B7-6306-11E1-A416-00262D9A1E92}.dat
+ 2012-02-28 11:30 . 2012-02-28 11:30 17920 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{91083085-61FF-11E1-B06B-00262D9A1E92}.dat
+ 2012-02-28 21:52 . 2012-02-28 21:53 44032 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8FB74148-6256-11E1-B06B-00262D9A1E92}.dat
+ 2012-02-28 21:52 . 2012-02-28 21:53 11264 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8FB74146-6256-11E1-B06B-00262D9A1E92}.dat
+ 2012-02-29 16:43 . 2012-02-29 16:44 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8DF47C98-62F4-11E1-A416-00262D9A1E92}.dat
+ 2012-03-07 10:30 . 2012-03-07 10:35 24064 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{897BC4EF-6840-11E1-B0FD-00262D9A1E92}.dat
+ 2012-02-28 10:32 . 2012-02-28 10:33 27648 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{88BB7B49-61F7-11E1-B06B-00262D9A1E92}.dat
+ 2012-02-28 10:32 . 2012-02-28 10:33 30720 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{88BB7B48-61F7-11E1-B06B-00262D9A1E92}.dat
+ 2012-02-28 11:08 . 2012-02-28 11:08 88064 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{87078A68-61FC-11E1-B06B-00262D9A1E92}.dat
+ 2012-02-28 10:25 . 2012-02-28 10:25 16896 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{83F01748-61F6-11E1-B06B-00262D9A1E92}.dat
+ 2012-02-28 10:46 . 2012-02-28 10:50 29184 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{83ACCD48-61F9-11E1-B06B-00262D9A1E92}.dat
+ 2012-02-29 18:30 . 2012-02-29 18:32 19968 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{807C795A-6303-11E1-A416-00262D9A1E92}.dat
+ 2012-02-29 14:05 . 2012-02-29 14:08 10240 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7E70335B-62DE-11E1-BDBC-00262D9A1E92}.dat
+ 2012-02-28 11:00 . 2012-02-28 11:06 14848 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7DF1FE41-61FB-11E1-B06B-00262D9A1E92}.dat
+ 2012-03-01 17:46 . 2012-03-01 17:46 16896 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7B7F9468-63C6-11E1-A416-00262D9A1E92}.dat
+ 2012-03-07 11:48 . 2012-03-07 11:50 51200 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{75F7C941-684B-11E1-B0FD-00262D9A1E92}.dat
+ 2012-02-29 16:43 . 2012-02-29 16:44 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7540BAEF-62F4-11E1-A416-00262D9A1E92}.dat
+ 2012-03-01 09:53 . 2012-03-01 10:00 29696 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{74B18232-6384-11E1-A416-00262D9A1E92}.dat
+ 2012-02-28 10:39 . 2012-02-28 10:43 34816 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7224A7B7-61F8-11E1-B06B-00262D9A1E92}.dat
+ 2012-02-28 10:39 . 2012-02-28 10:43 34304 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7224A7B5-61F8-11E1-B06B-00262D9A1E92}.dat
+ 2012-03-07 11:19 . 2012-03-07 11:25 27136 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{71610B7B-6847-11E1-B0FD-00262D9A1E92}.dat
+ 2012-02-28 11:22 . 2012-02-28 11:24 19968 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6F37DDBB-61FE-11E1-B06B-00262D9A1E92}.dat
+ 2012-03-07 12:16 . 2012-03-07 12:17 11776 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6DC9733F-684F-11E1-B0FD-00262D9A1E92}.dat
+ 2012-02-29 10:59 . 2012-02-29 11:04 34304 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6DA82887-62C4-11E1-BDBC-00262D9A1E92}.dat
+ 2012-02-28 10:31 . 2012-02-28 10:33 34304 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6D34B8EA-61F7-11E1-B06B-00262D9A1E92}.dat
+ 2012-02-29 00:00 . 2012-02-29 00:05 35840 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6CA5C5B3-6268-11E1-BDBC-00262D9A1E92}.dat
+ 2012-02-29 01:26 . 2012-02-29 01:27 10752 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6B34F391-6274-11E1-BDBC-00262D9A1E92}.dat
+ 2012-03-01 18:14 . 2012-03-01 18:18 37376 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{69EBB5ED-63CA-11E1-A416-00262D9A1E92}.dat
+ 2012-03-07 10:36 . 2012-03-07 10:37 17408 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{69C7485C-6841-11E1-B0FD-00262D9A1E92}.dat
+ 2012-03-01 10:15 . 2012-03-01 10:19 15360 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{697AA223-6387-11E1-A416-00262D9A1E92}.dat
+ 2012-03-07 23:01 . 2012-03-07 23:01 11264 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{682D39CD-68A9-11E1-9136-00262D9A1E92}.dat
+ 2012-02-29 11:42 . 2012-02-29 11:42 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{679A054B-62CA-11E1-BDBC-00262D9A1E92}.dat
+ 2012-03-07 10:00 . 2012-03-07 10:06 11264 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{64F2CE80-683C-11E1-B0FD-00262D9A1E92}.dat
+ 2012-03-07 11:26 . 2012-03-07 11:26 13312 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{60374E2A-6848-11E1-B0FD-00262D9A1E92}.dat
+ 2012-03-07 12:16 . 2012-03-07 12:16 11776 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5E776972-684F-11E1-B0FD-00262D9A1E92}.dat
+ 2012-02-28 10:31 . 2012-02-28 10:33 34816 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5DE096D0-61F7-11E1-B06B-00262D9A1E92}.dat
+ 2012-02-29 11:06 . 2012-02-29 11:11 10752 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5D900649-62C5-11E1-BDBC-00262D9A1E92}.dat
+ 2012-03-07 10:36 . 2012-03-07 10:37 14848 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5CA4D0F1-6841-11E1-B0FD-00262D9A1E92}.dat
+ 2012-03-07 10:36 . 2012-03-07 10:36 15360 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5CA4D0F0-6841-11E1-B0FD-00262D9A1E92}.dat
+ 2012-03-07 09:53 . 2012-03-07 09:53 70144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5C717FFF-683B-11E1-B0FD-00262D9A1E92}.dat
+ 2012-03-07 09:53 . 2012-03-07 09:53 25600 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5C717FFD-683B-11E1-B0FD-00262D9A1E92}.dat
+ 2012-02-29 19:19 . 2012-02-29 19:26 12800 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5B219B17-630A-11E1-A416-00262D9A1E92}.dat
+ 2012-03-01 02:36 . 2012-03-01 02:43 58368 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{58D19C97-6347-11E1-A416-00262D9A1E92}.dat
+ 2012-03-01 10:14 . 2012-03-01 10:19 15360 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{58474E29-6387-11E1-A416-00262D9A1E92}.dat
+ 2012-03-01 15:57 . 2012-03-01 16:02 11264 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{50B2078E-63B7-11E1-A416-00262D9A1E92}.dat
+ 2012-03-07 11:54 . 2012-03-07 11:58 48128 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{507DDBF1-684C-11E1-B0FD-00262D9A1E92}.dat
+ 2012-02-28 22:55 . 2012-02-28 22:58 33792 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4FED6F2E-625F-11E1-BDBC-00262D9A1E92}.dat
+ 2012-02-28 22:55 . 2012-02-28 22:58 19456 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4FED6F2D-625F-11E1-BDBC-00262D9A1E92}.dat
+ 2012-03-01 09:59 . 2012-03-01 10:00 12800 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4C694F2B-6385-11E1-A416-00262D9A1E92}.dat
+ 2012-03-01 09:59 . 2012-03-01 10:00 29184 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4C694F29-6385-11E1-A416-00262D9A1E92}.dat
+ 2012-02-28 11:13 . 2012-02-28 11:18 10752 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4B1B9685-61FD-11E1-B06B-00262D9A1E92}.dat
+ 2012-03-07 09:38 . 2012-03-07 09:45 94720 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4A1F3D08-6839-11E1-B0FD-00262D9A1E92}.dat
+ 2012-03-07 11:25 . 2012-03-07 11:26 31232 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{49DCC78F-6848-11E1-B0FD-00262D9A1E92}.dat
+ 2012-03-01 10:14 . 2012-03-01 10:19 15872 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{47D725FB-6387-11E1-A416-00262D9A1E92}.dat
+ 2012-03-01 11:04 . 2012-03-01 11:08 62976 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4711AA7F-638E-11E1-A416-00262D9A1E92}.dat
+ 2012-03-01 11:04 . 2012-03-01 11:08 10752 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4711AA7D-638E-11E1-A416-00262D9A1E92}.dat
+ 2012-02-29 11:41 . 2012-02-29 11:48 29696 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{45AF940D-62CA-11E1-BDBC-00262D9A1E92}.dat
+ 2012-03-07 11:40 . 2012-03-07 11:40 59904 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{453679D6-684A-11E1-B0FD-00262D9A1E92}.dat
+ 2012-02-29 01:11 . 2012-02-29 01:13 27136 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{44AAB6E6-6272-11E1-BDBC-00262D9A1E92}.dat
+ 2012-03-07 09:59 . 2012-03-07 10:06 50688 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3FF96857-683C-11E1-B0FD-00262D9A1E92}.dat
+ 2012-02-28 10:59 . 2012-02-28 11:06 22016 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3FE65D23-61FB-11E1-B06B-00262D9A1E92}.dat
+ 2012-02-29 11:48 . 2012-02-29 11:48 12288 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3F261DD9-62CB-11E1-BDBC-00262D9A1E92}.dat
+ 2012-02-28 11:20 . 2012-02-28 11:24 20480 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3E1553AD-61FE-11E1-B06B-00262D9A1E92}.dat
+ 2012-03-01 00:48 . 2012-03-01 00:53 29184 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3CB4696B-6338-11E1-A416-00262D9A1E92}.dat
+ 2012-03-07 11:54 . 2012-03-07 11:57 52224 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3B666162-684C-11E1-B0FD-00262D9A1E92}.dat
+ 2012-03-07 09:52 . 2012-03-07 09:53 21504 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{39F8D668-683B-11E1-B0FD-00262D9A1E92}.dat
+ 2012-02-29 14:54 . 2012-02-29 15:00 20480 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{39F5F5C0-62E5-11E1-BDBC-00262D9A1E92}.dat
+ 2012-03-01 10:35 . 2012-03-01 10:39 20992 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{39B3A25A-638A-11E1-A416-00262D9A1E92}.dat
+ 2012-03-07 12:15 . 2012-03-07 12:15 11776 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{39704336-684F-11E1-B0FD-00262D9A1E92}.dat
+ 2012-03-07 09:59 . 2012-03-07 09:59 36864 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{37A55D98-683C-11E1-B0FD-00262D9A1E92}.dat
+ 2012-03-07 09:59 . 2012-03-07 09:59 53248 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{37A55D96-683C-11E1-B0FD-00262D9A1E92}.dat
+ 2012-03-01 17:44 . 2012-03-01 17:44 15360 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{34E08AF0-63C6-11E1-A416-00262D9A1E92}.dat
+ 2012-02-29 17:38 . 2012-02-29 17:39 22016 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{33188948-62FC-11E1-A416-00262D9A1E92}.dat
+ 2012-02-29 17:38 . 2012-02-29 17:38 30720 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{33188946-62FC-11E1-A416-00262D9A1E92}.dat
+ 2012-02-29 16:05 . 2012-02-29 16:05 28672 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{32395947-62EF-11E1-BDBC-00262D9A1E92}.dat
+ 2012-02-29 16:05 . 2012-02-29 16:05 22528 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{32395945-62EF-11E1-BDBC-00262D9A1E92}.dat
+ 2012-02-29 16:05 . 2012-02-29 16:05 17408 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{32395943-62EF-11E1-BDBC-00262D9A1E92}.dat
+ 2012-02-29 18:28 . 2012-02-29 18:35 35328 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{31B32C59-6303-11E1-A416-00262D9A1E92}.dat
+ 2012-02-29 16:41 . 2012-02-29 16:44 23552 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3182E332-62F4-11E1-A416-00262D9A1E92}.dat
+ 2012-03-07 10:13 . 2012-03-07 10:17 12288 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{30B746A4-683E-11E1-B0FD-00262D9A1E92}.dat
+ 2012-02-29 11:47 . 2012-02-29 11:47 16896 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2FE5C78E-62CB-11E1-BDBC-00262D9A1E92}.dat
+ 2012-02-29 18:35 . 2012-02-29 18:42 57344 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2F29DE4D-6304-11E1-A416-00262D9A1E92}.dat
+ 2012-02-29 17:31 . 2012-02-29 17:31 16896 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2E9FD0A7-62FB-11E1-A416-00262D9A1E92}.dat
+ 2012-02-29 17:31 . 2012-02-29 17:31 25088 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2E9FD0A5-62FB-11E1-A416-00262D9A1E92}.dat
+ 2012-03-07 09:59 . 2012-03-07 09:59 19968 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2C39CC8D-683C-11E1-B0FD-00262D9A1E92}.dat
+ 2012-02-29 18:28 . 2012-02-29 18:30 15872 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2B6A43E4-6303-11E1-A416-00262D9A1E92}.dat
+ 2012-02-28 22:11 . 2012-02-28 22:11 11264 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{264C29AF-6259-11E1-B06B-00262D9A1E92}.dat
+ 2012-02-28 22:11 . 2012-02-28 22:11 18944 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{264C29AD-6259-11E1-B06B-00262D9A1E92}.dat
+ 2012-03-07 09:58 . 2012-03-07 09:59 19968 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{24F50EB7-683C-11E1-B0FD-00262D9A1E92}.dat
+ 2012-03-07 10:13 . 2012-03-07 10:13 41984 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1F9DD4FC-683E-11E1-B0FD-00262D9A1E92}.dat
+ 2012-03-07 10:13 . 2012-03-07 10:13 41984 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1F9DD4FA-683E-11E1-B0FD-00262D9A1E92}.dat
+ 2012-03-01 17:43 . 2012-03-01 17:47 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1E206339-63C6-11E1-A416-00262D9A1E92}.dat
+ 2012-03-01 00:47 . 2012-03-01 00:53 15360 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1D1A0B57-6338-11E1-A416-00262D9A1E92}.dat
+ 2012-02-28 11:12 . 2012-02-28 11:18 12800 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1CFCE1E5-61FD-11E1-B06B-00262D9A1E92}.dat
+ 2012-02-28 10:43 . 2012-02-28 10:50 39936 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1BAE568A-61F9-11E1-B06B-00262D9A1E92}.dat
+ 2012-03-01 02:06 . 2012-03-01 02:10 34816 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1BA358E9-6343-11E1-A416-00262D9A1E92}.dat
+ 2012-02-29 14:03 . 2012-02-29 14:08 10752 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1A3A5574-62DE-11E1-BDBC-00262D9A1E92}.dat
+ 2012-02-29 01:38 . 2012-02-29 01:39 35328 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{19F5AD58-6276-11E1-BDBC-00262D9A1E92}.dat
+ 2012-03-07 11:03 . 2012-03-07 11:10 92672 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{19CED204-6845-11E1-B0FD-00262D9A1E92}.dat
+ 2012-03-01 11:02 . 2012-03-01 11:08 38912 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1845C367-638E-11E1-A416-00262D9A1E92}.dat
+ 2012-02-28 22:53 . 2012-02-28 22:58 28672 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{13274B21-625F-11E1-BDBC-00262D9A1E92}.dat
+ 2012-03-07 12:14 . 2012-03-07 12:17 55296 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{13034630-684F-11E1-B0FD-00262D9A1E92}.dat
+ 2012-02-28 22:10 . 2012-02-28 22:12 17408 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1170807E-6259-11E1-B06B-00262D9A1E92}.dat
+ 2012-02-29 18:20 . 2012-02-29 18:27 55296 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{109DD142-6302-11E1-A416-00262D9A1E92}.dat
+ 2012-03-07 10:12 . 2012-03-07 10:13 11264 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0F1F88FB-683E-11E1-B0FD-00262D9A1E92}.dat
+ 2012-03-01 01:44 . 2012-03-01 01:44 72704 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0B794EA1-6340-11E1-A416-00262D9A1E92}.dat
+ 2012-03-01 01:44 . 2012-03-01 01:44 18432 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0B794EA0-6340-11E1-A416-00262D9A1E92}.dat
+ 2012-02-28 10:43 . 2012-02-28 10:43 43008 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0A1A6A97-61F9-11E1-B06B-00262D9A1E92}.dat
+ 2012-02-28 10:43 . 2012-02-28 10:43 43008 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0A1A6A95-61F9-11E1-B06B-00262D9A1E92}.dat
+ 2012-02-28 10:43 . 2012-02-28 10:43 14336 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0A1A6A93-61F9-11E1-B06B-00262D9A1E92}.dat
+ 2012-03-01 18:11 . 2012-03-01 18:18 31232 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{06438A32-63CA-11E1-A416-00262D9A1E92}.dat
+ 2012-02-28 10:29 . 2012-02-28 10:30 24576 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{03D1354A-61F7-11E1-B06B-00262D9A1E92}.dat
+ 2012-03-01 18:54 . 2012-03-01 19:00 60928 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{029D2112-63D0-11E1-A416-00262D9A1E92}.dat
+ 2012-03-07 09:58 . 2012-03-07 09:59 19968 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{01E0491E-683C-11E1-B0FD-00262D9A1E92}.dat
+ 2012-03-07 09:57 . 2012-03-07 09:59 29696 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{01E0491C-683C-11E1-B0FD-00262D9A1E92}.dat
+ 2012-02-29 22:37 . 2012-02-29 22:38 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{012FA839-6326-11E1-A416-00262D9A1E92}.dat
- 2012-02-21 08:57 . 2012-02-25 00:29 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2012-02-21 08:57 . 2012-03-07 23:00 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2010-05-03 12:42 . 2012-03-07 23:29 53994 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-03-07 23:29 33614 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-05-03 09:53 . 2012-03-07 23:29 11336 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3560637341-1125862931-88969083-1000_UserData.bin
+ 2009-07-14 04:46 . 2012-03-07 22:59 72456 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-03-07 09:46 . 2012-03-07 09:46 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\RecoveryStore.{64BE8248-683A-11E1-B0FD-00262D9A1E92}.dat
+ 2012-03-01 17:59 . 2012-03-07 23:31 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\RecoveryStore.{3C993AB6-63C8-11E1-A416-00262D9A1E92}.dat
+ 2012-03-07 23:31 . 2012-03-07 23:31 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{9A63A6C4-68AD-11E1-B582-00262D9A1E92}.dat
+ 2012-02-29 12:07 . 2012-02-29 12:12 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{FFBC32EF-62CD-11E1-BDBC-00262D9A1E92}.dat
+ 2012-03-01 21:24 . 2012-03-01 21:29 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{FEE51B69-63E4-11E1-A416-00262D9A1E92}.dat
+ 2012-03-07 11:52 . 2012-03-07 11:57 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{FE6D6CC8-684B-11E1-B0FD-00262D9A1E92}.dat
+ 2012-03-01 10:12 . 2012-03-01 10:19 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{FDA439FD-6386-11E1-A416-00262D9A1E92}.dat
+ 2012-02-29 18:27 . 2012-02-29 18:32 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{FD7C9D86-6302-11E1-A416-00262D9A1E92}.dat
+ 2012-02-29 14:02 . 2012-02-29 14:08 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F962BE36-62DD-11E1-BDBC-00262D9A1E92}.dat
+ 2012-03-07 10:11 . 2012-03-07 10:18 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F9047814-683D-11E1-B0FD-00262D9A1E92}.dat
+ 2012-02-28 11:11 . 2012-02-28 11:18 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F8809895-61FC-11E1-B06B-00262D9A1E92}.dat
+ 2012-02-28 21:48 . 2012-02-28 21:52 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F8584262-6255-11E1-B06B-00262D9A1E92}.dat
+ 2012-02-28 23:07 . 2012-02-28 23:07 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F69B1612-6260-11E1-BDBC-00262D9A1E92}.dat
+ 2012-02-29 05:26 . 2012-02-29 05:26 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F46E7561-6295-11E1-BDBC-00262D9A1E92}.dat
+ 2012-03-07 10:19 . 2012-03-07 10:24 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F4655636-683E-11E1-B0FD-00262D9A1E92}.dat
+ 2012-03-01 09:21 . 2012-03-01 09:27 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F43BF813-637F-11E1-A416-00262D9A1E92}.dat
+ 2012-03-01 16:02 . 2012-03-01 16:09 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F253ABBE-63B7-11E1-A416-00262D9A1E92}.dat
+ 2012-03-02 00:37 . 2012-03-02 00:41 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F035BCAC-63FF-11E1-A416-00262D9A1E92}.dat
+ 2012-03-01 15:26 . 2012-03-01 15:32 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{EBFE06AC-63B2-11E1-A416-00262D9A1E92}.dat
+ 2012-02-28 11:04 . 2012-02-28 11:08 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{EB440F7D-61FB-11E1-B06B-00262D9A1E92}.dat
+ 2012-03-07 10:18 . 2012-03-07 10:24 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E920526B-683E-11E1-B0FD-00262D9A1E92}.dat
+ 2012-02-28 22:59 . 2012-02-28 22:59 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E6DEB68C-625F-11E1-BDBC-00262D9A1E92}.dat
+ 2012-02-29 20:35 . 2012-02-29 20:42 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E41D0B09-6314-11E1-A416-00262D9A1E92}.dat
+ 2012-03-01 10:32 . 2012-03-01 10:39 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E4182A68-6389-11E1-A416-00262D9A1E92}.dat
+ 2012-03-01 17:13 . 2012-03-01 17:13 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{E0FA0EEC-63C1-11E1-A416-00262D9A1E92}.dat
+ 2012-03-01 18:53 . 2012-03-01 18:55 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{DFC231CE-63CF-11E1-A416-00262D9A1E92}.dat
+ 2012-02-28 22:02 . 2012-02-28 22:02 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{DF1D1983-6257-11E1-B06B-00262D9A1E92}.dat
+ 2012-03-07 09:49 . 2012-03-07 09:52 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{DED74191-683A-11E1-B0FD-00262D9A1E92}.dat
+ 2012-02-28 23:56 . 2012-02-28 23:56 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{DDD83348-6267-11E1-BDBC-00262D9A1E92}.dat
+ 2012-03-01 19:00 . 2012-03-01 19:04 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{DD36E846-63D0-11E1-A416-00262D9A1E92}.dat
+ 2012-03-07 10:25 . 2012-03-07 10:30 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{DC7E0DA3-683F-11E1-B0FD-00262D9A1E92}.dat
+ 2012-03-01 00:52 . 2012-03-01 00:52 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{DBFD6ED0-6338-11E1-A416-00262D9A1E92}.dat
+ 2012-02-29 17:57 . 2012-02-29 18:01 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{DAFC3060-62FE-11E1-A416-00262D9A1E92}.dat
+ 2012-03-01 15:11 . 2012-03-01 15:17 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D92F58F8-63B0-11E1-A416-00262D9A1E92}.dat
+ 2012-03-01 10:11 . 2012-03-01 10:11 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D917007A-6386-11E1-A416-00262D9A1E92}.dat
+ 2012-02-29 13:54 . 2012-02-29 13:54 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D7C531C0-62DC-11E1-BDBC-00262D9A1E92}.dat
+ 2012-03-01 01:57 . 2012-03-01 01:57 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D4E9A182-6341-11E1-A416-00262D9A1E92}.dat
+ 2012-02-29 17:43 . 2012-02-29 17:49 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D4CE5069-62FC-11E1-A416-00262D9A1E92}.dat
+ 2012-03-01 21:30 . 2012-03-01 21:30 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D441D890-63E5-11E1-A416-00262D9A1E92}.dat
+ 2012-03-01 16:44 . 2012-03-01 16:44 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D3BA6E68-63BD-11E1-A416-00262D9A1E92}.dat
+ 2012-03-01 10:25 . 2012-03-01 10:25 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D2F4E2A0-6388-11E1-A416-00262D9A1E92}.dat
+ 2012-02-28 22:37 . 2012-02-28 22:41 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{CAFCEDBA-625C-11E1-BDBC-00262D9A1E92}.dat
+ 2012-02-28 11:31 . 2012-02-28 11:31 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C9C25A1C-61FF-11E1-B06B-00262D9A1E92}.dat
+ 2012-02-28 11:17 . 2012-02-28 11:22 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C94593F5-61FD-11E1-B06B-00262D9A1E92}.dat
+ 2012-02-29 01:00 . 2012-02-29 01:02 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C8232B65-6270-11E1-BDBC-00262D9A1E92}.dat
+ 2012-03-02 01:33 . 2012-03-02 01:39 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C625B592-6407-11E1-A416-00262D9A1E92}.dat
+ 2012-02-29 02:40 . 2012-02-29 02:40 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C494E2CD-627E-11E1-BDBC-00262D9A1E92}.dat
+ 2012-03-01 14:35 . 2012-03-01 14:39 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C44A7223-63AB-11E1-A416-00262D9A1E92}.dat
+ 2012-02-28 10:27 . 2012-02-28 10:33 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C40A36EC-61F6-11E1-B06B-00262D9A1E92}.dat
+ 2012-03-07 10:53 . 2012-03-07 10:55 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C338D02A-6843-11E1-B0FD-00262D9A1E92}.dat
+ 2012-02-29 21:24 . 2012-02-29 21:28 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{C0C3D1BE-631B-11E1-A416-00262D9A1E92}.dat
+ 2012-03-01 00:08 . 2012-03-01 00:14 7680 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{BD05FA10-6332-11E1-A416-00262D9A1E92}.dat
+ 2012-02-29 20:48 . 2012-02-29 20:48 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{BB95F8AF-6316-11E1-A416-00262D9A1E92}.dat
+ 2012-02-29 12:05 . 2012-02-29 12:05 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B82B24CC-62CD-11E1-BDBC-00262D9A1E92}.dat
+ 2012-02-29 05:46 . 2012-02-29 05:51 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B6F650A5-6298-11E1-BDBC-00262D9A1E92}.dat
+ 2012-02-29 21:16 . 2012-02-29 21:20 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B563AF03-631A-11E1-A416-00262D9A1E92}.dat
+ 2012-03-01 15:17 . 2012-03-01 15:24 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B5388EE3-63B1-11E1-A416-00262D9A1E92}.dat
+ 2012-03-07 09:48 . 2012-03-07 09:53 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B2CB4815-683A-11E1-B0FD-00262D9A1E92}.dat
+ 2012-03-02 01:54 . 2012-03-02 01:54 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B01BD504-640A-11E1-A416-00262D9A1E92}.dat
+ 2012-02-28 22:29 . 2012-02-28 22:30 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{AFFFFD37-625B-11E1-BDBC-00262D9A1E92}.dat
+ 2012-03-01 09:34 . 2012-03-01 09:40 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{AF3E62EC-6381-11E1-A416-00262D9A1E92}.dat
+ 2012-03-01 17:40 . 2012-03-01 17:46 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{AE59512E-63C5-11E1-A416-00262D9A1E92}.dat
+ 2012-03-02 00:43 . 2012-03-02 00:49 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{AC2FD7FB-6400-11E1-A416-00262D9A1E92}.dat
+ 2012-02-28 10:47 . 2012-02-28 10:49 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{AC28B4DC-61F9-11E1-B06B-00262D9A1E92}.dat
+ 2012-03-01 11:28 . 2012-03-01 11:28 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{AA40E7C8-6391-11E1-A416-00262D9A1E92}.dat
+ 2012-03-01 17:55 . 2012-03-01 17:55 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{AA18F2B2-63C7-11E1-A416-00262D9A1E92}.dat
+ 2012-02-28 11:23 . 2012-02-28 11:30 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A8BD97AE-61FE-11E1-B06B-00262D9A1E92}.dat
+ 2012-02-29 12:19 . 2012-02-29 12:25 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A773D3A7-62CF-11E1-BDBC-00262D9A1E92}.dat
+ 2012-02-29 16:01 . 2012-02-29 16:05 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A5D57B3F-62EE-11E1-BDBC-00262D9A1E92}.dat
+ 2012-02-29 17:27 . 2012-02-29 17:31 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A54ACD22-62FA-11E1-A416-00262D9A1E92}.dat
+ 2012-02-29 16:37 . 2012-02-29 16:43 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A4C65E3C-62F3-11E1-A416-00262D9A1E92}.dat
+ 2012-02-29 16:15 . 2012-02-29 16:15 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A3C40699-62F0-11E1-BDBC-00262D9A1E92}.dat
+ 2012-02-29 01:20 . 2012-02-29 01:26 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A28A5E34-6273-11E1-BDBC-00262D9A1E92}.dat
+ 2012-03-01 09:40 . 2012-03-01 09:45 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A1731F81-6382-11E1-A416-00262D9A1E92}.dat
+ 2012-02-29 13:31 . 2012-02-29 13:31 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A1195EBC-62D9-11E1-BDBC-00262D9A1E92}.dat
+ 2012-02-29 01:35 . 2012-02-29 01:38 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A05519A3-6275-11E1-BDBC-00262D9A1E92}.dat
+ 2012-03-07 23:09 . 2012-03-07 23:10 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{A021A777-68AA-11E1-9615-00262D9A1E92}.dat
+ 2012-03-02 01:04 . 2012-03-02 01:08 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{9E5A9C8F-6403-11E1-A416-00262D9A1E92}.dat
+ 2012-02-29 17:27 . 2012-02-29 17:27 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{9DB46A41-62FA-11E1-A416-00262D9A1E92}.dat
+ 2012-02-29 14:28 . 2012-02-29 14:28 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{9848E61B-62E1-11E1-BDBC-00262D9A1E92}.dat
+ 2012-02-29 20:47 . 2012-02-29 20:47 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{980E8EB8-6316-11E1-A416-00262D9A1E92}.dat
+ 2012-02-29 05:59 . 2012-02-29 05:59 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{94ECF8FE-629A-11E1-BDBC-00262D9A1E92}.dat
+ 2012-02-29 21:08 . 2012-02-29 21:08 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{934B7F24-6319-11E1-A416-00262D9A1E92}.dat
+ 2012-03-01 02:59 . 2012-03-01 03:03 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{929DC33A-634A-11E1-A416-00262D9A1E92}.dat
+ 2012-02-29 18:52 . 2012-02-29 18:52 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{925582B6-6306-11E1-A416-00262D9A1E92}.dat
+ 2012-03-01 00:36 . 2012-03-01 00:36 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{906CFD5A-6336-11E1-A416-00262D9A1E92}.dat
+ 2012-02-28 22:07 . 2012-02-28 22:11 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{8FCF29A7-6258-11E1-B06B-00262D9A1E92}.dat
+ 2012-02-29 18:59 . 2012-02-29 18:59 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{8F989659-6307-11E1-A416-00262D9A1E92}.dat
+ 2012-03-07 10:30 . 2012-03-07 10:36 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{897BC4EE-6840-11E1-B0FD-00262D9A1E92}.dat
+ 2012-03-07 09:54 . 2012-03-07 09:59 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{8719C597-683B-11E1-B0FD-00262D9A1E92}.dat
+ 2012-03-01 16:49 . 2012-03-01 16:49 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{869D9795-63BE-11E1-A416-00262D9A1E92}.dat
+ 2012-03-01 19:12 . 2012-03-01 19:17 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{86212DC4-63D2-11E1-A416-00262D9A1E92}.dat
+ 2012-02-28 10:25 . 2012-02-28 10:25 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{83F01747-61F6-11E1-B06B-00262D9A1E92}.dat
+ 2012-02-28 21:31 . 2012-02-28 21:31 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{83369DAF-6253-11E1-B06B-00262D9A1E92}.dat
+ 2012-02-29 00:58 . 2012-02-29 01:05 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{7E8889FE-6270-11E1-BDBC-00262D9A1E92}.dat
+ 2012-02-29 18:02 . 2012-02-29 18:06 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{7C8D2166-62FF-11E1-A416-00262D9A1E92}.dat
+ 2012-02-29 14:20 . 2012-02-29 14:20 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{7A1C16CA-62E0-11E1-BDBC-00262D9A1E92}.dat
+ 2012-02-28 23:46 . 2012-02-28 23:46 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{781D04A8-6266-11E1-BDBC-00262D9A1E92}.dat
+ 2012-03-01 09:46 . 2012-03-01 09:46 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{77662B6B-6383-11E1-A416-00262D9A1E92}.dat
+ 2012-02-28 10:39 . 2012-02-28 10:39 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{76E46477-61F8-11E1-B06B-00262D9A1E92}.dat
+ 2012-03-01 00:07 . 2012-03-01 00:13 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{76CD7C17-6332-11E1-A416-00262D9A1E92}.dat
+ 2012-02-29 19:34 . 2012-02-29 19:34 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{76A57727-630C-11E1-A416-00262D9A1E92}.dat
+ 2012-03-01 09:53 . 2012-03-01 09:59 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{74B18231-6384-11E1-A416-00262D9A1E92}.dat
+ 2012-02-29 17:47 . 2012-02-29 17:47 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{741FFC51-62FD-11E1-A416-00262D9A1E92}.dat
+ 2012-02-29 17:33 . 2012-02-29 17:38 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{71B89A60-62FB-11E1-A416-00262D9A1E92}.dat
+ 2012-03-07 11:19 . 2012-03-07 11:26 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{71610B7A-6847-11E1-B0FD-00262D9A1E92}.dat
+ 2012-02-29 18:16 . 2012-02-29 18:22 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{7114BB42-6301-11E1-A416-00262D9A1E92}.dat
+ 2012-02-29 10:59 . 2012-02-29 11:04 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{6DA82886-62C4-11E1-BDBC-00262D9A1E92}.dat
+ 2012-03-07 12:02 . 2012-03-07 12:02 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{6D93C945-684D-11E1-B0FD-00262D9A1E92}.dat
+ 2012-02-29 00:00 . 2012-02-29 00:05 7680 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{6CA5C5B2-6268-11E1-BDBC-00262D9A1E92}.dat
+ 2012-02-28 22:06 . 2012-02-28 22:06 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{6C020EA5-6258-11E1-B06B-00262D9A1E92}.dat
+ 2012-03-01 14:47 . 2012-03-01 14:50 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{6AA648C1-63AD-11E1-A416-00262D9A1E92}.dat
+ 2012-02-29 01:55 . 2012-02-29 02:00 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{6A46CD00-6278-11E1-BDBC-00262D9A1E92}.dat
+ 2012-03-07 23:01 . 2012-03-07 23:04 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{682D39CC-68A9-11E1-9136-00262D9A1E92}.dat
+ 2012-02-29 19:05 . 2012-02-29 19:05 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{665297F0-6308-11E1-A416-00262D9A1E92}.dat
+ 2012-03-07 11:33 . 2012-03-07 11:40 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{6599FDA7-6849-11E1-B0FD-00262D9A1E92}.dat
+ 2012-03-07 09:53 . 2012-03-07 09:53 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{6588E755-683B-11E1-B0FD-00262D9A1E92}.dat
+ 2012-03-01 01:10 . 2012-03-01 01:10 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{646A1184-633B-11E1-A416-00262D9A1E92}.dat
+ 2012-02-28 21:22 . 2012-02-28 21:22 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{62531F5C-6252-11E1-B06B-00262D9A1E92}.dat
+ 2012-03-07 10:50 . 2012-03-07 10:56 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{61C05DDC-6843-11E1-B0FD-00262D9A1E92}.dat
+ 2012-03-01 01:53 . 2012-03-01 01:53 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{5FE64DE4-6341-11E1-A416-00262D9A1E92}.dat
+ 2012-02-29 19:19 . 2012-02-29 19:19 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{5B219B16-630A-11E1-A416-00262D9A1E92}.dat
+ 2012-02-29 19:48 . 2012-02-29 19:48 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{5AE768E5-630E-11E1-A416-00262D9A1E92}.dat
+ 2012-02-29 14:12 . 2012-02-29 14:12 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{596D1EDA-62DF-11E1-BDBC-00262D9A1E92}.dat
+ 2012-03-01 02:36 . 2012-03-01 02:36 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{58D19C96-6347-11E1-A416-00262D9A1E92}.dat
+ 2012-03-07 10:00 . 2012-03-07 10:05 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{57ADC04C-683C-11E1-B0FD-00262D9A1E92}.dat
+ 2012-02-29 02:30 . 2012-02-29 02:34 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{54F7A6E3-627D-11E1-BDBC-00262D9A1E92}.dat
+ 2012-02-29 16:42 . 2012-02-29 16:42 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{54EE54CB-62F4-11E1-A416-00262D9A1E92}.dat
+ 2012-02-28 21:51 . 2012-02-28 21:51 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{534028C4-6256-11E1-B06B-00262D9A1E92}.dat
+ 2012-02-28 23:31 . 2012-02-28 23:31 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{5117A2BF-6264-11E1-BDBC-00262D9A1E92}.dat
+ 2012-03-07 12:08 . 2012-03-07 12:13 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{4DF25FCE-684E-11E1-B0FD-00262D9A1E92}.dat
+ 2012-03-01 01:38 . 2012-03-01 01:44 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{4C86337F-633F-11E1-A416-00262D9A1E92}.dat
+ 2012-03-01 16:33 . 2012-03-01 16:33 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{4A7437CE-63BC-11E1-A416-00262D9A1E92}.dat
+ 2012-03-07 09:38 . 2012-03-07 09:38 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{4A1F3D07-6839-11E1-B0FD-00262D9A1E92}.dat
+ 2012-02-28 21:15 . 2012-02-28 21:15 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{4603B944-6251-11E1-B06B-00262D9A1E92}.dat
+ 2012-02-29 11:41 . 2012-02-29 11:48 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{45AF940C-62CA-11E1-BDBC-00262D9A1E92}.dat
+ 2012-03-07 11:54 . 2012-03-07 11:54 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{4572B3A0-684C-11E1-B0FD-00262D9A1E92}.dat
+ 2012-03-01 01:02 . 2012-03-01 01:02 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{44AA56F7-633A-11E1-A416-00262D9A1E92}.dat
+ 2012-03-07 22:59 . 2012-03-07 23:00 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{43230643-68A9-11E1-9136-00262D9A1E92}.dat
+ 2012-03-01 02:14 . 2012-03-01 02:14 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{42F2C39C-6344-11E1-A416-00262D9A1E92}.dat
+ 2012-02-29 18:07 . 2012-02-29 18:12 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{40E9E540-6300-11E1-A416-00262D9A1E92}.dat
+ 2012-02-28 10:37 . 2012-02-28 10:43 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{40B81B45-61F8-11E1-B06B-00262D9A1E92}.dat
+ 2012-03-07 09:59 . 2012-03-07 10:06 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{3FF96856-683C-11E1-B0FD-00262D9A1E92}.dat
+ 2012-02-28 10:59 . 2012-02-28 11:05 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{3FE65D22-61FB-11E1-B06B-00262D9A1E92}.dat
+ 2012-03-07 10:06 . 2012-03-07 10:06 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{3D5A1942-683D-11E1-B0FD-00262D9A1E92}.dat
+ 2012-02-28 11:06 . 2012-02-28 11:06 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{3CE1BDFC-61FC-11E1-B06B-00262D9A1E92}.dat
+ 2012-02-29 14:54 . 2012-02-29 14:59 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{39F5F5BE-62E5-11E1-BDBC-00262D9A1E92}.dat
+ 2012-02-29 17:53 . 2012-02-29 17:53 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{37B4CC94-62FE-11E1-A416-00262D9A1E92}.dat
+ 2012-02-29 18:00 . 2012-02-29 18:06 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{352D3F95-62FF-11E1-A416-00262D9A1E92}.dat
+ 2012-03-07 11:46 . 2012-03-07 11:48 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{34F99105-684B-11E1-B0FD-00262D9A1E92}.dat
+ 2012-03-01 17:01 . 2012-03-01 17:01 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{33E2295D-63C0-11E1-A416-00262D9A1E92}.dat
+ 2012-02-29 11:04 . 2012-02-29 11:10 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{3366B692-62C5-11E1-BDBC-00262D9A1E92}.dat
+ 2012-03-07 10:06 . 2012-03-07 10:13 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{335F3D3B-683D-11E1-B0FD-00262D9A1E92}.dat
+ 2012-02-28 21:43 . 2012-02-28 21:43 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{3278703A-6255-11E1-B06B-00262D9A1E92}.dat
+ 2012-02-29 18:28 . 2012-02-29 18:29 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{31B32C58-6303-11E1-A416-00262D9A1E92}.dat
+ 2012-03-07 10:13 . 2012-03-07 10:14 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{30B746A3-683E-11E1-B0FD-00262D9A1E92}.dat
+ 2012-02-29 18:35 . 2012-02-29 18:35 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{2F29DE4C-6304-11E1-A416-00262D9A1E92}.dat
+ 2012-02-29 22:46 . 2012-02-29 22:50 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{2E772C49-6327-11E1-A416-00262D9A1E92}.dat
+ 2012-03-01 19:17 . 2012-03-01 19:21 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{2D693A4C-63D3-11E1-A416-00262D9A1E92}.dat
+ 2012-02-29 18:07 . 2012-02-29 18:07 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{2C40B39E-6300-11E1-A416-00262D9A1E92}.dat
+ 2012-03-07 09:37 . 2012-03-07 09:42 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{2932E58D-6839-11E1-B0FD-00262D9A1E92}.dat
+ 2012-03-01 18:41 . 2012-03-01 18:41 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{259138C1-63CE-11E1-A416-00262D9A1E92}.dat
+ 2012-03-01 18:48 . 2012-03-01 18:48 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{24567D4E-63CF-11E1-A416-00262D9A1E92}.dat
+ 2012-03-01 15:49 . 2012-03-01 15:49 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{235A83BF-63B6-11E1-A416-00262D9A1E92}.dat
+ 2012-03-01 15:56 . 2012-03-01 16:02 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{2111B65A-63B7-11E1-A416-00262D9A1E92}.dat
+ 2012-03-01 16:53 . 2012-03-01 16:54 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{207DE9D3-63BF-11E1-A416-00262D9A1E92}.dat
+ 2012-02-29 22:31 . 2012-02-29 22:37 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{1FD85ADD-6325-11E1-A416-00262D9A1E92}.dat
+ 2012-02-29 00:34 . 2012-02-29 00:34 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{1FC20E8D-626D-11E1-BDBC-00262D9A1E92}.dat
+ 2012-03-01 00:47 . 2012-03-01 00:53 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{1D1A0B56-6338-11E1-A416-00262D9A1E92}.dat
+ 2012-03-02 02:04 . 2012-03-02 02:09 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{1CD14F6B-640C-11E1-A416-00262D9A1E92}.dat
+ 2012-02-28 22:25 . 2012-02-28 22:25 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{1C798BF9-625B-11E1-BDBC-00262D9A1E92}.dat
+ 2012-02-28 10:43 . 2012-02-28 10:46 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{1BAE5689-61F9-11E1-B06B-00262D9A1E92}.dat
+ 2012-03-01 02:06 . 2012-03-01 02:10 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{1BA358E8-6343-11E1-A416-00262D9A1E92}.dat
+ 2012-03-07 11:03 . 2012-03-07 11:07 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{19CED203-6845-11E1-B0FD-00262D9A1E92}.dat
+ 2012-02-28 21:28 . 2012-02-28 21:33 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{1983E0DB-6253-11E1-B06B-00262D9A1E92}.dat
+ 2012-03-01 10:05 . 2012-03-01 10:05 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{187BD470-6386-11E1-A416-00262D9A1E92}.dat
+ 2012-03-01 11:02 . 2012-03-01 11:04 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{1845C366-638E-11E1-A416-00262D9A1E92}.dat
+ 2012-03-07 11:17 . 2012-03-07 11:24 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{1560D32C-6847-11E1-B0FD-00262D9A1E92}.dat
+ 2012-02-29 16:33 . 2012-02-29 16:33 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{14BD8814-62F3-11E1-A416-00262D9A1E92}.dat
+ 2012-02-28 22:53 . 2012-02-28 22:58 7680 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{13274B20-625F-11E1-BDBC-00262D9A1E92}.dat
+ 2012-03-07 12:14 . 2012-03-07 12:16 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{1303462F-684F-11E1-B0FD-00262D9A1E92}.dat
+ 2012-02-28 22:25 . 2012-02-28 22:25 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{121E5546-625B-11E1-BDBC-00262D9A1E92}.dat
+ 2012-02-29 16:33 . 2012-02-29 16:34 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{11C52480-62F3-11E1-A416-00262D9A1E92}.dat
+ 2012-02-29 01:09 . 2012-02-29 01:13 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{10D3D829-6272-11E1-BDBC-00262D9A1E92}.dat
+ 2012-02-29 18:20 . 2012-02-29 18:20 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{109DD141-6302-11E1-A416-00262D9A1E92}.dat
+ 2012-02-29 01:09 . 2012-02-29 01:15 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{0F4B0F87-6272-11E1-BDBC-00262D9A1E92}.dat
+ 2012-02-29 12:36 . 2012-02-29 12:36 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{0D534D49-62D2-11E1-BDBC-00262D9A1E92}.dat
+ 2012-03-07 11:02 . 2012-03-07 11:02 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{0BE0F14D-6845-11E1-B0FD-00262D9A1E92}.dat
+ 2012-03-01 18:11 . 2012-03-01 18:14 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{06438A31-63CA-11E1-A416-00262D9A1E92}.dat
+ 2012-03-07 09:36 . 2012-03-07 09:37 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{05274E50-6839-11E1-B0FD-00262D9A1E92}.dat
+ 2012-02-29 05:34 . 2012-02-29 05:34 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{04B5158D-6297-11E1-BDBC-00262D9A1E92}.dat
+ 2012-03-01 15:34 . 2012-03-01 15:34 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{04967158-63B4-11E1-A416-00262D9A1E92}.dat
+ 2012-03-01 15:41 . 2012-03-01 15:41 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{022EFEDF-63B5-11E1-A416-00262D9A1E92}.dat
+ 2012-03-07 10:05 . 2012-03-07 10:05 4096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{FFF4362F-683C-11E1-B0FD-00262D9A1E92}.dat
+ 2012-03-07 10:05 . 2012-03-07 10:05 4096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{FFF4362D-683C-11E1-B0FD-00262D9A1E92}.dat
+ 2012-03-01 21:24 . 2012-03-01 21:29 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{FEE51B6A-63E4-11E1-A416-00262D9A1E92}.dat
+ 2012-03-01 01:43 . 2012-03-01 01:44 9728 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{FB57E3D9-633F-11E1-A416-00262D9A1E92}.dat
+ 2012-03-01 10:19 . 2012-03-01 10:19 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F874EA84-6387-11E1-A416-00262D9A1E92}.dat
+ 2012-02-29 00:04 . 2012-02-29 00:04 4096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F714A887-6268-11E1-BDBC-00262D9A1E92}.dat
+ 2012-02-28 23:07 . 2012-02-28 23:07 4096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F69B1613-6260-11E1-BDBC-00262D9A1E92}.dat
+ 2012-02-29 05:26 . 2012-02-29 05:26 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F46E7562-6295-11E1-BDBC-00262D9A1E92}.dat
+ 2012-03-01 09:21 . 2012-03-01 09:27 7168 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F43BF814-637F-11E1-A416-00262D9A1E92}.dat
+ 2012-02-29 18:05 . 2012-02-29 18:05 4096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F396B1D7-62FF-11E1-A416-00262D9A1E92}.dat
+ 2012-03-07 10:04 . 2012-03-07 10:04 8192 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F2E5016B-683C-11E1-B0FD-00262D9A1E92}.dat
+ 2012-03-01 14:50 . 2012-03-01 14:51 8704 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F2A1E45A-63AD-11E1-A416-00262D9A1E92}.dat
+ 2012-02-29 14:59 . 2012-02-29 15:00 8704 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F1A47808-62E5-11E1-BDBC-00262D9A1E92}.dat
+ 2012-03-01 14:36 . 2012-03-01 14:36 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{ED8862FA-63AB-11E1-A416-00262D9A1E92}.dat
+ 2012-03-01 14:36 . 2012-03-01 14:36 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{ED8862F8-63AB-11E1-A416-00262D9A1E92}.dat
+ 2012-02-29 00:04 . 2012-02-29 00:04 4096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{ED3903F5-6268-11E1-BDBC-00262D9A1E92}.dat
+ 2012-02-29 18:12 . 2012-02-29 18:12 4096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{ED1E7211-6300-11E1-A416-00262D9A1E92}.dat
+ 2012-03-01 15:26 . 2012-03-01 15:32 7168 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{EBFE06AD-63B2-11E1-A416-00262D9A1E92}.dat
+ 2012-02-29 01:58 . 2012-02-29 01:58 8704 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{EBBF658D-6278-11E1-BDBC-00262D9A1E92}.dat
+ 2012-03-01 10:33 . 2012-03-01 10:33 9728 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{EB090029-6389-11E1-A416-00262D9A1E92}.dat
+ 2012-02-28 21:33 . 2012-02-28 21:34 7168 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{EA6B58D7-6253-11E1-B06B-00262D9A1E92}.dat
+ 2012-03-01 00:10 . 2012-03-01 00:10 4096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E88282AE-6332-11E1-A416-00262D9A1E92}.dat
+ 2012-03-01 14:50 . 2012-03-01 14:50 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E6F7AE63-63AD-11E1-A416-00262D9A1E92}.dat
+ 2012-02-28 22:59 . 2012-02-28 22:59 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E6DEB68D-625F-11E1-BDBC-00262D9A1E92}.dat
+ 2012-02-28 11:18 . 2012-02-28 11:18 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E4BC5083-61FD-11E1-B06B-00262D9A1E92}.dat
+ 2012-02-29 16:39 . 2012-02-29 16:44 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E49C17B0-62F3-11E1-A416-00262D9A1E92}.dat
+ 2012-03-07 09:57 . 2012-03-07 09:57 7680 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E3A7F135-683B-11E1-B0FD-00262D9A1E92}.dat
+ 2012-03-07 09:57 . 2012-03-07 09:57 7680 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E3A7F134-683B-11E1-B0FD-00262D9A1E92}.dat
+ 2012-03-01 16:09 . 2012-03-01 16:09 7680 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E14C9224-63B8-11E1-A416-00262D9A1E92}.dat
+ 2012-03-01 17:13 . 2012-03-01 17:13 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E0FA0EED-63C1-11E1-A416-00262D9A1E92}.dat
+ 2012-03-07 10:04 . 2012-03-07 10:04 7680 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E0A15304-683C-11E1-B0FD-00262D9A1E92}.dat
+ 2012-03-07 10:04 . 2012-03-07 10:04 7680 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E0A15302-683C-11E1-B0FD-00262D9A1E92}.dat
+ 2012-03-01 14:50 . 2012-03-01 14:50 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DF76B7E6-63AD-11E1-A416-00262D9A1E92}.dat
+ 2012-03-07 09:42 . 2012-03-07 09:42 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DF24D55C-6839-11E1-B0FD-00262D9A1E92}.dat
+ 2012-02-28 22:02 . 2012-02-28 22:02 4096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DF1D1984-6257-11E1-B06B-00262D9A1E92}.dat
+ 2012-02-29 20:42 . 2012-02-29 20:42 4096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DDD92985-6315-11E1-A416-00262D9A1E92}.dat
+ 2012-02-28 23:56 . 2012-02-28 23:56 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DDD83349-6267-11E1-BDBC-00262D9A1E92}.dat
+ 2012-03-01 00:52 . 2012-03-01 00:52 4096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DBFD6ED1-6338-11E1-A416-00262D9A1E92}.dat
+ 2012-02-28 10:49 . 2012-02-28 10:49 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DB2AEEFF-61F9-11E1-B06B-00262D9A1E92}.dat
+ 2012-03-07 23:04 . 2012-03-07 23:04 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DB0D7E53-68A9-11E1-9136-00262D9A1E92}.dat
+ 2012-03-07 10:18 . 2012-03-07 10:18 4096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DA28C995-683E-11E1-B0FD-00262D9A1E92}.dat
+ 2012-02-29 21:17 . 2012-02-29 21:20 9216 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D9A681AB-631A-11E1-A416-00262D9A1E92}.dat
+ 2012-03-01 15:11 . 2012-03-01 15:17 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D92F58F9-63B0-11E1-A416-00262D9A1E92}.dat
+ 2012-03-01 10:11 . 2012-03-01 10:11 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D917007B-6386-11E1-A416-00262D9A1E92}.dat
+ 2012-02-29 13:54 . 2012-02-29 13:54 4096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D7C531C1-62DC-11E1-BDBC-00262D9A1E92}.dat
+ 2012-02-29 16:38 . 2012-02-29 16:38 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D6257CFA-62F3-11E1-A416-00262D9A1E92}.dat
+ 2012-03-01 01:57 . 2012-03-01 01:57 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D4E9A183-6341-11E1-A416-00262D9A1E92}.dat
+ 2012-03-01 21:30 . 2012-03-01 21:30 4096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D441D891-63E5-11E1-A416-00262D9A1E92}.dat
+ 2012-03-01 16:44 . 2012-03-01 16:44 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D3BA6E69-63BD-11E1-A416-00262D9A1E92}.dat
+ 2012-03-07 23:04 . 2012-03-07 23:04 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D346429C-68A9-11E1-9136-00262D9A1E92}.dat
+ 2012-03-01 10:25 . 2012-03-01 10:25 4096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D2F4E2A1-6388-11E1-A416-00262D9A1E92}.dat
+ 2012-02-29 00:03 . 2012-02-29 00:03 4096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{CF64C684-6268-11E1-BDBC-00262D9A1E92}.dat
+ 2012-03-01 00:52 . 2012-03-01 00:52 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{CDC20933-6338-11E1-A416-00262D9A1E92}.dat
+ 2012-02-28 11:31 . 2012-02-28 21:13 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C9C25A1D-61FF-11E1-B06B-00262D9A1E92}.dat
+ 2012-03-07 09:56 . 2012-03-07 09:59 7680 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C81CB86F-683B-11E1-B0FD-00262D9A1E92}.dat
+ 2012-02-29 01:36 . 2012-02-29 01:36 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C5BD7417-6275-11E1-BDBC-00262D9A1E92}.dat
+ 2012-03-01 14:49 . 2012-03-01 14:50 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C4FE3408-63AD-11E1-A416-00262D9A1E92}.dat
+ 2012-02-29 02:40 . 2012-02-29 02:40 4096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C494E2CE-627E-11E1-BDBC-00262D9A1E92}.dat
+ 2012-02-29 00:03 . 2012-02-29 00:03 4096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C37BE51F-6268-11E1-BDBC-00262D9A1E92}.dat
+ 2012-03-01 19:21 . 2012-03-01 19:21 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C229264A-63D3-11E1-A416-00262D9A1E92}.dat
+ 2012-02-29 22:50 . 2012-02-29 22:50 8704 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C1B205DC-6327-11E1-A416-00262D9A1E92}.dat
+ 2012-02-29 18:18 . 2012-02-29 18:18 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C119C5CB-6301-11E1-A416-00262D9A1E92}.dat
+ 2012-02-29 18:18 . 2012-02-29 18:23 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C119C5C9-6301-11E1-A416-00262D9A1E92}.dat
+ 2012-02-29 14:57 . 2012-02-29 14:57 7168 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C0320BE6-62E5-11E1-BDBC-00262D9A1E92}.dat
+ 2012-03-01 10:38 . 2012-03-01 10:38 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{BFB30C82-638A-11E1-A416-00262D9A1E92}.dat
+ 2012-02-28 22:58 . 2012-02-28 22:58 4096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{BE551328-625F-11E1-BDBC-00262D9A1E92}.dat
+ 2012-03-07 11:36 . 2012-03-07 11:40 9216 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{BBE16F8E-6849-11E1-B0FD-00262D9A1E92}.dat
+ 2012-02-29 11:01 . 2012-02-29 11:04 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{BB9B10C4-62C4-11E1-BDBC-00262D9A1E92}.dat
+ 2012-03-01 14:49 . 2012-03-01 14:50 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{BB5A1B06-63AD-11E1-A416-00262D9A1E92}.dat
+ 2012-03-01 14:49 . 2012-03-01 14:49 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{BB5A1B04-63AD-11E1-A416-00262D9A1E92}.dat
+ 2012-02-29 12:05 . 2012-02-29 12:05 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B82B24CD-62CD-11E1-BDBC-00262D9A1E92}.dat
+ 2012-02-29 18:32 . 2012-02-29 18:32 8704 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B7E4A280-6303-11E1-A416-00262D9A1E92}.dat
+ 2012-02-29 05:46 . 2012-02-29 05:51 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B6F650A6-6298-11E1-BDBC-00262D9A1E92}.dat
+ 2012-03-01 10:38 . 2012-03-01 10:39 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B5C7FE65-638A-11E1-A416-00262D9A1E92}.dat
+ 2012-03-07 10:24 . 2012-03-07 10:24 9216 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B55DD8E0-683F-11E1-B0FD-00262D9A1E92}.dat
+ 2012-03-07 10:24 . 2012-03-07 10:24 9216 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B55DD8DF-683F-11E1-B0FD-00262D9A1E92}.dat
+ 2012-03-01 15:17 . 2012-03-01 15:24 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B5388EE4-63B1-11E1-A416-00262D9A1E92}.dat
+ 2012-03-01 00:51 . 2012-03-01 00:52 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B5330E26-6338-11E1-A416-00262D9A1E92}.dat
+ 2012-03-01 00:51 . 2012-03-01 00:52 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B5330E25-6338-11E1-A416-00262D9A1E92}.dat
+ 2012-03-01 01:41 . 2012-03-01 01:44 9216 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B0D7C116-633F-11E1-A416-00262D9A1E92}.dat
+ 2012-03-07 23:10 . 2012-03-07 23:10 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B03B8A3B-68AA-11E1-9615-00262D9A1E92}.dat
+ 2012-03-01 09:34 . 2012-03-01 09:40 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{AF3E62ED-6381-11E1-A416-00262D9A1E92}.dat
+ 2012-02-28 10:33 . 2012-02-28 10:33 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{ADEFCCAD-61F7-11E1-B06B-00262D9A1E92}.dat
+ 2012-03-07 10:24 . 2012-03-07 10:24 4096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{ADB98397-683F-11E1-B0FD-00262D9A1E92}.dat
+ 2012-03-07 10:24 . 2012-03-07 10:24 4096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{ADB98396-683F-11E1-B0FD-00262D9A1E92}.dat
+ 2012-03-07 10:24 . 2012-03-07 10:24 4096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{ADB98395-683F-11E1-B0FD-00262D9A1E92}.dat
+ 2012-02-29 14:57 . 2012-02-29 14:57 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{ACD62A85-62E5-11E1-BDBC-00262D9A1E92}.dat
+ 2012-02-29 18:10 . 2012-02-29 18:10 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{ACA9AF23-6300-11E1-A416-00262D9A1E92}.dat
+ 2012-03-07 10:02 . 2012-03-07 10:02 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{AABFCDAC-683C-11E1-B0FD-00262D9A1E92}.dat
+ 2012-03-07 10:02 . 2012-03-07 10:02 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{AABFCDAA-683C-11E1-B0FD-00262D9A1E92}.dat
+ 2012-03-01 11:28 . 2012-03-01 11:28 4096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{AA40E7C9-6391-11E1-A416-00262D9A1E92}.dat
+ 2012-03-01 17:55 . 2012-03-01 17:55 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{AA18F2B3-63C7-11E1-A416-00262D9A1E92}.dat
+ 2012-03-01 10:38 . 2012-03-01 10:38 8192 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A4F3468E-638A-11E1-A416-00262D9A1E92}.dat
+ 2012-02-29 16:15 . 2012-02-29 16:15 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A3C4069A-62F0-11E1-BDBC-00262D9A1E92}.dat
+ 2012-02-28 11:02 . 2012-02-28 11:02 7680 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A391E44A-61FB-11E1-B06B-00262D9A1E92}.dat
+ 2012-03-01 09:40 . 2012-03-01 09:45 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A1731F82-6382-11E1-A416-00262D9A1E92}.dat
+ 2012-02-29 13:31 . 2012-02-29 13:31 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A1195EBD-62D9-11E1-BDBC-00262D9A1E92}.dat
+ 2012-03-07 10:02 . 2012-03-07 10:02 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A08131E3-683C-11E1-B0FD-00262D9A1E92}.dat
+ 2012-03-02 01:04 . 2012-03-02 01:08 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9E5A9C90-6403-11E1-A416-00262D9A1E92}.dat
+ 2012-02-29 14:56 . 2012-02-29 14:57 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9E26A4A9-62E5-11E1-BDBC-00262D9A1E92}.dat
+ 2012-02-29 17:27 . 2012-02-29 17:27 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9DB46A42-62FA-11E1-A416-00262D9A1E92}.dat
+ 2012-02-29 00:02 . 2012-02-29 00:02 4096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9CC5D015-6268-11E1-BDBC-00262D9A1E92}.dat
+ 2012-02-29 14:28 . 2012-02-29 14:28 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9848E61C-62E1-11E1-BDBC-00262D9A1E92}.dat
+ 2012-02-29 20:47 . 2012-02-29 20:47 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{980E8EB9-6316-11E1-A416-00262D9A1E92}.dat
+ 2012-03-07 11:35 . 2012-03-07 11:40 9216 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9756F535-6849-11E1-B0FD-00262D9A1E92}.dat
+ 2012-02-29 02:32 . 2012-02-29 02:32 8192 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{97290C70-627D-11E1-BDBC-00262D9A1E92}.dat
+ 2012-02-29 02:32 . 2012-02-29 02:32 8192 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{97290C6E-627D-11E1-BDBC-00262D9A1E92}.dat
+ 2012-02-29 01:13 . 2012-02-29 01:13 4096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{971618AF-6272-11E1-BDBC-00262D9A1E92}.dat
+ 2012-02-29 01:13 . 2012-02-29 01:13 7168 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{971618AD-6272-11E1-BDBC-00262D9A1E92}.dat
+ 2012-02-29 01:13 . 2012-02-29 01:13 7168 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{971618AB-6272-11E1-BDBC-00262D9A1E92}.dat
+ 2012-02-29 00:01 . 2012-02-29 00:01 4096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9621BBE0-6268-11E1-BDBC-00262D9A1E92}.dat
+ 2012-03-02 00:49 . 2012-03-02 00:49 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9538937C-6401-11E1-A416-00262D9A1E92}.dat
+ 2012-03-07 10:52 . 2012-03-07 10:57 7168 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{9317DB5D-6843-11E1-B0FD-00262D9A1E92}.dat
+ 2012-02-29 01:56 . 2012-02-29 01:56 8192 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{921274CB-6278-11E1-BDBC-00262D9A1E92}.dat
+ 2012-02-29 01:56 . 2012-02-29 01:56 8192 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{921274C9-6278-11E1-BDBC-00262D9A1E92}.dat
+ 2012-03-01 14:48 . 2012-03-01 14:48 7168 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{91E59F02-63AD-11E1-A416-00262D9A1E92}.dat
+ 2012-03-01 14:48 . 2012-03-01 14:51 8704 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{91E59F00-63AD-11E1-A416-00262D9A1E92}.dat
+ 2012-02-29 18:59 . 2012-02-29 18:59 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8F98965A-6307-11E1-A416-00262D9A1E92}.dat
+ 2012-02-29 14:56 . 2012-02-29 14:56 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8F32C1CC-62E5-11E1-BDBC-00262D9A1E92}.dat
+ 2012-03-01 01:40 . 2012-03-01 01:44 4096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8F29BD7B-633F-11E1-A416-00262D9A1E92}.dat
+ 2012-03-01 01:40 . 2012-03-01 01:44 9216 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8F29BD77-633F-11E1-A416-00262D9A1E92}.dat
+ 2012-02-28 10:25 . 2012-02-28 10:25 7168 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8E98003D-61F6-11E1-B06B-00262D9A1E92}.dat
+ 2012-03-01 16:49 . 2012-03-01 16:49 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{869D9796-63BE-11E1-A416-00262D9A1E92}.dat
+ 2012-03-07 10:01 . 2012-03-07 10:01 7680 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8649FC18-683C-11E1-B0FD-00262D9A1E92}.dat
+ 2012-03-07 10:01 . 2012-03-07 10:01 7680 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8649FC16-683C-11E1-B0FD-00262D9A1E92}.dat
+ 2012-02-29 18:09 . 2012-02-29 18:09 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8610BF15-6300-11E1-A416-00262D9A1E92}.dat
+ 2012-02-29 18:09 . 2012-02-29 18:09 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8610BF14-6300-11E1-A416-00262D9A1E92}.dat
+ 2012-02-29 18:09 . 2012-02-29 18:09 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8610BF12-6300-11E1-A416-00262D9A1E92}.dat
+ 2012-03-02 01:39 . 2012-03-02 01:39 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{85EDD715-6408-11E1-A416-00262D9A1E92}.dat
+ 2012-03-02 01:39 . 2012-03-02 01:39 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{85EDD713-6408-11E1-A416-00262D9A1E92}.dat
+ 2012-03-02 01:39 . 2012-03-02 01:39 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{85EDD711-6408-11E1-A416-00262D9A1E92}.dat
+ 2012-03-02 00:49 . 2012-03-02 00:49 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{85560763-6401-11E1-A416-00262D9A1E92}.dat
+ 2012-03-02 00:49 . 2012-03-02 00:49 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{85560761-6401-11E1-A416-00262D9A1E92}.dat
+ 2012-03-07 10:01 . 2012-03-07 10:01 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{850C99F7-683C-11E1-B0FD-00262D9A1E92}.dat
+ 2012-02-28 10:25 . 2012-02-28 10:25 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{83F01749-61F6-11E1-B06B-00262D9A1E92}.dat
+ 2012-02-28 21:31 . 2012-02-28 21:31 4096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{83369DB0-6253-11E1-B06B-00262D9A1E92}.dat
+ 2012-02-29 14:56 . 2012-02-29 14:56 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{8077B9F5-62E5-11E1-BDBC-00262D9A1E92}.dat
+ 2012-02-29 11:06 . 2012-02-29 11:07 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7E20FCFB-62C5-11E1-BDBC-00262D9A1E92}.dat
+ 2012-02-29 18:02 . 2012-02-29 18:02 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7C944583-62FF-11E1-A416-00262D9A1E92}.dat
+ 2012-02-29 14:20 . 2012-02-29 14:20 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7A1C16CB-62E0-11E1-BDBC-00262D9A1E92}.dat
+ 2012-02-28 23:46 . 2012-02-28 23:46 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{781D04A9-6266-11E1-BDBC-00262D9A1E92}.dat
+ 2012-03-01 09:46 . 2012-03-01 09:46 4096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{77662B6C-6383-11E1-A416-00262D9A1E92}.dat
+ 2012-02-28 10:39 . 2012-02-28 10:39 4096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{76E46478-61F8-11E1-B06B-00262D9A1E92}.dat
+ 2012-02-29 19:34 . 2012-02-29 19:34 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{76A57728-630C-11E1-A416-00262D9A1E92}.dat
+ 2012-03-07 09:39 . 2012-03-07 09:39 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{75169073-6839-11E1-B0FD-00262D9A1E92}.dat
+ 2012-02-29 17:47 . 2012-02-29 17:47 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{741FFC52-62FD-11E1-A416-00262D9A1E92}.dat
+ 2012-03-01 00:13 . 2012-03-01 00:13 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6F92C495-6333-11E1-A416-00262D9A1E92}.dat
+ 2012-03-01 19:04 . 2012-03-01 19:04 4096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6E48E98C-63D1-11E1-A416-00262D9A1E92}.dat
+ 2012-03-07 12:02 . 2012-03-07 12:02 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6D93C946-684D-11E1-B0FD-00262D9A1E92}.dat
+ 2012-03-01 10:36 . 2012-03-01 10:36 9728 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6D5AE4E8-638A-11E1-A416-00262D9A1E92}.dat
+ 2012-03-01 00:13 . 2012-03-01 00:13 4096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6CAF21D1-6333-11E1-A416-00262D9A1E92}.dat
+ 2012-02-29 18:01 . 2012-02-29 18:01 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6C7D1011-62FF-11E1-A416-00262D9A1E92}.dat
+ 2012-02-29 18:01 . 2012-02-29 18:01 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6C7D1010-62FF-11E1-A416-00262D9A1E92}.dat
+ 2012-02-29 18:01 . 2012-02-29 18:01 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6C7D100F-62FF-11E1-A416-00262D9A1E92}.dat
+ 2012-02-29 18:01 . 2012-02-29 18:01 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6C7D100D-62FF-11E1-A416-00262D9A1E92}.dat
+ 2012-02-28 22:06 . 2012-02-28 22:06 4096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6C020EA6-6258-11E1-B06B-00262D9A1E92}.dat
+ 2012-02-29 01:05 . 2012-02-29 01:05 8704 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6B612079-6271-11E1-BDBC-00262D9A1E92}.dat
+ 2012-02-29 18:22 . 2012-02-29 18:23 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{68568E29-6302-11E1-A416-00262D9A1E92}.dat
+ 2012-02-29 19:05 . 2012-02-29 19:05 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{665297F1-6308-11E1-A416-00262D9A1E92}.dat
+ 2012-03-07 09:53 . 2012-03-07 09:53 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6588E756-683B-11E1-B0FD-00262D9A1E92}.dat
+ 2012-03-07 10:00 . 2012-03-07 10:00 8192 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{64F2CE7F-683C-11E1-B0FD-00262D9A1E92}.dat
+ 2012-03-07 10:00 . 2012-03-07 10:00 8192 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{64F2CE7D-683C-11E1-B0FD-00262D9A1E92}.dat
+ 2012-03-01 01:10 . 2012-03-01 01:10 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{646A1185-633B-11E1-A416-00262D9A1E92}.dat
+ 2012-02-29 18:08 . 2012-02-29 18:08 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{63F587A5-6300-11E1-A416-00262D9A1E92}.dat
+ 2012-02-29 14:55 . 2012-02-29 14:55 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{634E3DF5-62E5-11E1-BDBC-00262D9A1E92}.dat
+ 2012-02-28 21:22 . 2012-02-28 21:22 4096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{62531F5D-6252-11E1-B06B-00262D9A1E92}.dat
+ 2012-02-29 18:29 . 2012-02-29 18:30 7680 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{608A1017-6303-11E1-A416-00262D9A1E92}.dat
+ 2012-03-01 01:53 . 2012-03-01 01:53 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5FE64DE5-6341-11E1-A416-00262D9A1E92}.dat
+ 2012-03-02 00:40 . 2012-03-02 00:40 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5B3F8304-6400-11E1-A416-00262D9A1E92}.dat
+ 2012-02-29 19:48 . 2012-02-29 19:48 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5AE768E6-630E-11E1-A416-00262D9A1E92}.dat
+ 2012-03-01 10:36 . 2012-03-01 10:36 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5A07B63A-638A-11E1-A416-00262D9A1E92}.dat
+ 2012-03-01 10:36 . 2012-03-01 10:36 9728 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5A07B638-638A-11E1-A416-00262D9A1E92}.dat
+ 2012-02-29 16:42 . 2012-02-29 16:42 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{54EE54CC-62F4-11E1-A416-00262D9A1E92}.dat
+ 2012-03-07 10:14 . 2012-03-07 10:14 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{544C87F0-683E-11E1-B0FD-00262D9A1E92}.dat
+ 2012-03-07 09:38 . 2012-03-07 09:38 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5438D4B0-6839-11E1-B0FD-00262D9A1E92}.dat
+ 2012-02-28 21:51 . 2012-02-28 21:51 8192 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{534028C5-6256-11E1-B06B-00262D9A1E92}.dat
+ 2012-02-29 18:01 . 2012-02-29 18:01 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{52F98EA8-62FF-11E1-A416-00262D9A1E92}.dat
+ 2012-02-29 18:00 . 2012-02-29 18:00 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{52F98EA7-62FF-11E1-A416-00262D9A1E92}.dat
+ 2012-02-29 18:00 . 2012-02-29 18:00 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{52F98EA6-62FF-11E1-A416-00262D9A1E92}.dat
+ 2012-03-01 00:48 . 2012-03-01 00:53 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{52CC67CC-6338-11E1-A416-00262D9A1E92}.dat
+ 2012-02-28 23:31 . 2012-02-28 23:31 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5117A2C0-6264-11E1-BDBC-00262D9A1E92}.dat
+ 2012-03-07 23:00 . 2012-03-07 23:00 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4F216BC6-68A9-11E1-9136-00262D9A1E92}.dat
+ 2012-03-07 09:53 . 2012-03-07 09:53 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4EFFFD0B-683B-11E1-B0FD-00262D9A1E92}.dat
+ 2012-03-07 09:53 . 2012-03-07 09:53 7168 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4EFFFD0A-683B-11E1-B0FD-00262D9A1E92}.dat
+ 2012-03-07 09:52 . 2012-03-07 09:53 7168 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4EFFFD09-683B-11E1-B0FD-00262D9A1E92}.dat
+ 2012-03-01 14:39 . 2012-03-01 14:39 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4EA6ECF1-63AC-11E1-A416-00262D9A1E92}.dat
+ 2012-03-01 14:39 . 2012-03-01 14:39 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4EA6ECF0-63AC-11E1-A416-00262D9A1E92}.dat
+ 2012-03-07 12:09 . 2012-03-07 12:12 8704 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4DF25FD1-684E-11E1-B0FD-00262D9A1E92}.dat
+ 2012-02-29 18:00 . 2012-02-29 18:00 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4CE382A1-62FF-11E1-A416-00262D9A1E92}.dat
+ 2012-03-01 16:33 . 2012-03-01 16:33 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4A7437CF-63BC-11E1-A416-00262D9A1E92}.dat
+ 2012-02-29 18:22 . 2012-02-29 18:23 9728 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{47BEA3A2-6302-11E1-A416-00262D9A1E92}.dat
+ 2012-02-28 21:15 . 2012-02-28 21:15 4096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4603B945-6251-11E1-B06B-00262D9A1E92}.dat
+ 2012-03-01 01:02 . 2012-03-01 01:02 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{44AA56F8-633A-11E1-A416-00262D9A1E92}.dat
+ 2012-03-07 22:59 . 2012-03-07 23:00 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{43230644-68A9-11E1-9136-00262D9A1E92}.dat
+ 2012-03-01 02:14 . 2012-03-01 02:14 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{42F2C39D-6344-11E1-A416-00262D9A1E92}.dat
+ 2012-02-28 21:29 . 2012-02-28 21:32 8704 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{41C7EEB6-6253-11E1-B06B-00262D9A1E92}.dat
+ 2012-02-29 14:04 . 2012-02-29 14:04 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{41958014-62DE-11E1-BDBC-00262D9A1E92}.dat
+ 2012-02-29 18:21 . 2012-02-29 18:23 9728 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3F8F55C4-6302-11E1-A416-00262D9A1E92}.dat
+ 2012-03-07 10:56 . 2012-03-07 10:56 4096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3F5D590F-6844-11E1-B0FD-00262D9A1E92}.dat
+ 2012-03-07 09:52 . 2012-03-07 09:52 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3DA04139-683B-11E1-B0FD-00262D9A1E92}.dat
+ 2012-03-07 10:06 . 2012-03-07 10:06 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3D5A1943-683D-11E1-B0FD-00262D9A1E92}.dat
+ 2012-02-28 11:06 . 2012-02-28 11:06 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3CE1BDFD-61FC-11E1-B06B-00262D9A1E92}.dat
+ 2012-02-29 18:00 . 2012-02-29 18:00 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3AD9950E-62FF-11E1-A416-00262D9A1E92}.dat
+ 2012-03-07 09:52 . 2012-03-07 09:52 8192 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{39F8D667-683B-11E1-B0FD-00262D9A1E92}.dat
+ 2012-03-01 10:35 . 2012-03-01 10:39 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{39B3A25B-638A-11E1-A416-00262D9A1E92}.dat
+ 2012-02-29 02:00 . 2012-02-29 02:01 8704 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{393EC9CC-6279-11E1-BDBC-00262D9A1E92}.dat
+ 2012-03-07 10:06 . 2012-03-07 10:06 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{38DE7BAB-683D-11E1-B0FD-00262D9A1E92}.dat
+ 2012-02-29 17:53 . 2012-02-29 17:53 4096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{37B4CC95-62FE-11E1-A416-00262D9A1E92}.dat
+ 2012-03-01 00:12 . 2012-03-01 00:12 4096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{34B27EA5-6333-11E1-A416-00262D9A1E92}.dat
+ 2012-03-01 00:12 . 2012-03-01 00:12 4096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{34B27EA4-6333-11E1-A416-00262D9A1E92}.dat
+ 2012-03-01 17:01 . 2012-03-01 17:01 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{33E2295E-63C0-11E1-A416-00262D9A1E92}.dat
+ 2012-02-28 21:43 . 2012-02-28 21:43 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3278703B-6255-11E1-B06B-00262D9A1E92}.dat
+ 2012-03-01 14:38 . 2012-03-01 14:38 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3143F696-63AC-11E1-A416-00262D9A1E92}.dat
+ 2012-02-29 16:34 . 2012-02-29 16:34 4096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2F54419A-62F3-11E1-A416-00262D9A1E92}.dat
+ 2012-02-28 11:05 . 2012-02-28 11:06 8192 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2F2FAEA2-61FC-11E1-B06B-00262D9A1E92}.dat
+ 2012-02-29 17:59 . 2012-02-29 18:00 7168 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2F0224EE-62FF-11E1-A416-00262D9A1E92}.dat
+ 2012-02-29 17:59 . 2012-02-29 18:00 7168 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2F0224EC-62FF-11E1-A416-00262D9A1E92}.dat
+ 2012-03-07 10:06 . 2012-03-07 10:06 8192 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2ECFA27B-683D-11E1-B0FD-00262D9A1E92}.dat
+ 2012-02-29 18:07 . 2012-02-29 18:07 4096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2C40B39F-6300-11E1-A416-00262D9A1E92}.dat
+ 2012-02-28 11:05 . 2012-02-28 11:05 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2A060AF8-61FC-11E1-B06B-00262D9A1E92}.dat
+ 2012-03-01 10:13 . 2012-03-01 10:13 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{28C49783-6387-11E1-A416-00262D9A1E92}.dat
+ 2012-03-01 14:38 . 2012-03-01 14:38 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{288407B4-63AC-11E1-A416-00262D9A1E92}.dat
+ 2012-02-28 22:25 . 2012-02-28 22:25 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2877F17B-625B-11E1-BDBC-00262D9A1E92}.dat
+ 2012-03-01 10:34 . 2012-03-01 10:34 9728 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2818634B-638A-11E1-A416-00262D9A1E92}.dat
+ 2012-02-29 18:21 . 2012-02-29 18:21 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2749C70F-6302-11E1-A416-00262D9A1E92}.dat
+ 2012-02-29 18:21 . 2012-02-29 18:21 7168 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2749C70E-6302-11E1-A416-00262D9A1E92}.dat
+ 2012-03-01 18:41 . 2012-03-01 18:41 4096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{259138C2-63CE-11E1-A416-00262D9A1E92}.dat
+ 2012-03-07 09:51 . 2012-03-07 09:51 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{24FF6B9A-683B-11E1-B0FD-00262D9A1E92}.dat
+ 2012-03-07 09:51 . 2012-03-07 09:51 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{24FF6B98-683B-11E1-B0FD-00262D9A1E92}.dat
+ 2012-03-01 18:48 . 2012-03-01 18:48 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{24567D4F-63CF-11E1-A416-00262D9A1E92}.dat
+ 2012-02-28 11:27 . 2012-02-28 11:27 7680 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{239417DD-61FF-11E1-B06B-00262D9A1E92}.dat
+ 2012-03-01 15:49 . 2012-03-01 15:49 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{235A83C0-63B6-11E1-A416-00262D9A1E92}.dat
+ 2012-03-01 19:17 . 2012-03-01 19:17 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{23589D85-63D3-11E1-A416-00262D9A1E92}.dat
+ 2012-03-07 09:37 . 2012-03-07 09:37 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{21BEF5B7-6839-11E1-B0FD-00262D9A1E92}.dat
+ 2012-02-29 17:59 . 2012-02-29 17:59 7168 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{20EB9214-62FF-11E1-A416-00262D9A1E92}.dat
+ 2012-03-01 16:53 . 2012-03-01 16:54 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{207DE9D4-63BF-11E1-A416-00262D9A1E92}.dat
+ 2012-03-01 16:03 . 2012-03-01 16:04 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{202550AD-63B8-11E1-A416-00262D9A1E92}.dat
+ 2012-03-01 16:03 . 2012-03-01 16:04 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{202550AB-63B8-11E1-A416-00262D9A1E92}.dat
+ 2012-02-29 00:34 . 2012-02-29 00:34 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1FC20E8E-626D-11E1-BDBC-00262D9A1E92}.dat
+ 2012-02-29 16:33 . 2012-02-29 16:33 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1DC0A3C8-62F3-11E1-A416-00262D9A1E92}.dat
+ 2012-02-29 01:24 . 2012-02-29 01:24 8704 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1CB6E048-6274-11E1-BDBC-00262D9A1E92}.dat
+ 2012-02-29 18:06 . 2012-02-29 18:06 4096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1C982650-6300-11E1-A416-00262D9A1E92}.dat
+ 2012-02-29 18:06 . 2012-02-29 18:06 4096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1C98264E-6300-11E1-A416-00262D9A1E92}.dat
+ 2012-02-28 22:25 . 2012-02-28 22:25 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1C798BFA-625B-11E1-BDBC-00262D9A1E92}.dat
+ 2012-02-29 14:03 . 2012-02-29 14:08 9728 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1A3A5576-62DE-11E1-BDBC-00262D9A1E92}.dat
+ 2012-03-07 09:37 . 2012-03-07 09:37 6144 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{188A6368-6839-11E1-B0FD-00262D9A1E92}.dat
+ 2012-03-01 10:05 . 2012-03-01 10:05 4096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{187BD471-6386-11E1-A416-00262D9A1E92}.dat
+ 2012-03-01 14:37 . 2012-03-01 14:38 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{16ADFA3A-63AC-11E1-A416-00262D9A1E92}.dat
+ 2012-02-29 16:33 . 2012-02-29 16:33 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{14BD8815-62F3-11E1-A416-00262D9A1E92}.dat
+ 2012-02-28 11:19 . 2012-02-28 11:24 8704 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{14B87EB2-61FE-11E1-B06B-00262D9A1E92}.dat
+ 2012-03-01 10:34 . 2012-03-01 10:34 9728 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{128A305E-638A-11E1-A416-00262D9A1E92}.dat
+ 2012-02-29 01:02 . 2012-02-29 01:02 8192 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{12642157-6271-11E1-BDBC-00262D9A1E92}.dat
+ 2012-02-28 22:25 . 2012-02-28 22:25 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{121E5547-625B-11E1-BDBC-00262D9A1E92}.dat
+ 2012-03-01 18:55 . 2012-03-01 18:55 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{11ABDF55-63D0-11E1-A416-00262D9A1E92}.dat
+ 2012-02-29 18:06 . 2012-02-29 18:06 4096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{106C3D07-6300-11E1-A416-00262D9A1E92}.dat
+ 2012-02-29 00:05 . 2012-02-29 00:05 4096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0FBD4677-6269-11E1-BDBC-00262D9A1E92}.dat
+ 2012-02-29 12:36 . 2012-02-29 12:36 4096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0D534D4A-62D2-11E1-BDBC-00262D9A1E92}.dat
+ 2012-03-07 10:05 . 2012-03-07 10:05 8192 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0D4FDF1D-683D-11E1-B0FD-00262D9A1E92}.dat
+ 2012-03-07 10:05 . 2012-03-07 10:05 8192 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0D4FDF1C-683D-11E1-B0FD-00262D9A1E92}.dat
+ 2012-03-07 10:05 . 2012-03-07 10:05 8192 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0D4FDF1B-683D-11E1-B0FD-00262D9A1E92}.dat
+ 2012-03-01 10:33 . 2012-03-01 10:34 9728 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0C784C2D-638A-11E1-A416-00262D9A1E92}.dat
+ 2012-02-28 11:04 . 2012-02-28 11:05 7680 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0BA80213-61FC-11E1-B06B-00262D9A1E92}.dat
+ 2012-02-29 14:59 . 2012-02-29 14:59 8704 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet

#7 tony egri

tony egri
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:04 AM

Posted 07 March 2012 - 06:43 PM

Explorer\Recovery\High\Active\{07724CEA-62E6-11E1-BDBC-00262D9A1E92}.dat
+ 2012-02-29 17:58 . 2012-02-29 17:58 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{05DBBBA4-62FF-11E1-A416-00262D9A1E92}.dat
+ 2012-02-29 05:34 . 2012-02-29 05:34 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{04B5158E-6297-11E1-BDBC-00262D9A1E92}.dat
+ 2012-03-01 15:34 . 2012-03-01 15:34 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{04967159-63B4-11E1-A416-00262D9A1E92}.dat
+ 2012-02-28 10:28 . 2012-02-28 10:29 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{03D13548-61F7-11E1-B06B-00262D9A1E92}.dat
+ 2012-03-01 18:54 . 2012-03-01 18:54 4608 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{029D2117-63D0-11E1-A416-00262D9A1E92}.dat
+ 2012-03-01 18:54 . 2012-03-01 18:54 4096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{029D2114-63D0-11E1-A416-00262D9A1E92}.dat
+ 2012-03-07 09:50 . 2012-03-07 09:51 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0296C7CF-683B-11E1-B0FD-00262D9A1E92}.dat
+ 2012-03-07 09:50 . 2012-03-07 09:50 6656 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0296C7CD-683B-11E1-B0FD-00262D9A1E92}.dat
+ 2012-03-01 15:41 . 2012-03-01 15:41 5632 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{022EFEE0-63B5-11E1-A416-00262D9A1E92}.dat
+ 2012-03-01 01:43 . 2012-03-01 01:44 9728 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{01F95FF4-6340-11E1-A416-00262D9A1E92}.dat
+ 2012-03-01 00:10 . 2012-03-01 00:10 4096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0047E938-6333-11E1-A416-00262D9A1E92}.dat
+ 2010-05-04 12:35 . 2012-03-07 09:31 5322 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2010-05-04 12:35 . 2012-02-24 10:11 5322 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2012-02-28 10:20 . 2012-02-28 10:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-07 23:26 . 2012-03-07 23:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-02-28 10:20 . 2012-02-28 10:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-03-07 23:26 . 2012-03-07 23:26 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-02-21 08:33 . 2012-03-07 23:09 262144 c:\windows\SysWOW64\config\systemprofile\Desktop\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
- 2012-02-21 08:33 . 2012-02-28 10:18 262144 c:\windows\SysWOW64\config\systemprofile\Desktop\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
+ 2012-02-28 11:18 . 2012-02-28 11:18 200704 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F35540CB-61FD-11E1-B06B-00262D9A1E92}.dat
+ 2012-02-29 11:10 . 2012-02-29 11:10 108544 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F2ED780A-62C5-11E1-BDBC-00262D9A1E92}.dat
+ 2012-03-02 00:37 . 2012-03-02 00:41 161280 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F035BCAD-63FF-11E1-A416-00262D9A1E92}.dat
+ 2012-02-29 02:34 . 2012-02-29 02:35 214528 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E790CE73-627D-11E1-BDBC-00262D9A1E92}.dat
+ 2012-03-07 12:12 . 2012-03-07 12:13 138752 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{DD56DD3C-684E-11E1-B0FD-00262D9A1E92}.dat
+ 2012-02-29 17:43 . 2012-02-29 17:49 136704 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D4CE506A-62FC-11E1-A416-00262D9A1E92}.dat
+ 2012-02-28 22:37 . 2012-02-28 22:41 131584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{CAFCEDBB-625C-11E1-BDBC-00262D9A1E92}.dat
+ 2012-02-28 11:17 . 2012-02-28 11:24 140800 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C94593F6-61FD-11E1-B06B-00262D9A1E92}.dat
+ 2012-02-29 01:00 . 2012-02-29 01:05 170496 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C8232B66-6270-11E1-BDBC-00262D9A1E92}.dat
+ 2012-02-29 21:24 . 2012-02-29 21:28 185344 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{C0C3D1BF-631B-11E1-A416-00262D9A1E92}.dat
+ 2012-02-29 18:32 . 2012-02-29 18:32 157696 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B7E4A27E-6303-11E1-A416-00262D9A1E92}.dat
+ 2012-02-29 21:16 . 2012-02-29 21:20 161280 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B563AF04-631A-11E1-A416-00262D9A1E92}.dat
+ 2012-03-02 01:54 . 2012-03-02 02:01 169472 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B01BD505-640A-11E1-A416-00262D9A1E92}.dat
+ 2012-03-07 11:57 . 2012-03-07 11:57 247296 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{ADC6778D-684C-11E1-B0FD-00262D9A1E92}.dat
+ 2012-02-28 10:47 . 2012-02-28 10:54 372224 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{AC28B4DD-61F9-11E1-B06B-00262D9A1E92}.dat
+ 2012-02-29 16:37 . 2012-02-29 16:44 301056 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{A4C65E3D-62F3-11E1-A416-00262D9A1E92}.dat
+ 2012-02-29 21:08 . 2012-02-29 21:15 110080 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{934B7F25-6319-11E1-A416-00262D9A1E92}.dat
+ 2012-03-01 00:36 . 2012-03-01 00:43 109568 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{906CFD5B-6336-11E1-A416-00262D9A1E92}.dat
+ 2012-03-07 10:30 . 2012-03-07 10:31 183808 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{89C30825-6840-11E1-B0FD-00262D9A1E92}.dat
+ 2012-02-29 00:58 . 2012-02-29 01:05 183296 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7E8889FF-6270-11E1-BDBC-00262D9A1E92}.dat
+ 2012-03-07 10:29 . 2012-03-07 10:31 183808 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7C28EDF8-6840-11E1-B0FD-00262D9A1E92}.dat
+ 2012-02-29 01:26 . 2012-02-29 01:27 274432 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{75F248E3-6274-11E1-BDBC-00262D9A1E92}.dat
+ 2012-02-29 18:16 . 2012-02-29 18:23 226304 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{7114BB43-6301-11E1-A416-00262D9A1E92}.dat
+ 2012-02-29 01:55 . 2012-02-29 02:02 385536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6A46CD01-6278-11E1-BDBC-00262D9A1E92}.dat
+ 2012-02-29 14:12 . 2012-02-29 14:19 195584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{596D1EDB-62DF-11E1-BDBC-00262D9A1E92}.dat
+ 2012-03-07 11:54 . 2012-03-07 12:01 119296 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4572B3A1-684C-11E1-B0FD-00262D9A1E92}.dat
+ 2012-03-07 10:56 . 2012-03-07 10:57 348672 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3F5D590D-6844-11E1-B0FD-00262D9A1E92}.dat
+ 2012-03-07 09:59 . 2012-03-07 09:59 258560 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{37A55D9A-683C-11E1-B0FD-00262D9A1E92}.dat
+ 2012-03-07 11:46 . 2012-03-07 11:50 118272 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{34F99106-684B-11E1-B0FD-00262D9A1E92}.dat
+ 2012-03-07 10:06 . 2012-03-07 10:13 105472 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{335F3D3C-683D-11E1-B0FD-00262D9A1E92}.dat
+ 2012-02-29 22:46 . 2012-02-29 22:50 239616 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{2E772C4A-6327-11E1-A416-00262D9A1E92}.dat
+ 2012-03-02 02:04 . 2012-03-02 02:09 235520 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1CD14F6C-640C-11E1-A416-00262D9A1E92}.dat
+ 2012-03-07 11:17 . 2012-03-07 11:24 392704 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{1560D32D-6847-11E1-B0FD-00262D9A1E92}.dat
+ 2012-03-07 11:02 . 2012-03-07 11:09 140288 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0BE0F14E-6845-11E1-B0FD-00262D9A1E92}.dat
+ 2012-02-29 14:59 . 2012-02-29 15:00 312832 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{07724CE8-62E6-11E1-BDBC-00262D9A1E92}.dat
+ 2010-05-03 20:56 . 2012-03-07 09:16 344562 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:36 . 2012-03-05 11:29 627082 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-02-22 13:39 627082 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-03-05 11:29 107366 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-02-22 13:39 107366 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-02-28 10:19 394268 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-03-07 23:26 394268 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-03-01 10:32 . 2012-03-01 10:39 1136128 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{E4182A69-6389-11E1-A416-00262D9A1E92}.dat
+ 2012-02-21 11:25 . 2012-03-07 23:26 7825908 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
+ 2009-07-14 02:34 . 2012-03-07 10:28 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34 . 2012-02-28 00:18 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2010-09-27 02:08 . 2012-03-07 23:26 12232220 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3560637341-1125862931-88969083-1000-12288.dat
+ 2012-01-04 10:53 . 2012-01-04 10:53 30461440 c:\windows\Installer\35cb9.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{C8748F11-F4AD-47AF-AB50-C7DF5792096B}]
2009-11-25 11:47 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\MESSEN~1\YahooMessenger.exe" [2010-04-29 5248312]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2010-09-27 328056]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"VivoxHDN"="c:\users\Tony\AppData\Local\Vivox\HDN\Current\Vivox.HDN.Up.exe" [2012-02-22 8507752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-11 98304]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-11-01 1100368]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"DataCardMonitor"="c:\program files (x86)\Virgin Mobile\Broadband Home\DataCardMonitor.exe" [2008-07-21 253952]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"ServiceManager.exe"="c:\program files (x86)\Virgin Media\Service Manager\ServiceManager.exe" [2011-03-25 4371768]
.
c:\users\Tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Banshee Screamer Alarm.lnk - c:\program files (x86)\Banshee Screamer Alarm\alarm.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\WI3C8A~1\Datamngr\datamngr.dll c:\progra~2\WI3C8A~1\Datamngr\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x]
R3 NMgamingmsFltr;USB Optical Mouse;c:\windows\system32\drivers\NMgamingms.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2009-05-14 731840]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]
S2 ServicepointService;ServicepointService;c:\program files (x86)\Virgin Media\Service Manager\ServicepointService.exe [2011-03-25 689464]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-09-30 2320920]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3560637341-1125862931-88969083-1000Core.job
- c:\users\Tony\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-21 10:13]
.
2012-03-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3560637341-1125862931-88969083-1000UA.job
- c:\users\Tony\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-21 10:13]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-28 8312352]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-07-22 323072]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2692520]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~2\WI3C8A~1\Datamngr\x64\datamngr.dll c:\progra~2\WI3C8A~1\Datamngr\x64\IEBHO.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.ro/
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchURL,(Default) = hxxp://www.google.ro
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Tony\AppData\Roaming\Mozilla\Firefox\Profiles\egqogi9n.default\
FF - prefs.js: browser.startup.homepage - google.com
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{99079A25-328F-4BD4-BE04-00955ACAA0A7}"=hex:51,66,7a,6c,4c,1d,38,12,4b,99,14,
9d,bd,7c,ba,0e,c1,12,43,d5,5f,94,e4,b3
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}"=hex:51,66,7a,6c,4c,1d,38,12,ab,c5,1e,
a0,e2,37,c6,09,de,93,cc,b9,8c,f1,55,01
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:d2,3e,15,89,73,f0,cc,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1c,d7,c4,63,89,15,0f,43,be,fd,5d,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1c,d7,c4,63,89,15,0f,43,be,fd,5d,\
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe
c:\users\Tony\AppData\Local\Vivox\VVS\Current\VivoxVoiceService.exe
c:\program files (x86)\Internet Explorer\iexplore.exe
c:\program files (x86)\Internet Explorer\iexplore.exe
c:\program files (x86)\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 2012-03-07 23:34:30 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-07 23:34
ComboFix2.txt 2012-02-28 10:28
.
Pre-Run: 46,394,396,672 bytes free
Post-Run: 48,996,126,720 bytes free
I still get redirected from google search results, most of the times to easyA-Z.com. I havent heard any ads tho since i ran the combofix.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:04 PM

Posted 07 March 2012 - 08:43 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 tony egri

tony egri
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:04 AM

Posted 08 March 2012 - 05:41 AM

:38:17.0557 10672 TDSS rootkit removing tool 2.7.15.0 Feb 27 2012 12:59:02
10:38:24.0970 10672 ============================================================
10:38:24.0970 10672 Current date / time: 2012/03/08 10:38:24.0970
10:38:24.0970 10672 SystemInfo:
10:38:24.0970 10672
10:38:24.0970 10672 OS Version: 6.1.7600 ServicePack: 0.0
10:38:24.0970 10672 Product type: Workstation
10:38:24.0970 10672 ComputerName: TONY-PC
10:38:24.0971 10672 UserName: Tony
10:38:24.0971 10672 Windows directory: C:\Windows
10:38:24.0971 10672 System windows directory: C:\Windows
10:38:24.0971 10672 Running under WOW64
10:38:24.0971 10672 Processor architecture: Intel x64
10:38:24.0971 10672 Number of processors: 4
10:38:24.0971 10672 Page size: 0x1000
10:38:24.0971 10672 Boot type: Normal boot
10:38:24.0971 10672 ============================================================
10:38:25.0437 10672 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:38:25.0457 10672 \Device\Harddisk0\DR0:
10:38:25.0458 10672 MBR used
10:38:25.0458 10672 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
10:38:25.0458 10672 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x9C0E000
10:38:25.0458 10672 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x9C40800, BlocksNum 0x1B7ED800
10:38:25.0584 10672 Initialize success
10:38:25.0584 10672 ============================================================
10:38:34.0988 6328 ============================================================
10:38:34.0988 6328 Scan started
10:38:34.0988 6328 Mode: Manual;
10:38:34.0988 6328 ============================================================
10:38:39.0861 6328 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
10:38:39.0864 6328 1394ohci - ok
10:38:40.0011 6328 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
10:38:40.0015 6328 ACPI - ok
10:38:40.0146 6328 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
10:38:40.0147 6328 AcpiPmi - ok
10:38:40.0315 6328 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
10:38:40.0321 6328 adp94xx - ok
10:38:40.0706 6328 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
10:38:40.0710 6328 adpahci - ok
10:38:40.0872 6328 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
10:38:40.0875 6328 adpu320 - ok
10:38:41.0023 6328 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
10:38:41.0028 6328 AFD - ok
10:38:41.0197 6328 AgereSoftModem (a6ab6f0ace87da76b4c401813d18be95) C:\Windows\system32\DRIVERS\agrsm64.sys
10:38:41.0227 6328 AgereSoftModem - ok
10:38:41.0405 6328 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
10:38:41.0406 6328 agp440 - ok
10:38:41.0568 6328 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
10:38:41.0568 6328 aliide - ok
10:38:41.0722 6328 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
10:38:41.0723 6328 amdide - ok
10:38:41.0865 6328 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
10:38:41.0866 6328 AmdK8 - ok
10:38:42.0016 6328 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
10:38:42.0018 6328 AmdPPM - ok
10:38:42.0162 6328 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
10:38:42.0164 6328 amdsata - ok
10:38:42.0308 6328 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
10:38:42.0311 6328 amdsbs - ok
10:38:42.0447 6328 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
10:38:42.0448 6328 amdxata - ok
10:38:42.0596 6328 androidusb (4de0d5d747a73797c95a97dcce5018b5) C:\Windows\system32\Drivers\ssadadb.sys
10:38:42.0597 6328 androidusb - ok
10:38:42.0740 6328 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
10:38:42.0742 6328 AppID - ok
10:38:42.0919 6328 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
10:38:42.0921 6328 arc - ok
10:38:43.0058 6328 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
10:38:43.0060 6328 arcsas - ok
10:38:43.0215 6328 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
10:38:43.0217 6328 AsyncMac - ok
10:38:43.0365 6328 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
10:38:43.0366 6328 atapi - ok
10:38:43.0563 6328 athr (88a02b6046356e6be4e387faa7451439) C:\Windows\system32\DRIVERS\athrx.sys
10:38:43.0609 6328 athr - ok
10:38:43.0870 6328 atikmdag (d229cc2ebcf287adafece59ab1e3d3bc) C:\Windows\system32\DRIVERS\atikmdag.sys
10:38:44.0028 6328 atikmdag - ok
10:38:44.0219 6328 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
10:38:44.0224 6328 b06bdrv - ok
10:38:44.0370 6328 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
10:38:44.0385 6328 b57nd60a - ok
10:38:44.0556 6328 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
10:38:44.0557 6328 Beep - ok
10:38:44.0716 6328 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
10:38:44.0717 6328 blbdrive - ok
10:38:44.0869 6328 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
10:38:44.0871 6328 bowser - ok
10:38:45.0001 6328 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:38:45.0002 6328 BrFiltLo - ok
10:38:45.0151 6328 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:38:45.0152 6328 BrFiltUp - ok
10:38:45.0275 6328 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
10:38:45.0277 6328 BridgeMP - ok
10:38:45.0363 6328 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
10:38:45.0368 6328 Brserid - ok
10:38:45.0492 6328 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
10:38:45.0494 6328 BrSerWdm - ok
10:38:45.0619 6328 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
10:38:45.0620 6328 BrUsbMdm - ok
10:38:45.0755 6328 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
10:38:45.0756 6328 BrUsbSer - ok
10:38:45.0874 6328 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
10:38:45.0876 6328 BTHMODEM - ok
10:38:45.0914 6328 catchme - ok
10:38:46.0039 6328 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
10:38:46.0041 6328 cdfs - ok
10:38:46.0191 6328 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
10:38:46.0193 6328 cdrom - ok
10:38:46.0331 6328 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
10:38:46.0333 6328 circlass - ok
10:38:46.0429 6328 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
10:38:46.0434 6328 CLFS - ok
10:38:46.0578 6328 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
10:38:46.0579 6328 CmBatt - ok
10:38:46.0713 6328 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
10:38:46.0714 6328 cmdide - ok
10:38:46.0848 6328 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
10:38:46.0855 6328 CNG - ok
10:38:46.0994 6328 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
10:38:46.0996 6328 Compbatt - ok
10:38:47.0135 6328 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
10:38:47.0136 6328 CompositeBus - ok
10:38:47.0272 6328 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
10:38:47.0274 6328 crcdisk - ok
10:38:47.0432 6328 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
10:38:47.0438 6328 CSC - ok
10:38:47.0630 6328 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
10:38:47.0632 6328 DfsC - ok
10:38:47.0750 6328 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
10:38:47.0751 6328 discache - ok
10:38:47.0905 6328 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
10:38:47.0907 6328 Disk - ok
10:38:47.0920 6328 DKbFltr - ok
10:38:48.0080 6328 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
10:38:48.0081 6328 drmkaud - ok
10:38:48.0216 6328 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
10:38:48.0229 6328 DXGKrnl - ok
10:38:48.0393 6328 eamon (55851f4864f8ad6e98b02307eca29db4) C:\Windows\system32\DRIVERS\eamon.sys
10:38:48.0395 6328 eamon - ok
10:38:48.0566 6328 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
10:38:48.0675 6328 ebdrv - ok
10:38:48.0828 6328 ehdrv (62c96b617ac7c4c8a9c29d57a36aa874) C:\Windows\system32\DRIVERS\ehdrv.sys
10:38:48.0830 6328 ehdrv - ok
10:38:49.0003 6328 ElbyCDIO (9a47ac3dfcf81d30922cdaaf1c2d579f) C:\Windows\system32\Drivers\ElbyCDIO.sys
10:38:49.0005 6328 ElbyCDIO - ok
10:38:49.0146 6328 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
10:38:49.0154 6328 elxstor - ok
10:38:49.0330 6328 epfwwfpr (275395bfa2d37ac63b4c94cfa6a397cd) C:\Windows\system32\DRIVERS\epfwwfpr.sys
10:38:49.0333 6328 epfwwfpr - ok
10:38:49.0468 6328 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
10:38:49.0469 6328 ErrDev - ok
10:38:49.0644 6328 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
10:38:49.0646 6328 exfat - ok
10:38:49.0791 6328 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
10:38:49.0794 6328 fastfat - ok
10:38:49.0936 6328 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
10:38:49.0937 6328 fdc - ok
10:38:50.0088 6328 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
10:38:50.0090 6328 FileInfo - ok
10:38:50.0213 6328 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
10:38:50.0214 6328 Filetrace - ok
10:38:50.0343 6328 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
10:38:50.0345 6328 flpydisk - ok
10:38:50.0479 6328 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
10:38:50.0483 6328 FltMgr - ok
10:38:50.0604 6328 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
10:38:50.0605 6328 FsDepends - ok
10:38:50.0719 6328 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
10:38:50.0720 6328 Fs_Rec - ok
10:38:50.0859 6328 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
10:38:50.0862 6328 fvevol - ok
10:38:50.0978 6328 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
10:38:50.0980 6328 gagp30kx - ok
10:38:51.0096 6328 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
10:38:51.0097 6328 hcw85cir - ok
10:38:51.0225 6328 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
10:38:51.0230 6328 HdAudAddService - ok
10:38:51.0361 6328 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
10:38:51.0363 6328 HDAudBus - ok
10:38:51.0489 6328 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
10:38:51.0491 6328 HECIx64 - ok
10:38:51.0611 6328 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
10:38:51.0612 6328 HidBatt - ok
10:38:51.0717 6328 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
10:38:51.0719 6328 HidBth - ok
10:38:51.0828 6328 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
10:38:51.0829 6328 HidIr - ok
10:38:51.0967 6328 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
10:38:51.0968 6328 HidUsb - ok
10:38:52.0093 6328 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
10:38:52.0095 6328 HpSAMD - ok
10:38:52.0233 6328 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
10:38:52.0242 6328 HTTP - ok
10:38:52.0407 6328 hwdatacard (c8f3119ad72a507d12ef389df4c266ef) C:\Windows\system32\DRIVERS\ewusbmdm.sys
10:38:52.0409 6328 hwdatacard - ok
10:38:52.0541 6328 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
10:38:52.0542 6328 hwpolicy - ok
10:38:52.0692 6328 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
10:38:52.0695 6328 i8042prt - ok
10:38:52.0809 6328 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
10:38:52.0811 6328 iaStor - ok
10:38:52.0944 6328 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
10:38:52.0950 6328 iaStorV - ok
10:38:53.0081 6328 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
10:38:53.0082 6328 iirsp - ok
10:38:53.0238 6328 IntcAzAudAddService (42943bb3ab7a405b30eff7c8283cc129) C:\Windows\system32\drivers\RTKVHD64.sys
10:38:53.0284 6328 IntcAzAudAddService - ok
10:38:53.0396 6328 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
10:38:53.0397 6328 intelide - ok
10:38:53.0522 6328 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
10:38:53.0523 6328 intelppm - ok
10:38:53.0674 6328 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:38:53.0676 6328 IpFilterDriver - ok
10:38:53.0784 6328 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
10:38:53.0786 6328 IPMIDRV - ok
10:38:53.0907 6328 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
10:38:53.0910 6328 IPNAT - ok
10:38:54.0044 6328 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
10:38:54.0045 6328 IRENUM - ok
10:38:54.0157 6328 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
10:38:54.0158 6328 isapnp - ok
10:38:54.0281 6328 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
10:38:54.0284 6328 iScsiPrt - ok
10:38:54.0399 6328 k57nd60a (d85f3f18e44f7447b5f1ba5c85baeb7c) C:\Windows\system32\DRIVERS\k57nd60a.sys
10:38:54.0403 6328 k57nd60a - ok
10:38:54.0520 6328 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
10:38:54.0522 6328 kbdclass - ok
10:38:54.0654 6328 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
10:38:54.0656 6328 kbdhid - ok
10:38:54.0781 6328 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
10:38:54.0784 6328 KSecDD - ok
10:38:54.0906 6328 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
10:38:54.0909 6328 KSecPkg - ok
10:38:55.0027 6328 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
10:38:55.0029 6328 ksthunk - ok
10:38:55.0191 6328 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
10:38:55.0193 6328 lltdio - ok
10:38:55.0339 6328 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
10:38:55.0342 6328 LSI_FC - ok
10:38:55.0469 6328 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
10:38:55.0471 6328 LSI_SAS - ok
10:38:55.0603 6328 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:38:55.0605 6328 LSI_SAS2 - ok
10:38:55.0737 6328 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:38:55.0740 6328 LSI_SCSI - ok
10:38:55.0880 6328 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
10:38:55.0883 6328 luafv - ok
10:38:56.0002 6328 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
10:38:56.0004 6328 megasas - ok
10:38:56.0132 6328 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
10:38:56.0137 6328 MegaSR - ok
10:38:56.0270 6328 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
10:38:56.0271 6328 Modem - ok
10:38:56.0388 6328 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
10:38:56.0389 6328 monitor - ok
10:38:56.0490 6328 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
10:38:56.0493 6328 mouclass - ok
10:38:56.0612 6328 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
10:38:56.0613 6328 mouhid - ok
10:38:56.0720 6328 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
10:38:56.0722 6328 mountmgr - ok
10:38:56.0843 6328 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
10:38:56.0847 6328 mpio - ok
10:38:56.0955 6328 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
10:38:56.0957 6328 mpsdrv - ok
10:38:57.0065 6328 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
10:38:57.0068 6328 MRxDAV - ok
10:38:57.0185 6328 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:38:57.0188 6328 mrxsmb - ok
10:38:57.0303 6328 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:38:57.0307 6328 mrxsmb10 - ok
10:38:57.0418 6328 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:38:57.0420 6328 mrxsmb20 - ok
10:38:57.0532 6328 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
10:38:57.0533 6328 msahci - ok
10:38:57.0644 6328 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
10:38:57.0647 6328 msdsm - ok
10:38:57.0775 6328 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
10:38:57.0777 6328 Msfs - ok
10:38:57.0882 6328 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
10:38:57.0883 6328 mshidkmdf - ok
10:38:57.0990 6328 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
10:38:57.0992 6328 msisadrv - ok
10:38:58.0128 6328 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
10:38:58.0129 6328 MSKSSRV - ok
10:38:58.0246 6328 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
10:38:58.0247 6328 MSPCLOCK - ok
10:38:58.0353 6328 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
10:38:58.0355 6328 MSPQM - ok
10:38:58.0471 6328 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
10:38:58.0476 6328 MsRPC - ok
10:38:58.0605 6328 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
10:38:58.0606 6328 mssmbios - ok
10:38:58.0728 6328 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
10:38:58.0729 6328 MSTEE - ok
10:38:58.0843 6328 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
10:38:58.0844 6328 MTConfig - ok
10:38:58.0965 6328 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
10:38:58.0967 6328 Mup - ok
10:38:59.0100 6328 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
10:38:59.0106 6328 NativeWifiP - ok
10:38:59.0267 6328 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
10:38:59.0284 6328 NDIS - ok
10:38:59.0449 6328 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
10:38:59.0451 6328 NdisCap - ok
10:38:59.0568 6328 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
10:38:59.0570 6328 NdisTapi - ok
10:38:59.0690 6328 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
10:38:59.0693 6328 Ndisuio - ok
10:38:59.0831 6328 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
10:38:59.0834 6328 NdisWan - ok
10:38:59.0950 6328 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
10:38:59.0954 6328 NDProxy - ok
10:39:00.0084 6328 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
10:39:00.0085 6328 NetBIOS - ok
10:39:00.0185 6328 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
10:39:00.0188 6328 NetBT - ok
10:39:00.0329 6328 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
10:39:00.0330 6328 nfrd960 - ok
10:39:00.0481 6328 NMgamingmsFltr (fbca3fd51604147770eb4fb53d6144a8) C:\Windows\system32\drivers\NMgamingms.sys
10:39:00.0482 6328 NMgamingmsFltr - ok
10:39:00.0616 6328 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
10:39:00.0618 6328 Npfs - ok
10:39:00.0725 6328 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
10:39:00.0725 6328 nsiproxy - ok
10:39:00.0889 6328 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
10:39:00.0962 6328 Ntfs - ok
10:39:01.0093 6328 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
10:39:01.0094 6328 Null - ok
10:39:01.0234 6328 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
10:39:01.0237 6328 nvraid - ok
10:39:01.0376 6328 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
10:39:01.0379 6328 nvstor - ok
10:39:01.0426 6328 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
10:39:01.0429 6328 nv_agp - ok
10:39:01.0459 6328 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
10:39:01.0461 6328 ohci1394 - ok
10:39:01.0608 6328 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
10:39:01.0610 6328 Parport - ok
10:39:01.0680 6328 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
10:39:01.0682 6328 partmgr - ok
10:39:01.0769 6328 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
10:39:01.0772 6328 pci - ok
10:39:01.0895 6328 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
10:39:01.0897 6328 pciide - ok
10:39:01.0999 6328 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
10:39:02.0004 6328 pcmcia - ok
10:39:02.0117 6328 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
10:39:02.0119 6328 pcw - ok
10:39:02.0248 6328 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
10:39:02.0257 6328 PEAUTH - ok
10:39:02.0474 6328 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
10:39:02.0477 6328 PptpMiniport - ok
10:39:02.0605 6328 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
10:39:02.0607 6328 Processor - ok
10:39:02.0738 6328 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
10:39:02.0741 6328 Psched - ok
10:39:02.0900 6328 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
10:39:02.0935 6328 ql2300 - ok
10:39:03.0062 6328 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
10:39:03.0065 6328 ql40xx - ok
10:39:03.0206 6328 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
10:39:03.0207 6328 QWAVEdrv - ok
10:39:03.0348 6328 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
10:39:03.0349 6328 RasAcd - ok
10:39:03.0454 6328 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
10:39:03.0456 6328 RasAgileVpn - ok
10:39:03.0574 6328 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:39:03.0576 6328 Rasl2tp - ok
10:39:03.0717 6328 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
10:39:03.0719 6328 RasPppoe - ok
10:39:03.0826 6328 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
10:39:03.0828 6328 RasSstp - ok
10:39:03.0937 6328 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
10:39:03.0942 6328 rdbss - ok
10:39:04.0055 6328 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
10:39:04.0061 6328 rdpbus - ok
10:39:04.0095 6328 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:39:04.0095 6328 RDPCDD - ok
10:39:04.0144 6328 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
10:39:04.0147 6328 RDPDR - ok
10:39:04.0247 6328 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
10:39:04.0248 6328 RDPENCDD - ok
10:39:04.0364 6328 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
10:39:04.0365 6328 RDPREFMP - ok
10:39:04.0486 6328 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
10:39:04.0490 6328 RDPWD - ok
10:39:04.0603 6328 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
10:39:04.0608 6328 rdyboost - ok
10:39:04.0751 6328 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
10:39:04.0753 6328 rspndr - ok
10:39:04.0873 6328 RTHDMIAzAudService (7421a35c45484b95e83b5e9e107cefc2) C:\Windows\system32\drivers\RtHDMIVX.sys
10:39:04.0876 6328 RTHDMIAzAudService - ok
10:39:04.0985 6328 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
10:39:04.0987 6328 s3cap - ok
10:39:05.0111 6328 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
10:39:05.0114 6328 sbp2port - ok
10:39:05.0147 6328 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
10:39:05.0149 6328 scfilter - ok
10:39:05.0185 6328 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
10:39:05.0187 6328 secdrv - ok
10:39:05.0335 6328 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
10:39:05.0336 6328 Serenum - ok
10:39:05.0456 6328 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
10:39:05.0459 6328 Serial - ok
10:39:05.0569 6328 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
10:39:05.0571 6328 sermouse - ok
10:39:05.0724 6328 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
10:39:05.0725 6328 sffdisk - ok
10:39:05.0842 6328 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
10:39:05.0844 6328 sffp_mmc - ok
10:39:05.0881 6328 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
10:39:05.0882 6328 sffp_sd - ok
10:39:05.0903 6328 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
10:39:05.0904 6328 sfloppy - ok
10:39:06.0051 6328 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:39:06.0052 6328 SiSRaid2 - ok
10:39:06.0148 6328 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
10:39:06.0150 6328 SiSRaid4 - ok
10:39:06.0235 6328 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
10:39:06.0237 6328 Smb - ok
10:39:06.0368 6328 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
10:39:06.0370 6328 spldr - ok
10:39:06.0515 6328 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
10:39:06.0522 6328 srv - ok
10:39:06.0595 6328 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
10:39:06.0600 6328 srv2 - ok
10:39:06.0666 6328 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
10:39:06.0669 6328 srvnet - ok
10:39:06.0777 6328 ssadbus (8f8324ed1de63ffc7b1a02cd2d963c72) C:\Windows\system32\DRIVERS\ssadbus.sys
10:39:06.0781 6328 ssadbus - ok
10:39:06.0903 6328 ssadmdfl (58221efcb74167b73667f0024c661ce0) C:\Windows\system32\DRIVERS\ssadmdfl.sys
10:39:06.0904 6328 ssadmdfl - ok
10:39:06.0941 6328 ssadmdm (4da7c71bfac5ad71255b7e4cab980163) C:\Windows\system32\DRIVERS\ssadmdm.sys
10:39:06.0944 6328 ssadmdm - ok
10:39:06.0985 6328 ssadserd (d33d1bd3ec0e766211a234f56a12726d) C:\Windows\system32\DRIVERS\ssadserd.sys
10:39:06.0988 6328 ssadserd - ok
10:39:07.0122 6328 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
10:39:07.0124 6328 stexstor - ok
10:39:07.0242 6328 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
10:39:07.0244 6328 storflt - ok
10:39:07.0272 6328 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
10:39:07.0273 6328 storvsc - ok
10:39:07.0389 6328 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
10:39:07.0391 6328 swenum - ok
10:39:07.0579 6328 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
10:39:07.0636 6328 Tcpip - ok
10:39:07.0802 6328 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
10:39:07.0816 6328 TCPIP6 - ok
10:39:07.0953 6328 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
10:39:07.0955 6328 tcpipreg - ok
10:39:08.0084 6328 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
10:39:08.0086 6328 TDPIPE - ok
10:39:08.0197 6328 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
10:39:08.0198 6328 TDTCP - ok
10:39:08.0328 6328 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
10:39:08.0331 6328 tdx - ok
10:39:08.0438 6328 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
10:39:08.0440 6328 TermDD - ok
10:39:08.0597 6328 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:39:08.0598 6328 tssecsrv - ok
10:39:08.0727 6328 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
10:39:08.0730 6328 tunnel - ok
10:39:08.0860 6328 TurboB (825e7a1f48fb8bcfba27c178aab4e275) C:\Windows\system32\DRIVERS\TurboB.sys
10:39:08.0861 6328 TurboB - ok
10:39:08.0982 6328 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
10:39:08.0984 6328 uagp35 - ok
10:39:09.0067 6328 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
10:39:09.0072 6328 udfs - ok
10:39:09.0118 6328 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
10:39:09.0120 6328 uliagpkx - ok
10:39:09.0143 6328 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
10:39:09.0144 6328 umbus - ok
10:39:09.0284 6328 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
10:39:09.0286 6328 UmPass - ok
10:39:09.0412 6328 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
10:39:09.0415 6328 usbccgp - ok
10:39:09.0541 6328 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
10:39:09.0544 6328 usbcir - ok
10:39:09.0626 6328 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
10:39:09.0628 6328 usbehci - ok
10:39:09.0765 6328 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
10:39:09.0771 6328 usbhub - ok
10:39:09.0871 6328 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
10:39:09.0873 6328 usbohci - ok
10:39:09.0989 6328 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
10:39:09.0991 6328 usbprint - ok
10:39:10.0016 6328 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:39:10.0019 6328 USBSTOR - ok
10:39:10.0133 6328 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
10:39:10.0135 6328 usbuhci - ok
10:39:10.0271 6328 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
10:39:10.0274 6328 usbvideo - ok
10:39:10.0420 6328 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
10:39:10.0422 6328 usb_rndisx - ok
10:39:10.0554 6328 VClone (84bb306b7863883018d7f3eb0c453bd5) C:\Windows\system32\DRIVERS\VClone.sys
10:39:10.0556 6328 VClone - ok
10:39:10.0670 6328 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
10:39:10.0672 6328 vdrvroot - ok
10:39:10.0818 6328 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
10:39:10.0820 6328 vga - ok
10:39:10.0842 6328 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
10:39:10.0844 6328 VgaSave - ok
10:39:10.0964 6328 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
10:39:10.0968 6328 vhdmp - ok
10:39:11.0071 6328 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
10:39:11.0073 6328 viaide - ok
10:39:11.0181 6328 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
10:39:11.0185 6328 vmbus - ok
10:39:11.0288 6328 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
10:39:11.0289 6328 VMBusHID - ok
10:39:11.0330 6328 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
10:39:11.0331 6328 volmgr - ok
10:39:11.0435 6328 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
10:39:11.0441 6328 volmgrx - ok
10:39:11.0546 6328 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
10:39:11.0551 6328 volsnap - ok
10:39:11.0686 6328 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
10:39:11.0690 6328 vsmraid - ok
10:39:11.0790 6328 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
10:39:11.0792 6328 vwifibus - ok
10:39:11.0859 6328 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
10:39:11.0873 6328 vwififlt - ok
10:39:12.0010 6328 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
10:39:12.0011 6328 WacomPen - ok
10:39:12.0131 6328 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
10:39:12.0134 6328 WANARP - ok
10:39:12.0141 6328 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
10:39:12.0142 6328 Wanarpv6 - ok
10:39:12.0308 6328 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
10:39:12.0310 6328 Wd - ok
10:39:12.0419 6328 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
10:39:12.0430 6328 Wdf01000 - ok
10:39:12.0585 6328 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
10:39:12.0586 6328 WfpLwf - ok
10:39:12.0707 6328 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
10:39:12.0709 6328 WIMMount - ok
10:39:12.0872 6328 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
10:39:12.0874 6328 WinUsb - ok
10:39:13.0012 6328 WmBEnum (e7f4937b613b1e4294100c9d4efc36a9) C:\Windows\system32\drivers\WmBEnum.sys
10:39:13.0014 6328 WmBEnum - ok
10:39:13.0130 6328 WmFilter (6f6f2b263002b243d3501c7e6c8fc11d) C:\Windows\system32\drivers\WmFilter.sys
10:39:13.0132 6328 WmFilter - ok
10:39:13.0239 6328 WmHidLo (1584f8d5fdfe44c03dba85a2106b937f) C:\Windows\system32\drivers\WmHidLo.sys
10:39:13.0241 6328 WmHidLo - ok
10:39:13.0371 6328 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
10:39:13.0372 6328 WmiAcpi - ok
10:39:13.0493 6328 WmVirHid (52b4fcc6afaec0ffd80bda63f9b140cd) C:\Windows\system32\drivers\WmVirHid.sys
10:39:13.0494 6328 WmVirHid - ok
10:39:13.0618 6328 WmXlCore (395b3e7fba81bdc4501641b3b2cf2e20) C:\Windows\system32\drivers\WmXlCore.sys
10:39:13.0620 6328 WmXlCore - ok
10:39:13.0736 6328 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
10:39:13.0737 6328 ws2ifsl - ok
10:39:13.0863 6328 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
10:39:13.0866 6328 WudfPf - ok
10:39:13.0994 6328 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:39:13.0998 6328 WUDFRd - ok
10:39:14.0044 6328 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
10:39:14.0111 6328 \Device\Harddisk0\DR0 - ok
10:39:14.0116 6328 Boot (0x1200) (c4fe73df48d302fdbea8b1f9a0534219) \Device\Harddisk0\DR0\Partition0
10:39:14.0117 6328 \Device\Harddisk0\DR0\Partition0 - ok
10:39:14.0126 6328 Boot (0x1200) (52bdaffbaefdc0208a4a04e8097beb41) \Device\Harddisk0\DR0\Partition1
10:39:14.0128 6328 \Device\Harddisk0\DR0\Partition1 - ok
10:39:14.0149 6328 Boot (0x1200) (40fd64cc1d15c5ff45b5a1da97cc9712) \Device\Harddisk0\DR0\Partition2
10:39:14.0151 6328 \Device\Harddisk0\DR0\Partition2 - ok
10:39:14.0152 6328 ============================================================
10:39:14.0152 6328 Scan finished
10:39:14.0152 6328 ============================================================
10:39:14.0168 8924 Detected object count: 0
10:39:14.0168 8924 Actual detected object count: 0

#10 tony egri

tony egri
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:04 AM

Posted 08 March 2012 - 06:02 AM

aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-03-08 10:41:31
-----------------------------
10:41:31.508 OS Version: Windows x64 6.1.7600
10:41:31.508 Number of processors: 4 586 0x2502
10:41:31.509 ComputerName: TONY-PC UserName: Tony
10:41:33.571 Initialize success
10:44:03.588 AVAST engine defs: 12030800
10:44:22.594 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
10:44:22.600 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 3
10:44:22.640 Disk 0 MBR read successfully
10:44:22.645 Disk 0 MBR scan
10:44:22.652 Disk 0 Windows 7 default MBR code
10:44:22.658 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
10:44:22.677 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 79900 MB offset 206848
10:44:22.700 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 225243 MB offset 163842048
10:44:22.752 Disk 0 scanning C:\Windows\system32\drivers
10:44:32.910 Service scanning
10:45:12.978 Modules scanning
10:45:12.991 Disk 0 trace - called modules:
10:45:13.021 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
10:45:13.358 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800344c060]
10:45:13.368 3 CLASSPNP.SYS[fffff8800145143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80031e2050]
10:45:15.753 AVAST engine scan C:\Windows
10:45:19.468 AVAST engine scan C:\Windows\system32
10:48:06.018 AVAST engine scan C:\Windows\system32\drivers
10:48:18.426 AVAST engine scan C:\Users\Tony
10:54:36.152 AVAST engine scan C:\ProgramData
10:56:42.516 Scan finished successfully
11:00:23.930 Disk 0 MBR has been saved successfully to "C:\Users\Tony\Desktop\MBR.dat"
11:00:24.033 The log file has been saved successfully to "C:\Users\Tony\Desktop\aswMBR.txt"
11:01:11.016 Disk 0 MBR has been saved successfully to "C:\Users\Tony\Desktop\MBR.dat"
11:01:11.021 The log file has been saved successfully to "C:\Users\Tony\Desktop\aswMBR.txt"


today the random ads were back

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:04 PM

Posted 08 March 2012 - 07:52 AM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 tony egri

tony egri
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:04 AM

Posted 08 March 2012 - 09:16 AM

OTL logfile created on: 3/8/2012 2:08:42 PM - Run 1
OTL by OldTimer - Version 3.2.36.1 Folder = C:\Users\Tony\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.93 Gb Total Physical Memory | 1.21 Gb Available Physical Memory | 41.33% Memory free
5.85 Gb Paging File | 3.16 Gb Available in Paging File | 53.90% Paging File free
Paging file location(s): d:\pagefile.sys 3000 4500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 78.03 Gb Total Space | 43.67 Gb Free Space | 55.97% Space Free | Partition Type: NTFS
Drive D: | 219.96 Gb Total Space | 19.22 Gb Free Space | 8.74% Space Free | Partition Type: NTFS
Drive G: | 19.65 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: TONY-PC | User Name: Tony | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Tony\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Tony\AppData\Local\Vivox\HDN\Current\Vivox.HDN.Up.exe (Vivox)
PRC - C:\Users\Tony\AppData\Local\Vivox\VVS\Current\VivoxVoiceService.exe (Vivox Inc.)
PRC - C:\Program Files (x86)\Virgin Media\Service Manager\ServicepointService.exe (Radialpoint Inc.)
PRC - C:\Program Files (x86)\Virgin Media\Service Manager\ServiceManager.exe (Virgin Media)
PRC - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe (Discordia, LTD)
PRC - C:\Program Files (x86)\Virgin Mobile\Broadband Home\VIRGIN MOBILE BROADBAND HOME.exe ()
PRC - C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.EXE (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.EXE (Intel Corporation)
PRC - C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Microsoft Corporation)
PRC - C:\Windows\SysWOW64\sdiagnhost.exe (Microsoft Corporation)
PRC - C:\Windows\SysWOW64\msdt.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe (ESET)
PRC - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\2df79ab909c782d3796e4107d040327d\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ff30db6905f8ec024fc808ed8779c0f3\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\a09ee392fa90849f2e9313a1ebbe0279\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\633c6734669cdde71728a7d59f1ed1a6\System.Deployment.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d49f4cb0755ccc34cd35ff96dc2ef9e3\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\15742b3597258ce67cbe219005c197e5\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\1f14b3e1ee0847f8662f513e67f92547\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll ()
MOD - C:\Users\Tony\AppData\Local\Vivox\VVS\Current\ortp.dll ()
MOD - C:\Program Files (x86)\Virgin Media\Service Manager\Windows7Features.dll ()
MOD - C:\Program Files (x86)\Virgin Mobile\Broadband Home\VIRGIN MOBILE BROADBAND HOME.exe ()
MOD - C:\Program Files (x86)\Yahoo!\Messenger\yui.dll ()
MOD - C:\Program Files (x86)\Virgin Mobile\Broadband Home\DeviceMgrUIPlugin.dll ()
MOD - C:\Program Files (x86)\Virgin Mobile\Broadband Home\SpeedManagerPlugin.dll ()
MOD - C:\Program Files (x86)\Virgin Mobile\Broadband Home\LocaleMgrPlugin.dll ()
MOD - C:\Program Files (x86)\Virgin Mobile\Broadband Home\SMSPlugin.dll ()
MOD - C:\Program Files (x86)\Virgin Mobile\Broadband Home\NotifyServicePlugin.dll ()
MOD - C:\Program Files (x86)\Virgin Mobile\Broadband Home\ConfigFilePlugin.dll ()
MOD - C:\Program Files (x86)\Virgin Mobile\Broadband Home\DeviceMgrPlugin.dll ()
MOD - C:\Program Files (x86)\Virgin Mobile\Broadband Home\NetInfoPlugin.dll ()
MOD - C:\Program Files (x86)\Virgin Mobile\Broadband Home\DialUpPlugin.dll ()
MOD - C:\Program Files (x86)\Virgin Mobile\Broadband Home\XCodec.dll ()
MOD - C:\Program Files (x86)\Virgin Mobile\Broadband Home\isaputrace.dll ()
MOD - C:\Program Files (x86)\Virgin Mobile\Broadband Home\FileManager.dll ()
MOD - C:\Program Files (x86)\Virgin Mobile\Broadband Home\DeviceOperate.dll ()
MOD - C:\Program Files (x86)\Virgin Mobile\Broadband Home\DetectDev.dll ()
MOD - C:\Program Files (x86)\Virgin Mobile\Broadband Home\atcomm.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (TurboBoost) -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Intel® Corporation)
SRV:64bit: - (EvtEng) Intel® -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
SRV:64bit: - (RegSrvc) Intel® -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (EhttpSrv) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (ESET)
SRV:64bit: - (ekrn) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe (ESET)
SRV:64bit: - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agr64svc.exe (LSI Corporation)
SRV - (ServicepointService) -- C:\Program Files (x86)\Virgin Media\Service Manager\ServicepointService.exe (Radialpoint Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (UNS) Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.EXE (Intel Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IAANTMON) Intel® -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation)
DRV:64bit: - (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM) -- C:\Windows\SysNative\drivers\ssadserd.sys (MCCI Corporation)
DRV:64bit: - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation)
DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\ssadadb.sys (Google Inc)
DRV:64bit: - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys ()
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (HECIx64) Intel® -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (WmXlCore) -- C:\Windows\SysNative\drivers\WmXlCore.sys (Logitech Inc.)
DRV:64bit: - (WmVirHid) -- C:\Windows\SysNative\drivers\WmVirHid.sys (Logitech Inc.)
DRV:64bit: - (WmHidLo) -- C:\Windows\SysNative\drivers\WmHidLo.sys (Logitech Inc.)
DRV:64bit: - (WmFilter) -- C:\Windows\SysNative\drivers\WmFilter.sys (Logitech Inc.)
DRV:64bit: - (WmBEnum) -- C:\Windows\SysNative\drivers\WmBEnum.sys (Logitech Inc.)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corporation)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (k57nd60a) Broadcom NetLink ™ -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (NMgamingmsFltr) -- C:\Windows\SysNative\drivers\NMgamingms.sys (Primax Ltd)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (epfwwfpr) -- C:\Windows\SysNative\drivers\epfwwfpr.sys (ESET)
DRV:64bit: - (ehdrv) -- C:\Windows\SysNative\drivers\ehdrv.sys (ESET)
DRV:64bit: - (eamon) -- C:\Windows\SysNative\drivers\eamon.sys (ESET)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.ro
IE - HKLM\..\SearchScopes,DefaultScope = {8A96AF9E-4074-43b7-BEA3-87217BDA7406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}: "URL" = http://www.searchqu.com/web?src=ieb&systemid=406&q={searchTerms}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = about:blank
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {8A96AF9E-4074-43b7-BEA3-87217BDA7406}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = about:blank
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {8A96AF9E-4074-43b7-BEA3-87217BDA7406}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3560637341-1125862931-88969083-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ro/
IE - HKU\S-1-5-21-3560637341-1125862931-88969083-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3560637341-1125862931-88969083-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 08 2C 51 4C BF EA CA 01 [binary data]
IE - HKU\S-1-5-21-3560637341-1125862931-88969083-1000\..\SearchScopes,DefaultScope = {8A96AF9E-4074-43b7-BEA3-87217BDA7406}
IE - HKU\S-1-5-21-3560637341-1125862931-88969083-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3560637341-1125862931-88969083-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=UT2V5&o=&src=crm&q={searchTerms}&locale=
IE - HKU\S-1-5-21-3560637341-1125862931-88969083-1000\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}: "URL" = http://www.searchqu.com/web?src=ieb&systemid=406&q={searchTerms}
IE - HKU\S-1-5-21-3560637341-1125862931-88969083-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "google.com"

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files (x86)\Virgin Media\Service Manager\nprpspa.dll (Virgin Media)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files (x86)\Virgin Media\Service Manager\nprpspa.dll (Virgin Media)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Tony\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Tony\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Tony\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/21 22:04:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010/05/13 17:21:38 | 000,000,000 | ---D | M]

[2011/06/30 15:14:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tony\AppData\Roaming\Mozilla\Extensions
[2012/02/21 22:04:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/02/16 14:40:42 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/02/16 10:42:53 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/16 10:42:53 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Tony\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Tony\AppData\Local\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Tony\AppData\Local\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Tony\AppData\Local\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Service Manager (Enabled) = C:\Program Files (x86)\Virgin Media\Service Manager\nprpspa.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Tony\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\Tony\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\Windows\system32\TVUAx\npTVUAx.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: Gmail = C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/03/07 23:27:04 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {C8748F11-F4AD-47AF-AB50-C7DF5792096B} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DataCardMonitor] C:\Program Files (x86)\Virgin Mobile\Broadband Home\DataCardMonitor.exe (Huawei Technologies Co., Ltd.)
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe (Discordia, LTD)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [ServiceManager.exe] C:\Program Files (x86)\Virgin Media\Service Manager\ServiceManager.exe (Virgin Media)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-3560637341-1125862931-88969083-1000..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-3560637341-1125862931-88969083-1000..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-3560637341-1125862931-88969083-1000..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-3560637341-1125862931-88969083-1000..\Run: [VivoxHDN] C:\Users\Tony\AppData\Local\Vivox\HDN\Current\Vivox.HDN.Up.exe (Vivox)
O4 - Startup: C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Banshee Screamer Alarm.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-3560637341-1125862931-88969083-1000\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-3560637341-1125862931-88969083-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3560637341-1125862931-88969083-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{30BDE3FA-D3F3-427E-BB10-FFB5EE4E4515}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{562FBE57-0AFB-4BCF-AA01-5D7914EE3943}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E38924D1-CC5B-4881-98C8-2C476D413DC3}: NameServer = 149.254.230.7 149.254.199.126
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI3C8A~1\Datamngr\x64\datamngr.dll) - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\datamngr.dll (Discordia, LTD)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll) - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\IEBHO.dll (Discordia, LTD)
O20 - AppInit_DLLs: (c:\PROGRA~2\WI3C8A~1\Datamngr\datamngr.dll) - c:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngr.dll (Discordia, LTD)
O20 - AppInit_DLLs: (c:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll) - c:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Discordia, LTD)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/23 21:44:40 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.) - G:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2008/07/29 17:30:44 | 000,000,047 | R--- | M] () - G:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/08 14:06:39 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Users\Tony\Desktop\OTL.exe
[2012/03/08 10:37:45 | 000,000,000 | ---D | C] -- C:\Users\Tony\Desktop\tdsskiller
[2012/03/07 23:25:17 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/03/07 23:14:00 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/03/07 23:14:00 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/03/07 23:12:11 | 004,430,732 | R--- | C] (Swearware) -- C:\Users\Tony\Desktop\ComboFix.exe
[2012/03/07 09:21:09 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Tony\Desktop\dds.scr
[2012/02/28 21:31:06 | 004,730,880 | ---- | C] (AVAST Software) -- C:\Users\Tony\Desktop\aswMBR.exe
[2012/02/28 21:22:20 | 002,062,896 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Tony\Desktop\tdsskiller.exe
[2012/02/28 10:00:02 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/02/28 09:59:50 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/02/28 09:54:48 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/24 10:16:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/02/22 13:26:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2012/02/22 12:48:08 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/02/22 12:34:52 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/02/22 12:34:52 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/02/22 12:34:51 | 002,308,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/02/22 12:34:50 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/02/22 12:34:50 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/02/22 12:34:50 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/02/22 12:34:50 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/02/22 12:34:49 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/02/22 12:34:49 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/02/22 12:34:49 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/02/22 12:34:48 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/02/22 12:31:58 | 003,138,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2012/02/22 12:31:55 | 002,690,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2012/02/22 12:31:54 | 001,097,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2012/02/22 12:31:54 | 001,034,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2012/02/22 12:31:53 | 000,264,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\upnp.dll
[2012/02/22 12:31:52 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\upnp.dll
[2012/02/22 12:31:49 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll
[2012/02/22 12:31:47 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wscapi.dll
[2012/02/22 12:31:45 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wscapi.dll
[2012/02/22 12:31:45 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\slwga.dll
[2012/02/22 12:31:45 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\slwga.dll
[2012/02/22 12:31:19 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2012/02/22 12:31:10 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012/02/22 12:31:10 | 000,422,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012/02/22 12:31:09 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012/02/22 12:31:09 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012/02/22 12:31:09 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012/02/22 12:31:09 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012/02/22 12:31:08 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012/02/22 12:31:08 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012/02/22 12:31:08 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012/02/22 12:31:08 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012/02/22 12:31:08 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012/02/22 12:31:08 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012/02/22 12:31:08 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/02/22 12:31:08 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/02/22 12:31:05 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012/02/22 12:31:05 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012/02/22 12:31:05 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012/02/22 12:31:05 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012/02/22 12:31:05 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012/02/22 12:31:05 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/02/22 12:31:05 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/02/22 12:31:05 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012/02/22 12:31:05 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012/02/22 12:31:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/02/22 12:31:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/02/22 12:31:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/02/22 12:31:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/02/22 12:31:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/02/22 12:31:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012/02/22 12:31:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012/02/22 12:31:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012/02/22 12:31:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012/02/22 12:31:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012/02/22 12:31:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/02/22 12:31:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012/02/22 12:31:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012/02/22 12:31:04 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012/02/22 12:31:04 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012/02/22 12:31:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012/02/22 12:31:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012/02/22 12:31:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012/02/22 12:31:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012/02/22 12:31:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012/02/22 12:31:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012/02/22 12:31:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012/02/22 12:31:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012/02/22 12:31:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012/02/22 12:31:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012/02/22 12:31:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012/02/22 12:31:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012/02/22 12:31:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012/02/22 12:31:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012/02/22 12:31:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012/02/22 12:31:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/02/22 12:31:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/02/22 12:31:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012/02/22 12:31:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012/02/22 12:31:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012/02/22 12:31:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012/02/22 12:31:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012/02/22 12:31:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012/02/22 12:31:03 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012/02/22 12:31:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012/02/22 12:31:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012/02/22 12:31:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012/02/22 12:31:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012/02/22 12:31:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012/02/22 12:31:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012/02/22 12:31:03 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012/02/22 12:30:46 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FXSCOVER.exe
[2012/02/22 12:30:28 | 002,228,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll
[2012/02/22 12:30:26 | 002,326,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll
[2012/02/22 12:30:26 | 001,401,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll
[2012/02/22 12:30:25 | 001,553,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll
[2012/02/22 12:30:23 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll
[2012/02/22 12:30:22 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe
[2012/02/22 12:30:21 | 000,779,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll
[2012/02/22 12:30:21 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll
[2012/02/22 12:30:21 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll
[2012/02/22 12:30:21 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe
[2012/02/22 12:30:21 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll
[2012/02/22 12:30:20 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssphtb.dll
[2012/02/22 12:30:20 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll
[2012/02/22 12:30:17 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll
[2012/02/22 12:30:07 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2012/02/22 12:30:07 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2012/02/22 12:30:06 | 001,118,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sbe.dll
[2012/02/22 12:30:06 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2012/02/22 12:30:05 | 000,850,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sbe.dll
[2012/02/22 12:30:05 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2012/02/22 12:30:00 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
[2012/02/22 12:29:59 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe
[2012/02/22 12:29:53 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2012/02/22 12:29:52 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2012/02/22 12:29:43 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2012/02/22 12:29:35 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2012/02/22 12:29:34 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2012/02/22 12:29:32 | 001,446,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012/02/22 12:29:32 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2012/02/22 12:29:32 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2012/02/22 12:29:32 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2012/02/22 12:29:31 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2012/02/22 12:29:31 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2012/02/22 12:29:27 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2012/02/22 12:29:26 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2012/02/22 12:29:25 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012/02/22 12:29:25 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012/02/22 12:29:19 | 002,870,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2012/02/22 12:29:16 | 002,614,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2012/02/22 12:29:11 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2012/02/22 12:29:11 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax
[2012/02/22 12:29:11 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2012/02/22 12:29:10 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2012/02/22 12:29:10 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2012/02/22 12:29:10 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2012/02/22 12:29:10 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Mpeg2Data.ax
[2012/02/22 12:29:10 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSDvbNP.ax
[2012/02/22 12:29:10 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Mpeg2Data.ax
[2012/02/22 12:29:09 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSDvbNP.ax
[2012/02/22 12:29:03 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnsapi.dll
[2012/02/22 12:29:03 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnscacheugc.exe
[2012/02/22 12:29:03 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe
[2012/02/22 12:29:01 | 001,359,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42u.dll
[2012/02/22 12:29:00 | 001,395,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42.dll
[2012/02/22 12:29:00 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll
[2012/02/22 12:28:59 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll
[2012/02/22 12:28:53 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe
[2012/02/22 12:28:53 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\devrtl.dll
[2012/02/22 12:28:47 | 000,634,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012/02/22 12:28:45 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccu32.dll
[2012/02/22 12:28:45 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccr32.dll
[2012/02/22 12:28:44 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll
[2012/02/22 12:28:44 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbctrac.dll
[2012/02/22 12:28:44 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll
[2012/02/22 12:28:44 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll
[2012/02/22 12:28:44 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccu32.dll
[2012/02/22 12:28:44 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccr32.dll
[2012/02/22 12:28:43 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll
[2012/02/22 12:28:28 | 000,640,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2012/02/22 12:28:28 | 000,603,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe
[2012/02/22 12:28:28 | 000,518,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe
[2012/02/22 12:28:28 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdusb.dll
[2012/02/22 12:28:28 | 000,019,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd1394.dll
[2012/02/22 12:28:27 | 000,556,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2012/02/22 12:28:27 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdcom.dll
[2012/02/22 12:28:25 | 000,367,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012/02/22 12:28:25 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012/02/22 12:28:25 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012/02/22 12:28:24 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012/02/22 12:28:21 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2012/02/22 12:26:47 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prevhost.exe
[2012/02/22 12:26:47 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prevhost.exe
[2012/02/22 12:26:46 | 001,739,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2012/02/22 12:26:43 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2012/02/22 12:26:42 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2012/02/22 12:25:44 | 005,507,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/02/22 12:25:41 | 003,957,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/02/22 12:25:41 | 003,902,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/02/22 12:25:39 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2012/02/22 12:21:24 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2012/02/22 12:21:23 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2012/02/22 12:21:21 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2012/02/22 12:21:21 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2012/02/22 12:21:07 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2012/02/22 12:21:07 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2012/02/22 09:46:39 | 000,000,000 | ---D | C] -- C:\Users\Tony\AppData\Roaming\Malwarebytes
[2012/02/22 09:46:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/02/21 10:15:33 | 000,000,000 | ---D | C] -- C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/02/21 10:13:07 | 000,000,000 | ---D | C] -- C:\Users\Tony\AppData\Local\Google
[2012/02/21 10:12:09 | 000,000,000 | ---D | C] -- C:\Users\Tony\AppData\Local\Apps
[2012/02/21 10:12:08 | 000,000,000 | ---D | C] -- C:\Users\Tony\AppData\Local\Deployment
[2012/02/21 10:07:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/08 14:06:47 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Tony\Desktop\OTL.exe
[2012/03/08 13:24:46 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3560637341-1125862931-88969083-1000UA.job
[2012/03/08 13:24:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/08 11:01:11 | 000,000,512 | ---- | M] () -- C:\Users\Tony\Desktop\MBR.dat
[2012/03/08 10:18:02 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3560637341-1125862931-88969083-1000Core.job
[2012/03/07 23:35:26 | 000,014,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/07 23:35:26 | 000,014,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/07 23:27:04 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/03/07 23:26:40 | 2356,543,488 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/07 23:13:18 | 004,430,732 | R--- | M] (Swearware) -- C:\Users\Tony\Desktop\ComboFix.exe
[2012/03/07 09:29:25 | 000,000,000 | ---- | M] () -- C:\Users\Tony\defogger_reenable
[2012/03/07 09:21:14 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Tony\Desktop\dds.scr
[2012/03/07 09:20:24 | 000,050,477 | ---- | M] () -- C:\Users\Tony\Desktop\Defogger.exe
[2012/03/07 02:19:05 | 000,002,391 | ---- | M] () -- C:\Users\Tony\Desktop\Google Chrome.lnk
[2012/03/05 11:29:04 | 000,730,320 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/05 11:29:04 | 000,627,082 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/05 11:29:04 | 000,107,366 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/03/04 21:43:20 | 000,012,800 | ---- | M] () -- C:\Users\Tony\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/29 16:27:23 | 477,408,123 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/02/29 06:07:52 | 000,007,608 | ---- | M] () -- C:\Users\Tony\AppData\Local\Resmon.ResmonCfg
[2012/02/28 22:25:01 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/02/28 21:32:41 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Users\Tony\Desktop\aswMBR.exe
[2012/02/28 21:23:25 | 002,062,896 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Tony\Desktop\tdsskiller.exe
[2012/02/23 09:52:34 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/02/22 23:20:20 | 000,421,896 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/02/21 22:04:10 | 000,001,130 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/07 23:14:01 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/03/07 23:14:00 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/03/07 23:14:00 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/03/07 23:14:00 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/03/07 23:14:00 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/03/07 09:29:25 | 000,000,000 | ---- | C] () -- C:\Users\Tony\defogger_reenable
[2012/03/07 09:20:24 | 000,050,477 | ---- | C] () -- C:\Users\Tony\Desktop\Defogger.exe
[2012/02/29 06:07:52 | 000,007,608 | ---- | C] () -- C:\Users\Tony\AppData\Local\Resmon.ResmonCfg
[2012/02/28 22:19:34 | 477,408,123 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/02/28 22:05:23 | 000,000,512 | ---- | C] () -- C:\Users\Tony\Desktop\MBR.dat
[2012/02/21 22:04:10 | 000,001,142 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/02/21 22:04:10 | 000,001,130 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/02/21 10:15:35 | 000,002,391 | ---- | C] () -- C:\Users\Tony\Desktop\Google Chrome.lnk
[2012/02/21 10:13:08 | 000,000,904 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3560637341-1125862931-88969083-1000UA.job
[2012/02/21 10:13:07 | 000,000,852 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3560637341-1125862931-88969083-1000Core.job
[2011/06/30 15:14:56 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/06/23 22:28:54 | 000,000,000 | ---- | C] () -- C:\Windows\iPlayer.INI
[2011/01/19 13:03:41 | 000,012,800 | ---- | C] () -- C:\Users\Tony\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/08/30 22:36:13 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010/08/30 22:36:13 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010/08/30 22:36:09 | 000,790,528 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/08/30 22:36:09 | 000,134,144 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/08/30 22:36:08 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/08/05 22:19:03 | 000,000,362 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/07/09 11:23:00 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/05/31 10:01:16 | 000,000,444 | ---- | C] () -- C:\Users\Tony\AppData\Roaming\wklnhst.dat
[2010/05/30 16:48:20 | 000,731,106 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/05/03 13:02:44 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2010/05/03 13:02:44 | 000,106,496 | ---- | C] () -- C:\Windows\FixUVC.exe
[2010/05/03 13:02:44 | 000,000,188 | ---- | C] () -- C:\Windows\PidList.ini
[2010/05/03 12:49:46 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

========== Alternate Data Streams ==========

@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:073341D1

< End of report >

#13 tony egri

tony egri
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:04 AM

Posted 08 March 2012 - 09:20 AM

OTL logfile created on: 3/8/2012 2:08:42 PM - Run 1
OTL by OldTimer - Version 3.2.36.1 Folder = C:\Users\Tony\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.93 Gb Total Physical Memory | 1.21 Gb Available Physical Memory | 41.33% Memory free
5.85 Gb Paging File | 3.16 Gb Available in Paging File | 53.90% Paging File free
Paging file location(s): d:\pagefile.sys 3000 4500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 78.03 Gb Total Space | 43.67 Gb Free Space | 55.97% Space Free | Partition Type: NTFS
Drive D: | 219.96 Gb Total Space | 19.22 Gb Free Space | 8.74% Space Free | Partition Type: NTFS
Drive G: | 19.65 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: TONY-PC | User Name: Tony | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Tony\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Tony\AppData\Local\Vivox\HDN\Current\Vivox.HDN.Up.exe (Vivox)
PRC - C:\Users\Tony\AppData\Local\Vivox\VVS\Current\VivoxVoiceService.exe (Vivox Inc.)
PRC - C:\Program Files (x86)\Virgin Media\Service Manager\ServicepointService.exe (Radialpoint Inc.)
PRC - C:\Program Files (x86)\Virgin Media\Service Manager\ServiceManager.exe (Virgin Media)
PRC - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe (Discordia, LTD)
PRC - C:\Program Files (x86)\Virgin Mobile\Broadband Home\VIRGIN MOBILE BROADBAND HOME.exe ()
PRC - C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.EXE (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.EXE (Intel Corporation)
PRC - C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Microsoft Corporation)
PRC - C:\Windows\SysWOW64\sdiagnhost.exe (Microsoft Corporation)
PRC - C:\Windows\SysWOW64\msdt.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe (ESET)
PRC - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\2df79ab909c782d3796e4107d040327d\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ff30db6905f8ec024fc808ed8779c0f3\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\a09ee392fa90849f2e9313a1ebbe0279\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\633c6734669cdde71728a7d59f1ed1a6\System.Deployment.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d49f4cb0755ccc34cd35ff96dc2ef9e3\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\15742b3597258ce67cbe219005c197e5\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\1f14b3e1ee0847f8662f513e67f92547\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll ()
MOD - C:\Users\Tony\AppData\Local\Vivox\VVS\Current\ortp.dll ()
MOD - C:\Program Files (x86)\Virgin Media\Service Manager\Windows7Features.dll ()
MOD - C:\Program Files (x86)\Virgin Mobile\Broadband Home\VIRGIN MOBILE BROADBAND HOME.exe ()
MOD - C:\Program Files (x86)\Yahoo!\Messenger\yui.dll ()
MOD - C:\Program Files (x86)\Virgin Mobile\Broadband Home\DeviceMgrUIPlugin.dll ()
MOD - C:\Program Files (x86)\Virgin Mobile\Broadband Home\SpeedManagerPlugin.dll ()
MOD - C:\Program Files (x86)\Virgin Mobile\Broadband Home\LocaleMgrPlugin.dll ()
MOD - C:\Program Files (x86)\Virgin Mobile\Broadband Home\SMSPlugin.dll ()
MOD - C:\Program Files (x86)\Virgin Mobile\Broadband Home\NotifyServicePlugin.dll ()
MOD - C:\Program Files (x86)\Virgin Mobile\Broadband Home\ConfigFilePlugin.dll ()
MOD - C:\Program Files (x86)\Virgin Mobile\Broadband Home\DeviceMgrPlugin.dll ()
MOD - C:\Program Files (x86)\Virgin Mobile\Broadband Home\NetInfoPlugin.dll ()
MOD - C:\Program Files (x86)\Virgin Mobile\Broadband Home\DialUpPlugin.dll ()
MOD - C:\Program Files (x86)\Virgin Mobile\Broadband Home\XCodec.dll ()
MOD - C:\Program Files (x86)\Virgin Mobile\Broadband Home\isaputrace.dll ()
MOD - C:\Program Files (x86)\Virgin Mobile\Broadband Home\FileManager.dll ()
MOD - C:\Program Files (x86)\Virgin Mobile\Broadband Home\DeviceOperate.dll ()
MOD - C:\Program Files (x86)\Virgin Mobile\Broadband Home\DetectDev.dll ()
MOD - C:\Program Files (x86)\Virgin Mobile\Broadband Home\atcomm.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (TurboBoost) -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Intel® Corporation)
SRV:64bit: - (EvtEng) Intel® -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
SRV:64bit: - (RegSrvc) Intel® -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (EhttpSrv) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (ESET)
SRV:64bit: - (ekrn) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe (ESET)
SRV:64bit: - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agr64svc.exe (LSI Corporation)
SRV - (ServicepointService) -- C:\Program Files (x86)\Virgin Media\Service Manager\ServicepointService.exe (Radialpoint Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (UNS) Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.EXE (Intel Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IAANTMON) Intel® -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation)
DRV:64bit: - (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM) -- C:\Windows\SysNative\drivers\ssadserd.sys (MCCI Corporation)
DRV:64bit: - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation)
DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\ssadadb.sys (Google Inc)
DRV:64bit: - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys ()
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (HECIx64) Intel® -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (WmXlCore) -- C:\Windows\SysNative\drivers\WmXlCore.sys (Logitech Inc.)
DRV:64bit: - (WmVirHid) -- C:\Windows\SysNative\drivers\WmVirHid.sys (Logitech Inc.)
DRV:64bit: - (WmHidLo) -- C:\Windows\SysNative\drivers\WmHidLo.sys (Logitech Inc.)
DRV:64bit: - (WmFilter) -- C:\Windows\SysNative\drivers\WmFilter.sys (Logitech Inc.)
DRV:64bit: - (WmBEnum) -- C:\Windows\SysNative\drivers\WmBEnum.sys (Logitech Inc.)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corporation)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (k57nd60a) Broadcom NetLink ™ -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (NMgamingmsFltr) -- C:\Windows\SysNative\drivers\NMgamingms.sys (Primax Ltd)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (epfwwfpr) -- C:\Windows\SysNative\drivers\epfwwfpr.sys (ESET)
DRV:64bit: - (ehdrv) -- C:\Windows\SysNative\drivers\ehdrv.sys (ESET)
DRV:64bit: - (eamon) -- C:\Windows\SysNative\drivers\eamon.sys (ESET)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.ro
IE - HKLM\..\SearchScopes,DefaultScope = {8A96AF9E-4074-43b7-BEA3-87217BDA7406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}: "URL" = http://www.searchqu.com/web?src=ieb&systemid=406&q={searchTerms}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = about:blank
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {8A96AF9E-4074-43b7-BEA3-87217BDA7406}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = about:blank
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {8A96AF9E-4074-43b7-BEA3-87217BDA7406}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3560637341-1125862931-88969083-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ro/
IE - HKU\S-1-5-21-3560637341-1125862931-88969083-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3560637341-1125862931-88969083-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 08 2C 51 4C BF EA CA 01 [binary data]
IE - HKU\S-1-5-21-3560637341-1125862931-88969083-1000\..\SearchScopes,DefaultScope = {8A96AF9E-4074-43b7-BEA3-87217BDA7406}
IE - HKU\S-1-5-21-3560637341-1125862931-88969083-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3560637341-1125862931-88969083-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=UT2V5&o=&src=crm&q={searchTerms}&locale=
IE - HKU\S-1-5-21-3560637341-1125862931-88969083-1000\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}: "URL" = http://www.searchqu.com/web?src=ieb&systemid=406&q={searchTerms}
IE - HKU\S-1-5-21-3560637341-1125862931-88969083-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "google.com"

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files (x86)\Virgin Media\Service Manager\nprpspa.dll (Virgin Media)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files (x86)\Virgin Media\Service Manager\nprpspa.dll (Virgin Media)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Tony\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Tony\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Tony\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/21 22:04:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010/05/13 17:21:38 | 000,000,000 | ---D | M]

[2011/06/30 15:14:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tony\AppData\Roaming\Mozilla\Extensions
[2012/02/21 22:04:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/02/16 14:40:42 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/02/16 10:42:53 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/16 10:42:53 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Tony\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Tony\AppData\Local\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Tony\AppData\Local\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Tony\AppData\Local\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Service Manager (Enabled) = C:\Program Files (x86)\Virgin Media\Service Manager\nprpspa.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Tony\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\Tony\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\Windows\system32\TVUAx\npTVUAx.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: Gmail = C:\Users\Tony\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/03/07 23:27:04 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {C8748F11-F4AD-47AF-AB50-C7DF5792096B} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DataCardMonitor] C:\Program Files (x86)\Virgin Mobile\Broadband Home\DataCardMonitor.exe (Huawei Technologies Co., Ltd.)
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe (Discordia, LTD)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [ServiceManager.exe] C:\Program Files (x86)\Virgin Media\Service Manager\ServiceManager.exe (Virgin Media)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-3560637341-1125862931-88969083-1000..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-3560637341-1125862931-88969083-1000..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-3560637341-1125862931-88969083-1000..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-3560637341-1125862931-88969083-1000..\Run: [VivoxHDN] C:\Users\Tony\AppData\Local\Vivox\HDN\Current\Vivox.HDN.Up.exe (Vivox)
O4 - Startup: C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Banshee Screamer Alarm.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-3560637341-1125862931-88969083-1000\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-3560637341-1125862931-88969083-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3560637341-1125862931-88969083-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{30BDE3FA-D3F3-427E-BB10-FFB5EE4E4515}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{562FBE57-0AFB-4BCF-AA01-5D7914EE3943}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E38924D1-CC5B-4881-98C8-2C476D413DC3}: NameServer = 149.254.230.7 149.254.199.126
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI3C8A~1\Datamngr\x64\datamngr.dll) - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\datamngr.dll (Discordia, LTD)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll) - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\IEBHO.dll (Discordia, LTD)
O20 - AppInit_DLLs: (c:\PROGRA~2\WI3C8A~1\Datamngr\datamngr.dll) - c:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngr.dll (Discordia, LTD)
O20 - AppInit_DLLs: (c:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll) - c:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Discordia, LTD)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/23 21:44:40 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.) - G:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2008/07/29 17:30:44 | 000,000,047 | R--- | M] () - G:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/08 14:06:39 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Users\Tony\Desktop\OTL.exe
[2012/03/08 10:37:45 | 000,000,000 | ---D | C] -- C:\Users\Tony\Desktop\tdsskiller
[2012/03/07 23:25:17 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/03/07 23:14:00 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/03/07 23:14:00 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/03/07 23:12:11 | 004,430,732 | R--- | C] (Swearware) -- C:\Users\Tony\Desktop\ComboFix.exe
[2012/03/07 09:21:09 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Tony\Desktop\dds.scr
[2012/02/28 21:31:06 | 004,730,880 | ---- | C] (AVAST Software) -- C:\Users\Tony\Desktop\aswMBR.exe
[2012/02/28 21:22:20 | 002,062,896 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Tony\Desktop\tdsskiller.exe
[2012/02/28 10:00:02 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/02/28 09:59:50 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/02/28 09:54:48 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/24 10:16:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/02/22 13:26:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2012/02/22 12:48:08 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/02/22 12:34:52 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/02/22 12:34:52 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/02/22 12:34:51 | 002,308,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/02/22 12:34:50 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/02/22 12:34:50 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/02/22 12:34:50 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/02/22 12:34:50 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/02/22 12:34:49 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/02/22 12:34:49 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/02/22 12:34:49 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/02/22 12:34:48 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/02/22 12:31:58 | 003,138,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2012/02/22 12:31:55 | 002,690,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2012/02/22 12:31:54 | 001,097,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2012/02/22 12:31:54 | 001,034,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2012/02/22 12:31:53 | 000,264,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\upnp.dll
[2012/02/22 12:31:52 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\upnp.dll
[2012/02/22 12:31:49 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll
[2012/02/22 12:31:47 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wscapi.dll
[2012/02/22 12:31:45 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wscapi.dll
[2012/02/22 12:31:45 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\slwga.dll
[2012/02/22 12:31:45 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\slwga.dll
[2012/02/22 12:31:19 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2012/02/22 12:31:10 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012/02/22 12:31:10 | 000,422,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012/02/22 12:31:09 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012/02/22 12:31:09 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012/02/22 12:31:09 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012/02/22 12:31:09 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012/02/22 12:31:08 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012/02/22 12:31:08 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012/02/22 12:31:08 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012/02/22 12:31:08 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012/02/22 12:31:08 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012/02/22 12:31:08 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012/02/22 12:31:08 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/02/22 12:31:08 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/02/22 12:31:05 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012/02/22 12:31:05 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012/02/22 12:31:05 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012/02/22 12:31:05 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012/02/22 12:31:05 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012/02/22 12:31:05 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/02/22 12:31:05 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/02/22 12:31:05 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012/02/22 12:31:05 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012/02/22 12:31:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/02/22 12:31:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/02/22 12:31:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/02/22 12:31:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/02/22 12:31:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/02/22 12:31:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012/02/22 12:31:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012/02/22 12:31:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012/02/22 12:31:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012/02/22 12:31:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012/02/22 12:31:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/02/22 12:31:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012/02/22 12:31:05 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012/02/22 12:31:04 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012/02/22 12:31:04 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012/02/22 12:31:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012/02/22 12:31:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012/02/22 12:31:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012/02/22 12:31:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012/02/22 12:31:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012/02/22 12:31:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012/02/22 12:31:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012/02/22 12:31:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012/02/22 12:31:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012/02/22 12:31:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012/02/22 12:31:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012/02/22 12:31:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012/02/22 12:31:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012/02/22 12:31:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012/02/22 12:31:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012/02/22 12:31:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/02/22 12:31:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/02/22 12:31:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012/02/22 12:31:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012/02/22 12:31:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012/02/22 12:31:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012/02/22 12:31:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012/02/22 12:31:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012/02/22 12:31:03 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012/02/22 12:31:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012/02/22 12:31:03 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012/02/22 12:31:03 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012/02/22 12:31:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012/02/22 12:31:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012/02/22 12:31:03 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012/02/22 12:31:03 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012/02/22 12:30:46 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FXSCOVER.exe
[2012/02/22 12:30:28 | 002,228,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll
[2012/02/22 12:30:26 | 002,326,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll
[2012/02/22 12:30:26 | 001,401,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll
[2012/02/22 12:30:25 | 001,553,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll
[2012/02/22 12:30:23 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll
[2012/02/22 12:30:22 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe
[2012/02/22 12:30:21 | 000,779,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll
[2012/02/22 12:30:21 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll
[2012/02/22 12:30:21 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll
[2012/02/22 12:30:21 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe
[2012/02/22 12:30:21 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll
[2012/02/22 12:30:20 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssphtb.dll
[2012/02/22 12:30:20 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll
[2012/02/22 12:30:17 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll
[2012/02/22 12:30:07 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2012/02/22 12:30:07 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2012/02/22 12:30:06 | 001,118,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sbe.dll
[2012/02/22 12:30:06 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2012/02/22 12:30:05 | 000,850,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sbe.dll
[2012/02/22 12:30:05 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2012/02/22 12:30:00 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
[2012/02/22 12:29:59 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe
[2012/02/22 12:29:53 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2012/02/22 12:29:52 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2012/02/22 12:29:43 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2012/02/22 12:29:35 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2012/02/22 12:29:34 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2012/02/22 12:29:32 | 001,446,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012/02/22 12:29:32 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2012/02/22 12:29:32 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2012/02/22 12:29:32 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2012/02/22 12:29:31 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2012/02/22 12:29:31 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2012/02/22 12:29:27 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2012/02/22 12:29:26 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2012/02/22 12:29:25 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012/02/22 12:29:25 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012/02/22 12:29:19 | 002,870,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2012/02/22 12:29:16 | 002,614,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2012/02/22 12:29:11 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2012/02/22 12:29:11 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax
[2012/02/22 12:29:11 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2012/02/22 12:29:10 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2012/02/22 12:29:10 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2012/02/22 12:29:10 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2012/02/22 12:29:10 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Mpeg2Data.ax
[2012/02/22 12:29:10 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSDvbNP.ax
[2012/02/22 12:29:10 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Mpeg2Data.ax
[2012/02/22 12:29:09 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSDvbNP.ax
[2012/02/22 12:29:03 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnsapi.dll
[2012/02/22 12:29:03 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnscacheugc.exe
[2012/02/22 12:29:03 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe
[2012/02/22 12:29:01 | 001,359,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42u.dll
[2012/02/22 12:29:00 | 001,395,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42.dll
[2012/02/22 12:29:00 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll
[2012/02/22 12:28:59 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll
[2012/02/22 12:28:53 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe
[2012/02/22 12:28:53 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\devrtl.dll
[2012/02/22 12:28:47 | 000,634,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012/02/22 12:28:45 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccu32.dll
[2012/02/22 12:28:45 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccr32.dll
[2012/02/22 12:28:44 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll
[2012/02/22 12:28:44 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbctrac.dll
[2012/02/22 12:28:44 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll
[2012/02/22 12:28:44 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll
[2012/02/22 12:28:44 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccu32.dll
[2012/02/22 12:28:44 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccr32.dll
[2012/02/22 12:28:43 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll
[2012/02/22 12:28:28 | 000,640,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2012/02/22 12:28:28 | 000,603,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe
[2012/02/22 12:28:28 | 000,518,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe
[2012/02/22 12:28:28 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdusb.dll
[2012/02/22 12:28:28 | 000,019,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd1394.dll
[2012/02/22 12:28:27 | 000,556,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2012/02/22 12:28:27 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdcom.dll
[2012/02/22 12:28:25 | 000,367,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012/02/22 12:28:25 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012/02/22 12:28:25 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012/02/22 12:28:24 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012/02/22 12:28:21 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2012/02/22 12:26:47 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prevhost.exe
[2012/02/22 12:26:47 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prevhost.exe
[2012/02/22 12:26:46 | 001,739,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2012/02/22 12:26:43 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2012/02/22 12:26:42 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2012/02/22 12:25:44 | 005,507,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/02/22 12:25:41 | 003,957,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/02/22 12:25:41 | 003,902,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/02/22 12:25:39 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2012/02/22 12:21:24 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2012/02/22 12:21:23 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2012/02/22 12:21:21 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2012/02/22 12:21:21 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2012/02/22 12:21:07 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2012/02/22 12:21:07 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2012/02/22 09:46:39 | 000,000,000 | ---D | C] -- C:\Users\Tony\AppData\Roaming\Malwarebytes
[2012/02/22 09:46:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/02/21 10:15:33 | 000,000,000 | ---D | C] -- C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/02/21 10:13:07 | 000,000,000 | ---D | C] -- C:\Users\Tony\AppData\Local\Google
[2012/02/21 10:12:09 | 000,000,000 | ---D | C] -- C:\Users\Tony\AppData\Local\Apps
[2012/02/21 10:12:08 | 000,000,000 | ---D | C] -- C:\Users\Tony\AppData\Local\Deployment
[2012/02/21 10:07:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/08 14:06:47 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Tony\Desktop\OTL.exe
[2012/03/08 13:24:46 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3560637341-1125862931-88969083-1000UA.job
[2012/03/08 13:24:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/08 11:01:11 | 000,000,512 | ---- | M] () -- C:\Users\Tony\Desktop\MBR.dat
[2012/03/08 10:18:02 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3560637341-1125862931-88969083-1000Core.job
[2012/03/07 23:35:26 | 000,014,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/07 23:35:26 | 000,014,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/07 23:27:04 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/03/07 23:26:40 | 2356,543,488 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/07 23:13:18 | 004,430,732 | R--- | M] (Swearware) -- C:\Users\Tony\Desktop\ComboFix.exe
[2012/03/07 09:29:25 | 000,000,000 | ---- | M] () -- C:\Users\Tony\defogger_reenable
[2012/03/07 09:21:14 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Tony\Desktop\dds.scr
[2012/03/07 09:20:24 | 000,050,477 | ---- | M] () -- C:\Users\Tony\Desktop\Defogger.exe
[2012/03/07 02:19:05 | 000,002,391 | ---- | M] () -- C:\Users\Tony\Desktop\Google Chrome.lnk
[2012/03/05 11:29:04 | 000,730,320 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/05 11:29:04 | 000,627,082 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/05 11:29:04 | 000,107,366 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/03/04 21:43:20 | 000,012,800 | ---- | M] () -- C:\Users\Tony\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/29 16:27:23 | 477,408,123 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/02/29 06:07:52 | 000,007,608 | ---- | M] () -- C:\Users\Tony\AppData\Local\Resmon.ResmonCfg
[2012/02/28 22:25:01 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/02/28 21:32:41 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Users\Tony\Desktop\aswMBR.exe
[2012/02/28 21:23:25 | 002,062,896 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Tony\Desktop\tdsskiller.exe
[2012/02/23 09:52:34 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/02/22 23:20:20 | 000,421,896 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/02/21 22:04:10 | 000,001,130 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/07 23:14:01 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/03/07 23:14:00 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/03/07 23:14:00 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/03/07 23:14:00 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/03/07 23:14:00 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/03/07 09:29:25 | 000,000,000 | ---- | C] () -- C:\Users\Tony\defogger_reenable
[2012/03/07 09:20:24 | 000,050,477 | ---- | C] () -- C:\Users\Tony\Desktop\Defogger.exe
[2012/02/29 06:07:52 | 000,007,608 | ---- | C] () -- C:\Users\Tony\AppData\Local\Resmon.ResmonCfg
[2012/02/28 22:19:34 | 477,408,123 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/02/28 22:05:23 | 000,000,512 | ---- | C] () -- C:\Users\Tony\Desktop\MBR.dat
[2012/02/21 22:04:10 | 000,001,142 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/02/21 22:04:10 | 000,001,130 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/02/21 10:15:35 | 000,002,391 | ---- | C] () -- C:\Users\Tony\Desktop\Google Chrome.lnk
[2012/02/21 10:13:08 | 000,000,904 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3560637341-1125862931-88969083-1000UA.job
[2012/02/21 10:13:07 | 000,000,852 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3560637341-1125862931-88969083-1000Core.job
[2011/06/30 15:14:56 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/06/23 22:28:54 | 000,000,000 | ---- | C] () -- C:\Windows\iPlayer.INI
[2011/01/19 13:03:41 | 000,012,800 | ---- | C] () -- C:\Users\Tony\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/08/30 22:36:13 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010/08/30 22:36:13 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010/08/30 22:36:09 | 000,790,528 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/08/30 22:36:09 | 000,134,144 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/08/30 22:36:08 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/08/05 22:19:03 | 000,000,362 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/07/09 11:23:00 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/05/31 10:01:16 | 000,000,444 | ---- | C] () -- C:\Users\Tony\AppData\Roaming\wklnhst.dat
[2010/05/30 16:48:20 | 000,731,106 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/05/03 13:02:44 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2010/05/03 13:02:44 | 000,106,496 | ---- | C] () -- C:\Windows\FixUVC.exe
[2010/05/03 13:02:44 | 000,000,188 | ---- | C] () -- C:\Windows\PidList.ini
[2010/05/03 12:49:46 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

========== Alternate Data Streams ==========

@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:073341D1

< End of report >

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:04 PM

Posted 08 March 2012 - 03:23 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    :otl
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (no name) - {C8748F11-F4AD-47AF-AB50-C7DF5792096B} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O4 - Startup: C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Banshee Screamer Alarm.lnk = File not found
    O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:073341D1    
    PRC - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe (Discordia, LTD)
    IE - HKLM\..\SearchScopes,DefaultScope = {8A96AF9E-4074-43b7-BEA3-87217BDA7406}
    IE - HKLM\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}: "URL" = http://www.searchqu.com/web?src=ieb&systemid=406&q={searchTerms}
    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {8A96AF9E-4074-43b7-BEA3-87217BDA7406}
    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {8A96AF9E-4074-43b7-BEA3-87217BDA7406}
    IE - HKU\S-1-5-21-3560637341-1125862931-88969083-1000\..\SearchScopes,DefaultScope = {8A96AF9E-4074-43b7-BEA3-87217BDA7406}
    IE - HKU\S-1-5-21-3560637341-1125862931-88969083-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=UT2V5&o=&src=crm&q={searchTerms}&locale=
    IE - HKU\S-1-5-21-3560637341-1125862931-88969083-1000\..\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}: "URL" = http://www.searchqu.com/web?src=ieb&systemid=406&q={searchTerms}
    O4 - HKLM..\Run: [DATAMNGR] C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe (Discordia, LTD)
    O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI3C8A~1\Datamngr\x64\datamngr.dll) - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\datamngr.dll (Discordia, LTD)
    O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll) - C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\IEBHO.dll (Discordia, LTD)
    O20 - AppInit_DLLs: (c:\PROGRA~2\WI3C8A~1\Datamngr\datamngr.dll) - c:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngr.dll (Discordia, LTD)
    O20 - AppInit_DLLs: (c:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll) - c:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Discordia, LTD)
    :Files
    C:\Program Files (x86)\Windows iLivid Toolbar
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [EMPTYTEMP]
    [emptyjava]
    [EMPTYFLASH]
    [RESETHOSTS]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 tony egri

tony egri
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:04 AM

Posted 08 March 2012 - 06:28 PM

All processes killed
========== OTL ==========
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C8748F11-F4AD-47AF-AB50-C7DF5792096B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C8748F11-F4AD-47AF-AB50-C7DF5792096B}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{C8748F11-F4AD-47AF-AB50-C7DF5792096B}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
C:\Users\Tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Banshee Screamer Alarm.lnk moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\grooveLocalGWS\ deleted successfully.
File Protocol\Handler\grooveLocalGWS - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-itss\ deleted successfully.
File Protocol\Handler\ms-itss - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
File Protocol\Handler\skype4com - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
ADS C:\ProgramData\TEMP:073341D1 deleted successfully.
No active process named Program Files was found!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-21-3560637341-1125862931-88969083-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3560637341-1125862931-88969083-1000\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.
Registry key HKEY_USERS\S-1-5-21-3560637341-1125862931-88969083-1000\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DATAMNGR deleted successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\WI3C8A~1\Datamngr\x64\datamngr.dll deleted successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\datamngr.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll deleted successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64\IEBHO.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\PROGRA~2\WI3C8A~1\Datamngr\datamngr.dll deleted successfully.
c:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngr.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll deleted successfully.
c:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\IEBHO.dll moved successfully.
========== FILES ==========
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\components folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\skin\searchbar folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\skin\options folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\skin\lib\weatherbutton\icons folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\skin\lib\weatherbutton folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\skin\lib\uwa folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\skin\lib\radio\images folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\skin\lib\radio\css folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\skin\lib\radio folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\skin\lib\panels\images folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\skin\lib\panels\default\scripts folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\skin\lib\panels\default\images folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\skin\lib\panels\default\css folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\skin\lib\panels\default folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\skin\lib\panels\css folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\skin\lib\panels folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\skin\lib folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\skin folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\scripts folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\images folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\css folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\skin folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\js folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\images folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2\css folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.YouTube_v2 folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\skin\scripts folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\skin\images folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\skin\css folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\skin folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\js folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\images folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter\css folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Twitter folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\scripts folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\css folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\js folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\images folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook\css folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.MyStartFacebook folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\scripts folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\css folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\skin folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\js folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\images folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2\css folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.Coupons_v2 folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\widgets folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\modules folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\lib folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\data\search folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content\data folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome\content folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar\chrome folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\ToolBar folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\x64 folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\FirefoxExtension\content folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\FirefoxExtension\components folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\FirefoxExtension folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr folder moved successfully.
C:\Program Files (x86)\Windows iLivid Toolbar folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Tony\Desktop\cmd.bat deleted successfully.
C:\Users\Tony\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 134 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Mcx1-TONY-PC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Tony
->Temp folder emptied: 60006805 bytes
->Temporary Internet Files folder emptied: 187332672 bytes
->Java cache emptied: 867070 bytes
->FireFox cache emptied: 49700192 bytes
->Google Chrome cache emptied: 12315183 bytes
->Flash cache emptied: 206095 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 342325188 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 623.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Mcx1-TONY-PC

User: Public

User: Tony
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Mcx1-TONY-PC

User: Public

User: Tony
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.36.1 log created on 03082012_230050

Files\Folders moved on Reboot...
C:\Users\Tony\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Tony\AppData\Local\Temp\~DF0BB336B629429F17.TMP not found!
File\Folder C:\Users\Tony\AppData\Local\Temp\~DF17DCA4DDB8C7AB5C.TMP not found!
File\Folder C:\Users\Tony\AppData\Local\Temp\~DF21D72A6231841D33.TMP not found!
File\Folder C:\Users\Tony\AppData\Local\Temp\~DFAE91A4AF950D3E6A.TMP not found!
File\Folder C:\Users\Tony\AppData\Local\Temp\~DFED2DF491352A8D2C.TMP not found!
File\Folder C:\Users\Tony\AppData\Local\Temp\~DFFB6DF29747856CC7.TMP not found!
C:\Users\Tony\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Tony\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat moved successfully.
File\Folder C:\Users\Tony\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7I3HD6WO\page__p__2614330[1].htm not found!
C:\Windows\temp\msdtadmin\_ED4AF3ED-D4F6-4240-87C0-E8977AADB18D_\inuse moved successfully.
C:\Windows\temp\msdtadmin\_E3A94F9B-57E4-47B2-A0A7-933B5B31BC92_\inuse moved successfully.
C:\Windows\temp\msdtadmin\_DC861ED0-ABE4-4821-8093-824A7F8169C2_\inuse moved successfully.
C:\Windows\temp\msdtadmin\_D9811A1A-181C-42B5-A291-683833017DB6_\inuse moved successfully.
C:\Windows\temp\msdtadmin\_C826C73B-CABE-4A3F-B2DC-A41756650F04_\inuse moved successfully.
C:\Windows\temp\msdtadmin\_B5EAEDA8-11F7-4B43-95F5-9A6CBB86F24B_\inuse moved successfully.
C:\Windows\temp\msdtadmin\_A6804E78-39B3-4BAF-BFAC-90436635CF00_\inuse moved successfully.
C:\Windows\temp\msdtadmin\_A43C6ACF-24C2-4614-9C6A-E57683AC0BA6_\inuse moved successfully.
C:\Windows\temp\msdtadmin\_947DF3BC-F977-4427-8508-E71731949646_\inuse moved successfully.
C:\Windows\temp\msdtadmin\_92B978D8-BBDB-4CE8-91F2-14D0CB41D361_\inuse moved successfully.
C:\Windows\temp\msdtadmin\_8F5C98D6-9FB9-4691-A361-7EA3BC78A14D_\inuse moved successfully.
C:\Windows\temp\msdtadmin\_8D813800-EC86-42CF-8CC1-8CD54C847AA0_\inuse moved successfully.
C:\Windows\temp\msdtadmin\_83980DA8-98F9-4E13-97FA-BA4BB95B73CA_\inuse moved successfully.
C:\Windows\temp\msdtadmin\_8300132E-84DA-4C2E-BCE2-E2D47A9349C3_\inuse moved successfully.
C:\Windows\temp\msdtadmin\_76E96E26-E813-497C-B140-2F1585EC913E_\inuse moved successfully.
C:\Windows\temp\msdtadmin\_72196AF8-73CD-4C01-B16F-36A4169ADD80_\inuse moved successfully.
C:\Windows\temp\msdtadmin\_6FE04B8E-3557-4D4C-A2E6-B1A0B60EE000_\inuse moved successfully.
C:\Windows\temp\msdtadmin\_6A5E97EC-963F-4BFF-ABAB-626B2BB8DD73_\inuse moved successfully.
C:\Windows\temp\msdtadmin\_47A55E35-188E-45B5-A141-8DE54DAE2B7D_\inuse moved successfully.
C:\Windows\temp\msdtadmin\_3272131D-ECDE-423F-8A5C-C63E2B1B74F9_\inuse moved successfully.
C:\Windows\temp\msdtadmin\_1901E8A9-E6C0-4A46-80B1-3556510217F3_\inuse moved successfully.

Registry entries deleted on Reboot...

It seems ok now. I havent heard the ads all day and I also tried a few google searches in internet explorer and it worked alright. Mozilla on the other side is still crashing everytime i open it. Thanks a lot for all your help, you guys are heroes!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users