Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I too Cannot reboot, start safemode, or system restore


  • This topic is locked This topic is locked
5 replies to this topic

#1 flex0011

flex0011

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:21 PM

Posted 09 May 2012 - 04:58 AM

Hello I am a new member and this is my very first post. I read how another member got helped with a very similar issue. Like this other member I downloaded Norton Power Eraser to remove posssible malware. After running it I was asked to restart my pc and I did, but after that I'm unable to boot and I cannot get it to start in any safe mode option or get to an earlier time through system restore. I then downloaded Farbar Recovery System Toolx64 followed same instructions given to previous member. I am attaching my farbar recovery scan. Thank you in advanced for helping.

Scan result of Farbar Recovery Scan Tool Version: 08-05-2012
Ran by SYSTEM at 09-05-2012 02:04:07
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11444840 2010-09-21] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [PLFSetI] C:\Windows\PLFSetI.exe [206208 2010-06-09] ()
HKLM\...\Run: [Acer ePower Management] C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k [258304 2010-06-28] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-10] (Dritek System Inc.)
HKLM-x32\...\Run: [Camera Assistant Software] "C:\Program Files (x86)\Video Web Camera\traybar.exe" [600688 2010-10-22] (Chicony)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421160 2011-04-27] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
HKU\nolberto\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4240760 2010-11-10] (Microsoft Corporation)
HKU\nolberto\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [9728 2009-07-13] (Microsoft Corporation)
HKU\nolberto\...\Run: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe /minimized [22631608 2011-05-18] (ooVoo LLC)
HKU\nolberto\...\Run: [Best Buy pc app] C:\Users\nolberto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms [x]
HKU\nolberto\...\Run: [lpc] rundll32.exe "er. como quiera ill stillbe able to see and meet with people in highschool. and pos since i have your number ill be able to reach you and let you knkow of upcoing stuff we might have to doso far i have maya, myself, you, jacky, and elizabeth ", RegisterDll [x]
HKU\nolberto\...\Run: [LHWmcRqHquM.exe] C:\ProgramData\LHWmcRqHquM.exe [x]
HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [296960 2009-07-13] (Microsoft Corporation)
HKLM-x32\...\Winlogon: [Userinit] C:\Windows\SysWOW64\userinit.exe, [26112 2009-07-13] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
SubSystems: [Windows] ATTENTION! ====> ZeroAccess

==================== Services (Whitelisted) ======

2 AppHostSvc; C:\Windows\SysWow64\inetsrv\apphostsvc.dll [61440 2009-07-13] (Microsoft Corporation)
2 BBSvc; C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [193816 2012-02-10] (Microsoft Corporation.)
3 BBUpdate; C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [240408 2012-02-10] (Microsoft Corporation.)
2 DsiWMIService; C:\Program Files (x86)\Launch Manager\dsiwmis.exe [321104 2010-08-10] (Dritek System Inc.)
2 GREGService; C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated)
2 NAV; "C:\Program Files (x86)\Norton AntiVirus\Engine\18.7.0.13\ccSvcHst.exe" /s "NAV" /m "C:\Program Files (x86)\Norton AntiVirus\Engine\18.7.0.13\diMaster.dll" /prefetch:1 [262584 2011-03-31] (Symantec Corporation)
3 Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [935208 2010-01-15] (Nero AG)
2 NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [255744 2010-06-28] (NewTech Infosystems, Inc.)
2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [451072 2009-07-13] (Microsoft Corporation)
2 W3SVC; C:\Windows\SysWow64\inetsrv\iisw3adm.dll [396288 2009-07-13] (Microsoft Corporation)
3 WAS; C:\Windows\SysWow64\inetsrv\iisw3adm.dll [396288 2009-07-13] (Microsoft Corporation)

========================== Drivers (Whitelisted) =============

3 amdkmdag; C:\Windows\System32\DRIVERS\atipmdag.sys [6405632 2010-03-28] (ATI Technologies Inc.)
3 amdkmdap; C:\Windows\System32\DRIVERS\atikmpag.sys [188928 2010-03-28] (Advanced Micro Devices, Inc.)
1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\BASHDefs\20111027.001\BHDrvx64.sys [1155704 2011-10-14] (Symantec Corporation)
1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [482936 2011-11-09] (Symantec Corporation)
3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138360 2011-11-09] (Symantec Corporation)
1 IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\IPSDefs\20111110.030\IDSvia64.sys [488568 2011-08-22] (Symantec Corporation)
3 NTIDrvr; C:\Windows\System32\Drivers\NTIDrvr.sys [18432 2009-05-05] (NewTech Infosystems, Inc.)
0 SMR250; C:\Windows\System32\Drivers\SMR250.sys [96376 2012-05-08] (Symantec Corporation)
3 SRTSP; C:\Windows\System32\Drivers\NAVx64\1207000.00D\SRTSP64.SYS [744568 2011-03-30] (Symantec Corporation)
1 SRTSPX; C:\Windows\System32\drivers\NAVx64\1207000.00D\SRTSPX64.SYS [40568 2011-03-30] (Symantec Corporation)
0 SymDS; C:\Windows\System32\drivers\NAVx64\1207000.00D\SYMDS64.SYS [450680 2011-01-26] (Symantec Corporation)
0 SymEFA; C:\Windows\System32\drivers\NAVx64\1207000.00D\SYMEFA64.SYS [912504 2011-03-14] (Symantec Corporation)
3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2011-06-29] (Symantec Corporation)
1 SymIRON; C:\Windows\System32\drivers\NAVx64\1207000.00D\Ironx64.SYS [171128 2011-01-26] (Symantec Corporation)
1 SymNetS; C:\Windows\System32\Drivers\NAVx64\1207000.00D\SYMNETS.SYS [386168 2011-04-20] (Symantec Corporation)
3 UBHelper; C:\Windows\System32\Drivers\UBHelper.sys [16896 2009-05-05] (NewTech Infosystems Corporation)
3 WIMMount; C:\Windows\SysWow64\Drivers\WIMMount.sys [19008 2009-07-13] (Microsoft Corporation)
3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\VirusDefs\20111229.018\ENG64.SYS [x]
3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\VirusDefs\20111229.018\EX64.SYS [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-05-08 21:28 - 2012-05-08 21:29 - 0016516 ____A C:\Windows\ntbtlog.txt
2012-05-08 21:27 - 2012-05-08 21:34 - 0000000 ____D C:\Users\nolberto\AppData\Local\NPE
2012-05-08 21:27 - 2012-05-08 21:27 - 2804712 ____A (Symantec Corporation) C:\Users\nolberto\Documents\NPE.exe
2012-05-08 21:27 - 2012-05-08 21:27 - 0096376 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SMR250.SYS
2012-05-08 21:17 - 2012-05-08 21:17 - 2804712 ____A (Symantec Corporation) C:\Users\nolberto\Downloads\NPE.exe
2012-05-08 21:06 - 2012-05-08 21:06 - 0000000 ____D C:\Users\nolberto\AppData\Local\{8E4268F5-4DD7-4F9A-AEFB-77D01F62AE7D}
2012-05-08 20:50 - 2012-05-08 20:50 - 0000467 ____A C:\Users\All Users\Gateway © - Shortcut.lnk
2012-05-08 20:50 - 2012-05-08 20:50 - 0000467 ____A C:\ProgramData\Gateway © - Shortcut.lnk
2012-05-08 20:41 - 2012-05-08 20:41 - 0271232 ____A C:\Windows\Minidump\050812-45848-01.dmp
2012-05-08 19:56 - 2012-05-08 19:56 - 0000000 ____D C:\Users\nolberto\AppData\Local\{1ED4C39F-E108-43CB-919E-B2877A958D46}
2012-05-08 19:55 - 2012-05-08 19:56 - 0000000 ____D C:\Users\nolberto\AppData\Local\{0FFFFE57-FCC1-48CB-9035-500A3F321D72}
2012-05-08 19:54 - 2012-05-08 19:54 - 0271232 ____A C:\Windows\Minidump\050812-48921-01.dmp
2012-05-08 19:52 - 2012-05-08 19:52 - 0000000 ____D C:\Users\nolberto\AppData\Local\{ED762E46-CD83-4720-81B4-F839070CFCA1}
2012-05-08 19:47 - 2012-05-08 19:47 - 0271232 ____A C:\Windows\Minidump\050812-43009-01.dmp
2012-05-08 19:39 - 2012-05-08 19:39 - 0065536 __ASH C:\Windows\System32\config\components{122ce975-9042-11e1-bc63-1c7508ab179d}.TxR.blf
2012-05-08 18:46 - 2012-05-08 18:46 - 3404618 ____A C:\Users\nolberto\Downloads\135_math8-12.pdf
2012-05-08 17:56 - 2012-05-08 17:56 - 0000000 ____D C:\Users\nolberto\AppData\Local\{B99DFBCC-A6B3-444A-9CA0-47DD3E0228FF}
2012-05-08 17:56 - 2012-05-08 17:56 - 0000000 ____D C:\Users\nolberto\AppData\Local\{84F9B6DD-EB04-46DF-A243-F1EDAA9D0389}
2012-05-06 16:56 - 2012-05-06 16:56 - 0271232 ____A C:\Windows\Minidump\050612-31168-01.dmp
2012-05-06 15:21 - 2012-05-06 15:21 - 0000000 ____D C:\Users\nolberto\AppData\Local\{AB96A19B-7AAF-4EC5-89C5-A9D90FB8129E}
2012-04-27 16:59 - 2012-04-27 17:00 - 0032714 ____A C:\Windows\iis7.log
2012-04-27 16:58 - 2012-04-27 16:58 - 0000000 ____D C:\Windows\SysWOW64\BestPractices
2012-04-27 16:58 - 2012-04-27 16:58 - 0000000 ____D C:\Windows\System32\BestPractices
2012-04-27 16:58 - 2012-04-27 16:58 - 0000000 ____D C:\inetpub
2012-04-27 16:24 - 2012-04-27 16:24 - 0000000 ____D C:\Users\nolberto\AppData\Local\{2CA7FE6B-62CB-4EF3-A522-A48D52AA077E}
2012-04-27 05:05 - 2012-04-27 05:05 - 0000000 ____D C:\Users\nolberto\AppData\Local\{BC345852-5868-4530-971C-C13204B06FE2}
2012-04-27 05:05 - 2012-04-27 05:05 - 0000000 ____D C:\Users\nolberto\AppData\Local\{3BC3CDEC-AA81-4050-995B-063FC62CE42F}
2012-04-27 05:01 - 2012-04-27 05:02 - 0271232 ____A C:\Windows\Minidump\042712-68359-01.dmp
2012-04-27 04:57 - 2012-04-27 04:57 - 0271176 ____A C:\Windows\Minidump\042712-62993-01.dmp
2012-04-27 04:29 - 2012-04-27 04:29 - 0016840 ____A C:\Windows\SysWOW64\CCCInstall_201204270529065587.log
2012-04-27 04:23 - 2012-04-27 04:23 - 0000000 ____D C:\Users\nolberto\AppData\Local\{66B7C655-3028-4A89-8918-5928DCE6DAE7}
2012-04-27 04:07 - 2012-04-27 04:07 - 0000000 ____D C:\Users\nolberto\AppData\Local\{5B808DE1-C003-4AAD-8614-91997E40626A}
2012-04-27 02:11 - 2012-05-08 20:24 - 0007606 ____A C:\Users\nolberto\AppData\Local\resmon.resmoncfg
2012-04-27 00:25 - 2012-04-27 00:25 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{399FA55E-64A0-42C3-BD17-6B4B001E99E5}
2012-04-27 00:22 - 2012-04-27 00:22 - 0275304 ____A C:\Windows\Minidump\042712-35911-01.dmp
2012-04-26 23:57 - 2012-04-26 23:57 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{EFE4F98D-59BA-4C45-B7C6-E7678F4A1513}
2012-04-26 23:57 - 2012-04-26 23:57 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{5BEC3CE0-3F03-4C29-9DA3-BC06CE095396}
2012-04-26 22:33 - 2012-04-26 22:54 - 0000000 ____D C:\Program Files (x86)\PC Tools
2012-04-26 22:21 - 2012-03-20 12:50 - 0251528 ____A (PC Tools) C:\Windows\System32\Drivers\PCTSD64.sys
2012-04-26 22:20 - 2012-04-26 22:53 - 0000000 ___HD C:\Users\All Users\PC Tools
2012-04-26 22:20 - 2012-04-26 22:53 - 0000000 ___HD C:\ProgramData\PC Tools
2012-04-26 22:20 - 2012-04-26 22:20 - 0000000 ___HD C:\Users\nolberto\AppData\Roaming\TestApp
2012-04-26 22:11 - 2012-04-26 22:11 - 0108656 ___AH C:\Users\nolberto\AppData\Local\GDIPFONTCACHEV1.DAT
2012-04-26 22:09 - 2012-04-26 22:09 - 0000000 ___AH C:\Users\nolberto\Documents\Default.rdp
2012-04-26 21:25 - 2012-04-27 17:16 - 0000000 ___HD C:\Windows\pss
2012-04-26 19:19 - 2012-04-26 19:19 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{F1193EFD-7CBB-4F4A-BB0F-0AC3D12D6782}
2012-04-26 19:19 - 2012-04-26 19:19 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{D9B9524F-8F96-488B-91E4-321CC2417F95}
2012-04-26 15:15 - 2012-04-26 15:15 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{ED1005FD-74CE-4DF2-9D99-20F81443C42F}
2012-04-26 15:15 - 2012-04-26 15:15 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{0A279A1E-3B3D-4F7F-AC7B-22A2AA9C2151}
2012-04-26 07:28 - 2012-04-26 07:29 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{D0DEEDE2-5C7F-43E2-BD6F-C45F643ADE67}
2012-04-26 07:28 - 2012-04-26 07:28 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{E6D08449-F82A-4AB3-8478-14869532ED10}
2012-04-26 07:16 - 2012-04-26 07:16 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{3F200F32-FDB3-4028-96D8-D3A4F76726A4}
2012-04-26 07:16 - 2012-04-26 07:16 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{11C32C60-EB0E-4687-AAEF-DD3A67DBB116}
2012-04-25 17:19 - 2012-04-25 17:19 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{DD4AD613-265C-4C76-AEC9-04E5149FC5D0}
2012-04-25 17:19 - 2012-04-25 17:19 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{3DFFD46B-E793-4A65-9E52-84FACF236F1E}
2012-04-25 10:11 - 2012-04-25 10:12 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{B41B796B-DE69-4276-B206-6B383CBC7FA4}
2012-04-25 07:12 - 2012-04-25 07:12 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{7BEE4435-15FD-40B6-9C0A-8F746A411C34}
2012-04-24 17:45 - 2012-04-24 17:45 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{27B7E42B-0EA1-4AE9-8B78-6FAC2A70250D}
2012-04-23 15:38 - 2012-04-23 15:38 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{8B2F8D83-07A0-459D-971B-AD4F8B176FF5}
2012-04-23 07:29 - 2012-04-23 07:29 - 0065536 __ASH C:\Windows\System32\config\components{0605fc6e-8ccf-11e1-8dfa-1c7508ab179d}.TxR.blf
2012-04-23 07:27 - 2012-04-23 07:27 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{B1331189-7286-4CC4-8178-7259C50AA4AF}
2012-04-22 18:10 - 2012-04-22 18:10 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{8A966FB9-FF44-4637-B961-D0A17984985B}
2012-04-22 15:45 - 2012-04-22 15:45 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{419039F3-3FFE-4E7B-8C12-381F74FCB9B6}
2012-04-22 14:36 - 2012-04-22 14:36 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{54701A64-0AAA-419F-8402-E935D1FEE40B}
2012-04-22 14:27 - 2012-04-22 14:27 - 0065536 __ASH C:\Windows\System32\config\components{ef3d33fc-8729-11e1-a7d9-1c7508ab179d}.TxR.blf
2012-04-22 14:24 - 2012-04-22 14:24 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{F30F08AD-4C68-429F-AD31-DE552B0A9700}
2012-04-18 16:39 - 2012-04-18 16:39 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{7212D9ED-C08C-4982-8261-CEF361D39580}
2012-04-18 16:34 - 2012-04-18 16:34 - 0275304 ____A C:\Windows\Minidump\041812-33633-01.dmp
2012-04-16 06:16 - 2012-04-16 06:17 - 0275304 ____A C:\Windows\Minidump\041612-48687-01.dmp
2012-04-15 15:53 - 2012-04-15 15:53 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{397D6268-233E-41DE-8BEB-968406391309}
2012-04-15 10:46 - 2012-02-27 22:43 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-04-15 10:46 - 2012-02-27 22:43 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-04-15 10:46 - 2012-02-27 22:42 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-04-15 10:46 - 2012-02-27 17:04 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-04-15 10:46 - 2012-02-27 17:03 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-04-15 10:46 - 2012-02-27 17:03 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-04-15 10:45 - 2012-02-27 23:34 - 17790976 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-04-15 10:45 - 2012-02-27 23:02 - 10888704 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-04-15 10:45 - 2012-02-27 22:56 - 2311168 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-04-15 10:45 - 2012-02-27 22:50 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-04-15 10:45 - 2012-02-27 22:49 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-04-15 10:45 - 2012-02-27 22:48 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-04-15 10:45 - 2012-02-27 22:48 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-04-15 10:45 - 2012-02-27 22:47 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-04-15 10:45 - 2012-02-27 22:45 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-04-15 10:45 - 2012-02-27 22:39 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-04-15 10:45 - 2012-02-27 17:52 - 12281856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-04-15 10:45 - 2012-02-27 17:27 - 9705984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-04-15 10:45 - 2012-02-27 17:18 - 1799168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-04-15 10:45 - 2012-02-27 17:12 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-04-15 10:45 - 2012-02-27 17:11 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-04-15 10:45 - 2012-02-27 17:11 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-04-15 10:45 - 2012-02-27 17:09 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-04-15 10:45 - 2012-02-27 17:08 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-04-15 10:45 - 2012-02-27 17:06 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-04-15 10:45 - 2012-02-27 16:59 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-04-15 10:44 - 2012-02-29 22:54 - 0022896 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-04-15 10:44 - 2012-02-29 22:45 - 0220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-04-15 10:44 - 2012-02-29 22:40 - 0080896 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-04-15 10:44 - 2012-02-29 22:35 - 0005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-04-15 10:44 - 2012-02-29 21:49 - 0172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-04-15 10:44 - 2012-02-29 21:45 - 0158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2012-04-15 10:44 - 2012-02-29 21:40 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2012-04-15 10:40 - 2012-04-15 10:40 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{CDAA9E39-B0BD-4BB1-A5BE-271FDA5DF6C9}
2012-04-13 08:51 - 2012-04-13 08:51 - 0065536 __ASH C:\Windows\System32\config\components{dfebfc4c-851d-11e1-bd69-1c7508ab179d}.TxR.blf
2012-04-12 20:50 - 2012-04-12 20:50 - 0000761 ____A C:\Windows\System32\Drivers\etc\hosts.txt
2012-04-11 16:43 - 2012-04-11 16:43 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{31AF0737-C72A-4783-8AE7-E779FE2D1A3C}


============ 3 Months Modified Files and Folders =============

2012-05-09 02:04 - 2012-05-09 01:53 - 0000000 ____D C:\FRST
2012-05-09 01:18 - 2012-03-04 14:13 - 0000000 ____D C:\Windows\Minidump
2012-05-09 01:18 - 2011-06-01 07:03 - 0000000 ___HD C:\users\nolberto
2012-05-09 01:18 - 2010-11-15 21:00 - 0000000 ___HD C:\Users\All Users\Norton
2012-05-09 01:18 - 2010-11-15 21:00 - 0000000 ___HD C:\ProgramData\Norton
2012-05-09 01:18 - 2009-07-13 23:45 - 0000000 ____D C:\Windows\ShellNew
2012-05-09 01:18 - 2009-07-13 23:45 - 0000000 ____D C:\Program Files\Windows Journal
2012-05-09 01:17 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\registration
2012-05-08 21:34 - 2012-05-08 21:27 - 0000000 ____D C:\Users\nolberto\AppData\Local\NPE
2012-05-08 21:33 - 2009-07-13 21:13 - 0798758 ____A C:\Windows\System32\PerfStringBackup.INI
2012-05-08 21:32 - 2012-03-31 21:48 - 0000344 ____A C:\Windows\Tasks\At46.job
2012-05-08 21:32 - 2012-03-31 21:48 - 0000342 ____A C:\Windows\Tasks\At45.job
2012-05-08 21:32 - 2011-02-27 19:11 - 1871345 ___AH C:\Windows\WindowsUpdate.log
2012-05-08 21:29 - 2012-05-08 21:28 - 0016516 ____A C:\Windows\ntbtlog.txt
2012-05-08 21:29 - 2011-06-15 00:10 - 0000000 ___HD C:\Users\nolberto\Tracing
2012-05-08 21:29 - 2009-07-13 21:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-05-08 21:29 - 2009-07-13 20:51 - 0050849 ____A C:\Windows\setupact.log
2012-05-08 21:28 - 2011-02-27 19:08 - 3015884800 __ASH C:\hiberfil.sys
2012-05-08 21:27 - 2012-05-08 21:27 - 2804712 ____A (Symantec Corporation) C:\Users\nolberto\Documents\NPE.exe
2012-05-08 21:27 - 2012-05-08 21:27 - 0096376 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SMR250.SYS
2012-05-08 21:17 - 2012-05-08 21:17 - 2804712 ____A (Symantec Corporation) C:\Users\nolberto\Downloads\NPE.exe
2012-05-08 21:12 - 2009-07-13 20:45 - 0009920 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-05-08 21:12 - 2009-07-13 20:45 - 0009920 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-05-08 21:06 - 2012-05-08 21:06 - 0000000 ____D C:\Users\nolberto\AppData\Local\{8E4268F5-4DD7-4F9A-AEFB-77D01F62AE7D}
2012-05-08 21:04 - 2011-06-04 05:02 - 0317662 ___AH C:\Windows\PFRO.log
2012-05-08 21:04 - 2009-07-13 21:08 - 0032618 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-05-08 20:50 - 2012-05-08 20:50 - 0000467 ____A C:\Users\All Users\Gateway © - Shortcut.lnk
2012-05-08 20:50 - 2012-05-08 20:50 - 0000467 ____A C:\ProgramData\Gateway © - Shortcut.lnk
2012-05-08 20:50 - 2012-03-31 02:26 - 1063066 ___AH C:\Windows\ntbtlog.txt.bak
2012-05-08 20:41 - 2012-05-08 20:41 - 0271232 ____A C:\Windows\Minidump\050812-45848-01.dmp
2012-05-08 20:41 - 2012-03-04 14:12 - 600675103 ____A C:\Windows\MEMORY.DMP
2012-05-08 20:38 - 2012-03-31 21:48 - 0000344 ____A C:\Windows\Tasks\At44.job
2012-05-08 20:38 - 2012-03-31 21:48 - 0000342 ____A C:\Windows\Tasks\At43.job
2012-05-08 20:24 - 2012-04-27 02:11 - 0007606 ____A C:\Users\nolberto\AppData\Local\resmon.resmoncfg
2012-05-08 20:10 - 2009-07-13 19:20 - 0000000 ____D C:\PerfLogs
2012-05-08 19:56 - 2012-05-08 19:56 - 0000000 ____D C:\Users\nolberto\AppData\Local\{1ED4C39F-E108-43CB-919E-B2877A958D46}
2012-05-08 19:56 - 2012-05-08 19:55 - 0000000 ____D C:\Users\nolberto\AppData\Local\{0FFFFE57-FCC1-48CB-9035-500A3F321D72}
2012-05-08 19:54 - 2012-05-08 19:54 - 0271232 ____A C:\Windows\Minidump\050812-48921-01.dmp
2012-05-08 19:52 - 2012-05-08 19:52 - 0000000 ____D C:\Users\nolberto\AppData\Local\{ED762E46-CD83-4720-81B4-F839070CFCA1}
2012-05-08 19:47 - 2012-05-08 19:47 - 0271232 ____A C:\Windows\Minidump\050812-43009-01.dmp
2012-05-08 19:39 - 2012-05-08 19:39 - 0065536 __ASH C:\Windows\System32\config\components{122ce975-9042-11e1-bc63-1c7508ab179d}.TxR.blf
2012-05-08 19:39 - 2012-01-01 23:35 - 0000000 ____D C:\Users\nolberto\AppData\Local\ElevatedDiagnostics
2012-05-08 19:39 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NDF
2012-05-08 19:34 - 2012-03-31 21:48 - 0000344 ____A C:\Windows\Tasks\At42.job
2012-05-08 19:33 - 2012-03-31 21:48 - 0000342 ____A C:\Windows\Tasks\At41.job
2012-05-08 18:46 - 2012-05-08 18:46 - 3404618 ____A C:\Users\nolberto\Downloads\135_math8-12.pdf
2012-05-08 18:32 - 2012-03-31 21:48 - 0000344 ____A C:\Windows\Tasks\At40.job
2012-05-08 18:32 - 2012-03-31 21:48 - 0000342 ____A C:\Windows\Tasks\At39.job
2012-05-08 17:56 - 2012-05-08 17:56 - 0000000 ____D C:\Users\nolberto\AppData\Local\{B99DFBCC-A6B3-444A-9CA0-47DD3E0228FF}
2012-05-08 17:56 - 2012-05-08 17:56 - 0000000 ____D C:\Users\nolberto\AppData\Local\{84F9B6DD-EB04-46DF-A243-F1EDAA9D0389}
2012-05-06 19:03 - 2011-06-05 21:18 - 0000000 ___HD C:\Users\nolberto\AppData\Roaming\SoftGrid Client
2012-05-06 18:02 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\rescache
2012-05-06 17:34 - 2012-03-31 21:48 - 0000344 ____A C:\Windows\Tasks\At38.job
2012-05-06 17:34 - 2012-03-31 21:48 - 0000342 ____A C:\Windows\Tasks\At37.job
2012-05-06 17:03 - 2011-09-22 20:35 - 0000000 ___HD C:\Users\nolberto\AppData\Local\CrashDumps
2012-05-06 16:56 - 2012-05-06 16:56 - 0271232 ____A C:\Windows\Minidump\050612-31168-01.dmp
2012-05-06 16:34 - 2012-03-31 21:48 - 0000344 ____A C:\Windows\Tasks\At36.job
2012-05-06 16:32 - 2012-03-31 21:48 - 0000342 ____A C:\Windows\Tasks\At35.job
2012-05-06 15:35 - 2012-03-31 21:48 - 0000344 ____A C:\Windows\Tasks\At34.job
2012-05-06 15:32 - 2012-03-31 21:48 - 0000342 ____A C:\Windows\Tasks\At33.job
2012-05-06 15:21 - 2012-05-06 15:21 - 0000000 ____D C:\Users\nolberto\AppData\Local\{AB96A19B-7AAF-4EC5-89C5-A9D90FB8129E}
2012-04-27 17:16 - 2012-04-26 21:25 - 0000000 ___HD C:\Windows\pss
2012-04-27 17:00 - 2012-04-27 16:59 - 0032714 ____A C:\Windows\iis7.log
2012-04-27 16:58 - 2012-04-27 16:58 - 0000000 ____D C:\Windows\SysWOW64\BestPractices
2012-04-27 16:58 - 2012-04-27 16:58 - 0000000 ____D C:\Windows\System32\BestPractices
2012-04-27 16:58 - 2012-04-27 16:58 - 0000000 ____D C:\inetpub
2012-04-27 16:58 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Microsoft Games
2012-04-27 16:58 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\inetsrv
2012-04-27 16:58 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\inetsrv
2012-04-27 16:24 - 2012-04-27 16:24 - 0000000 ____D C:\Users\nolberto\AppData\Local\{2CA7FE6B-62CB-4EF3-A522-A48D52AA077E}
2012-04-27 05:05 - 2012-04-27 05:05 - 0000000 ____D C:\Users\nolberto\AppData\Local\{BC345852-5868-4530-971C-C13204B06FE2}
2012-04-27 05:05 - 2012-04-27 05:05 - 0000000 ____D C:\Users\nolberto\AppData\Local\{3BC3CDEC-AA81-4050-995B-063FC62CE42F}
2012-04-27 05:02 - 2012-04-27 05:01 - 0271232 ____A C:\Windows\Minidump\042712-68359-01.dmp
2012-04-27 04:57 - 2012-04-27 04:57 - 0271176 ____A C:\Windows\Minidump\042712-62993-01.dmp
2012-04-27 04:34 - 2012-03-31 21:48 - 0000344 ____A C:\Windows\Tasks\At12.job
2012-04-27 04:32 - 2012-03-31 21:48 - 0000342 ____A C:\Windows\Tasks\At11.job
2012-04-27 04:29 - 2012-04-27 04:29 - 0016840 ____A C:\Windows\SysWOW64\CCCInstall_201204270529065587.log
2012-04-27 04:29 - 2011-02-27 19:11 - 0014946 ___AH C:\Windows\DPINST.LOG
2012-04-27 04:23 - 2012-04-27 04:23 - 0000000 ____D C:\Users\nolberto\AppData\Local\{66B7C655-3028-4A89-8918-5928DCE6DAE7}
2012-04-27 04:07 - 2012-04-27 04:07 - 0000000 ____D C:\Users\nolberto\AppData\Local\{5B808DE1-C003-4AAD-8614-91997E40626A}
2012-04-27 04:01 - 2012-04-01 14:59 - 0000000 ___HD C:\Users\nolberto\AppData\Roaming\Remote
2012-04-27 03:54 - 2011-12-05 18:00 - 0000000 ___HD C:\Users\nolberto\.realobjects
2012-04-27 03:01 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\Downloaded Program Files
2012-04-27 02:39 - 2011-08-07 15:15 - 0000000 ____D C:\Program Files\Google
2012-04-27 02:39 - 2011-08-07 15:15 - 0000000 ____D C:\Program Files (x86)\Google
2012-04-27 02:32 - 2012-03-31 21:47 - 0000344 ____A C:\Windows\Tasks\At8.job
2012-04-27 02:32 - 2012-03-31 21:47 - 0000342 ____A C:\Windows\Tasks\At7.job
2012-04-27 01:32 - 2012-03-31 21:47 - 0000344 ____A C:\Windows\Tasks\At6.job
2012-04-27 01:32 - 2012-03-31 21:47 - 0000342 ____A C:\Windows\Tasks\At5.job
2012-04-27 00:53 - 2012-03-26 20:02 - 0000000 ___HD C:\Users\Public\CyberLink
2012-04-27 00:53 - 2012-03-26 20:00 - 0000000 ___HD C:\Users\nolberto\AppData\Local\Cyberlink
2012-04-27 00:53 - 2012-03-04 15:40 - 0000000 ___HD C:\Users\nolberto\Desktop\PhotoshopCS5
2012-04-27 00:53 - 2012-02-05 09:15 - 0000000 ___HD C:\Users\All Users\{D8EAEB0B-7E66-400B-9DCD-5E815A852728}
2012-04-27 00:53 - 2012-02-05 09:15 - 0000000 ___HD C:\ProgramData\{D8EAEB0B-7E66-400B-9DCD-5E815A852728}
2012-04-27 00:53 - 2011-07-02 18:31 - 0000000 ___HD C:\Users\nolberto\AppData\Local\Downloaded Installations
2012-04-27 00:53 - 2011-06-06 18:32 - 0000000 ____D C:\Users\All Users\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-04-27 00:53 - 2011-06-06 18:32 - 0000000 ____D C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-04-27 00:53 - 2011-06-01 07:04 - 0000000 ___HD C:\Users\nolberto\AppData\Local\Apps\2.0
2012-04-27 00:53 - 2009-07-13 19:20 - 0000000 __RHD C:\users\Public
2012-04-27 00:52 - 2011-07-05 02:01 - 0000000 ____D C:\f5fc6348baa89debd23555c1d30b
2012-04-27 00:52 - 2010-11-15 20:07 - 0000000 ___HD C:\OEM
2012-04-27 00:34 - 2012-03-31 21:47 - 0000344 ____A C:\Windows\Tasks\At4.job
2012-04-27 00:33 - 2012-03-31 21:47 - 0000342 ____A C:\Windows\Tasks\At3.job
2012-04-27 00:33 - 2011-06-05 23:29 - 0000000 ___HD C:\Users\All Users\VirtualizedApplications
2012-04-27 00:33 - 2011-06-05 23:29 - 0000000 ___HD C:\ProgramData\VirtualizedApplications
2012-04-27 00:31 - 2011-08-07 15:16 - 0000000 ___HD C:\Users\nolberto\AppData\Local\Google
2012-04-27 00:25 - 2012-04-27 00:25 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{399FA55E-64A0-42C3-BD17-6B4B001E99E5}
2012-04-27 00:22 - 2012-04-27 00:22 - 0275304 ____A C:\Windows\Minidump\042712-35911-01.dmp
2012-04-27 00:22 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\config\TxR
2012-04-26 23:57 - 2012-04-26 23:57 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{EFE4F98D-59BA-4C45-B7C6-E7678F4A1513}
2012-04-26 23:57 - 2012-04-26 23:57 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{5BEC3CE0-3F03-4C29-9DA3-BC06CE095396}
2012-04-26 22:54 - 2012-04-26 22:33 - 0000000 ____D C:\Program Files (x86)\PC Tools
2012-04-26 22:53 - 2012-04-26 22:20 - 0000000 ___HD C:\Users\All Users\PC Tools
2012-04-26 22:53 - 2012-04-26 22:20 - 0000000 ___HD C:\ProgramData\PC Tools
2012-04-26 22:20 - 2012-04-26 22:20 - 0000000 ___HD C:\Users\nolberto\AppData\Roaming\TestApp
2012-04-26 22:11 - 2012-04-26 22:11 - 0108656 ___AH C:\Users\nolberto\AppData\Local\GDIPFONTCACHEV1.DAT
2012-04-26 22:09 - 2012-04-26 22:09 - 0000000 ___AH C:\Users\nolberto\Documents\Default.rdp
2012-04-26 19:19 - 2012-04-26 19:19 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{F1193EFD-7CBB-4F4A-BB0F-0AC3D12D6782}
2012-04-26 19:19 - 2012-04-26 19:19 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{D9B9524F-8F96-488B-91E4-321CC2417F95}
2012-04-26 15:15 - 2012-04-26 15:15 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{ED1005FD-74CE-4DF2-9D99-20F81443C42F}
2012-04-26 15:15 - 2012-04-26 15:15 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{0A279A1E-3B3D-4F7F-AC7B-22A2AA9C2151}
2012-04-26 07:29 - 2012-04-26 07:28 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{D0DEEDE2-5C7F-43E2-BD6F-C45F643ADE67}
2012-04-26 07:28 - 2012-04-26 07:28 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{E6D08449-F82A-4AB3-8478-14869532ED10}
2012-04-26 07:16 - 2012-04-26 07:16 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{3F200F32-FDB3-4028-96D8-D3A4F76726A4}
2012-04-26 07:16 - 2012-04-26 07:16 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{11C32C60-EB0E-4687-AAEF-DD3A67DBB116}
2012-04-25 17:19 - 2012-04-25 17:19 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{DD4AD613-265C-4C76-AEC9-04E5149FC5D0}
2012-04-25 17:19 - 2012-04-25 17:19 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{3DFFD46B-E793-4A65-9E52-84FACF236F1E}
2012-04-25 10:12 - 2012-04-25 10:11 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{B41B796B-DE69-4276-B206-6B383CBC7FA4}
2012-04-25 09:32 - 2012-03-31 21:48 - 0000344 ____A C:\Windows\Tasks\At22.job
2012-04-25 09:32 - 2012-03-31 21:48 - 0000342 ____A C:\Windows\Tasks\At21.job
2012-04-25 08:32 - 2012-03-31 21:48 - 0000344 ____A C:\Windows\Tasks\At20.job
2012-04-25 08:32 - 2012-03-31 21:48 - 0000342 ____A C:\Windows\Tasks\At19.job
2012-04-25 07:37 - 2012-03-31 21:48 - 0000342 ____A C:\Windows\Tasks\At17.job
2012-04-25 07:34 - 2012-03-31 21:48 - 0000344 ____A C:\Windows\Tasks\At18.job
2012-04-25 07:12 - 2012-04-25 07:12 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{7BEE4435-15FD-40B6-9C0A-8F746A411C34}
2012-04-24 22:52 - 2012-03-31 21:48 - 0000344 ____A C:\Windows\Tasks\At48.job
2012-04-24 22:52 - 2012-03-31 21:48 - 0000342 ____A C:\Windows\Tasks\At47.job
2012-04-24 17:45 - 2012-04-24 17:45 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{27B7E42B-0EA1-4AE9-8B78-6FAC2A70250D}
2012-04-23 16:33 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\AppCompat
2012-04-23 16:32 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\sysprep
2012-04-23 15:38 - 2012-04-23 15:38 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{8B2F8D83-07A0-459D-971B-AD4F8B176FF5}
2012-04-23 07:29 - 2012-04-23 07:29 - 0065536 __ASH C:\Windows\System32\config\components{0605fc6e-8ccf-11e1-8dfa-1c7508ab179d}.TxR.blf
2012-04-23 07:27 - 2012-04-23 07:27 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{B1331189-7286-4CC4-8178-7259C50AA4AF}
2012-04-22 18:10 - 2012-04-22 18:10 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{8A966FB9-FF44-4637-B961-D0A17984985B}
2012-04-22 15:45 - 2012-04-22 15:45 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{419039F3-3FFE-4E7B-8C12-381F74FCB9B6}
2012-04-22 14:36 - 2012-04-22 14:36 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{54701A64-0AAA-419F-8402-E935D1FEE40B}
2012-04-22 14:27 - 2012-04-22 14:27 - 0065536 __ASH C:\Windows\System32\config\components{ef3d33fc-8729-11e1-a7d9-1c7508ab179d}.TxR.blf
2012-04-22 14:24 - 2012-04-22 14:24 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{F30F08AD-4C68-429F-AD31-DE552B0A9700}
2012-04-18 16:39 - 2012-04-18 16:39 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{7212D9ED-C08C-4982-8261-CEF361D39580}
2012-04-18 16:34 - 2012-04-18 16:34 - 0275304 ____A C:\Windows\Minidump\041812-33633-01.dmp
2012-04-16 06:32 - 2012-03-31 21:48 - 0000344 ____A C:\Windows\Tasks\At16.job
2012-04-16 06:32 - 2012-03-31 21:48 - 0000342 ____A C:\Windows\Tasks\At15.job
2012-04-16 06:17 - 2012-04-16 06:16 - 0275304 ____A C:\Windows\Minidump\041612-48687-01.dmp
2012-04-15 15:53 - 2012-04-15 15:53 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{397D6268-233E-41DE-8BEB-968406391309}
2012-04-15 14:32 - 2012-03-31 21:48 - 0000344 ____A C:\Windows\Tasks\At32.job
2012-04-15 14:32 - 2012-03-31 21:48 - 0000342 ____A C:\Windows\Tasks\At31.job
2012-04-15 14:10 - 2012-03-31 21:48 - 0000344 ____A C:\Windows\Tasks\At30.job
2012-04-15 14:10 - 2012-03-31 21:48 - 0000342 ____A C:\Windows\Tasks\At29.job
2012-04-15 12:36 - 2012-03-31 21:48 - 0000342 ____A C:\Windows\Tasks\At27.job
2012-04-15 12:34 - 2012-03-31 21:48 - 0000344 ____A C:\Windows\Tasks\At28.job
2012-04-15 11:32 - 2012-03-31 21:48 - 0000344 ____A C:\Windows\Tasks\At26.job
2012-04-15 11:32 - 2012-03-31 21:48 - 0000342 ____A C:\Windows\Tasks\At25.job
2012-04-15 10:40 - 2012-04-15 10:40 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{CDAA9E39-B0BD-4BB1-A5BE-271FDA5DF6C9}
2012-04-13 08:51 - 2012-04-13 08:51 - 0065536 __ASH C:\Windows\System32\config\components{dfebfc4c-851d-11e1-bd69-1c7508ab179d}.TxR.blf
2012-04-12 21:02 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\ias
2012-04-12 21:01 - 2010-11-15 20:47 - 0000000 ____D C:\Windows\SysWOW64\Drivers\nti
2012-04-12 21:01 - 2010-11-15 20:43 - 0000000 ____D C:\Windows\SysWOW64\RTCOM
2012-04-12 21:01 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\TAPI
2012-04-12 21:01 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Recovery
2012-04-12 20:58 - 2011-11-12 12:42 - 0000000 ___HD C:\Users\nolberto\AppData\Roaming\Spotify
2012-04-12 20:58 - 2011-08-13 22:09 - 0000000 ___HD C:\Users\nolberto\Desktop\water mill
2012-04-12 20:58 - 2011-06-21 21:42 - 0000000 ____D C:\Windows\System32\Drivers\NAVx64
2012-04-12 20:58 - 2011-06-15 21:00 - 0000000 ___HD C:\Users\nolberto\Desktop\Empire Earth
2012-04-12 20:58 - 2011-06-15 21:00 - 0000000 ___HD C:\Users\nolberto\AppData\Roaming\U3
2012-04-12 20:58 - 2011-06-14 23:51 - 0000000 ___HD C:\Windows\en
2012-04-12 20:58 - 2011-02-27 19:04 - 0000000 ___HD C:\Windows\NAPP_Dism_Log
2012-04-12 20:58 - 2010-11-15 20:52 - 0000000 ____D C:\Windows\OEMTemp
2012-04-12 20:58 - 2010-11-15 20:50 - 0000000 ____D C:\Windows\oem
2012-04-12 20:58 - 2009-10-05 12:30 - 0000000 __AHD C:\Windows\DeployWinRE2
2012-04-12 20:58 - 2009-07-13 20:45 - 0000000 ____D C:\Windows\Setup
2012-04-12 20:58 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\spool
2012-04-12 20:58 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Msdtc
2012-04-12 20:58 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\security
2012-04-12 20:57 - 2012-02-05 09:15 - 0000000 ___HD C:\Users\All Users\Best Buy pc app
2012-04-12 20:57 - 2012-02-05 09:15 - 0000000 ___HD C:\ProgramData\Best Buy pc app
2012-04-12 20:57 - 2011-08-13 22:59 - 0000000 ___HD C:\Users\nolberto\AppData\Roaming\SNS
2012-04-12 20:57 - 2011-07-07 19:58 - 0000000 ___HD C:\Users\All Users\Microsoft Help
2012-04-12 20:57 - 2011-07-07 19:58 - 0000000 ___HD C:\ProgramData\Microsoft Help
2012-04-12 20:57 - 2011-07-03 18:11 - 0000000 ____D C:\Program Files (x86)\ooVoo
2012-04-12 20:57 - 2011-07-02 18:32 - 0000000 ____D C:\Program Files (x86)\Music Rescue
2012-04-12 20:57 - 2011-06-21 21:43 - 0000000 ____D C:\Program Files\Common Files\Symantec Shared
2012-04-12 20:57 - 2011-06-21 21:42 - 0000000 ____D C:\Program Files (x86)\Norton AntiVirus
2012-04-12 20:57 - 2011-06-09 16:28 - 0000000 ___HD C:\Users\All Users\Hewlett-Packard
2012-04-12 20:57 - 2011-06-09 16:28 - 0000000 ___HD C:\ProgramData\Hewlett-Packard
2012-04-12 20:57 - 2011-06-06 18:32 - 0000000 ____D C:\Program Files\iTunes
2012-04-12 20:57 - 2011-06-06 18:32 - 0000000 ____D C:\Program Files\iPod
2012-04-12 20:57 - 2011-06-06 18:32 - 0000000 ____D C:\Program Files (x86)\iTunes
2012-04-12 20:57 - 2011-06-06 18:31 - 0000000 ___HD C:\Users\All Users\Apple Computer
2012-04-12 20:57 - 2011-06-06 18:31 - 0000000 ___HD C:\Users\All Users\Apple
2012-04-12 20:57 - 2011-06-06 18:31 - 0000000 ___HD C:\ProgramData\Apple Computer
2012-04-12 20:57 - 2011-06-06 18:31 - 0000000 ___HD C:\ProgramData\Apple
2012-04-12 20:57 - 2011-06-06 18:31 - 0000000 ____D C:\Program Files\Common Files\Apple
2012-04-12 20:57 - 2011-06-06 18:31 - 0000000 ____D C:\Program Files\Bonjour
2012-04-12 20:57 - 2011-06-06 18:31 - 0000000 ____D C:\Program Files (x86)\QuickTime
2012-04-12 20:57 - 2011-06-05 21:18 - 0000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
2012-04-12 20:57 - 2011-02-27 19:27 - 0000000 ____D C:\Program Files (x86)\Windows Live
2012-04-12 20:57 - 2011-02-27 19:26 - 0000000 ____D C:\Program Files\Windows Live
2012-04-12 20:57 - 2011-02-27 19:23 - 0000000 ___HD C:\Users\All Users\OEM
2012-04-12 20:57 - 2011-02-27 19:23 - 0000000 ___HD C:\ProgramData\OEM
2012-04-12 20:57 - 2011-02-27 19:16 - 0000000 ____D C:\Program Files (x86)\Video Web Camera
2012-04-12 20:57 - 2011-02-27 19:15 - 0000000 ____D C:\Program Files\Synaptics
2012-04-12 20:57 - 2011-02-27 19:15 - 0000000 ____D C:\Program Files (x86)\Launch Manager
2012-04-12 20:57 - 2010-11-15 20:54 - 0000000 ___HD C:\Users\All Users\Nero
2012-04-12 20:57 - 2010-11-15 20:54 - 0000000 ___HD C:\ProgramData\Nero
2012-04-12 20:57 - 2010-11-15 20:51 - 0000000 ____D C:\Program Files\Gateway
2012-04-12 20:57 - 2010-11-15 20:46 - 0000000 ____D C:\Program Files (x86)\Social Networks
2012-04-12 20:57 - 2010-11-15 20:46 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-04-12 20:57 - 2010-11-15 20:46 - 0000000 ____D C:\Program Files (x86)\Cyberlink
2012-04-12 20:57 - 2010-11-15 20:43 - 0000000 ____D C:\Program Files\Realtek
2012-04-12 20:57 - 2010-11-15 20:40 - 0000000 ____D C:\Program Files\Broadcom
2012-04-12 20:57 - 2010-11-15 20:39 - 0000000 ____D C:\Program Files (x86)\InstallShield Installation Information
2012-04-12 20:57 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Sidebar
2012-04-12 20:57 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Sidebar
2012-04-12 20:57 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\Microsoft Shared
2012-04-12 20:56 - 2011-12-10 21:18 - 0000000 ____D C:\Program Files (x86)\Adobe Download Assistant
2012-04-12 20:56 - 2011-06-06 18:31 - 0000000 ____D C:\Program Files (x86)\Bonjour
2012-04-12 20:56 - 2011-06-06 18:31 - 0000000 ____D C:\Program Files (x86)\Apple Software Update
2012-04-12 20:50 - 2012-04-12 20:50 - 0000761 ____A C:\Windows\System32\Drivers\etc\hosts.txt
2012-04-12 20:50 - 2009-07-13 18:34 - 0001389 _RASH C:\Windows\System32\Drivers\etc\hosts
2012-04-12 20:49 - 2010-11-15 20:59 - 0000000 ____D C:\Windows\SysWOW64\Macromed
2012-04-12 20:49 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\SysWOW64\winrm
2012-04-12 20:49 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\SysWOW64\WCN
2012-04-12 20:49 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\SysWOW64\slmgr
2012-04-12 20:49 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts
2012-04-12 20:49 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\SysWOW64\WindowsPowerShell
2012-04-12 20:49 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Web
2012-04-12 20:49 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Vss
2012-04-12 20:49 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\spp
2012-04-12 20:49 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Speech
2012-04-12 20:49 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\NetworkList
2012-04-12 20:49 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\MUI
2012-04-12 20:49 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Msdtc
2012-04-12 20:49 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\migwiz
2012-04-12 20:49 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\InstallShield
2012-04-12 20:49 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\IME
2012-04-12 20:49 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\Dism
2012-04-12 20:38 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\System32\winrm
2012-04-12 20:38 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\System32\WCN
2012-04-12 20:38 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\System32\slmgr
2012-04-12 20:38 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\System32\WindowsPowerShell
2012-04-12 20:38 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\System32\WinBioPlugIns
2012-04-12 20:38 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\SysWOW64\com
2012-04-12 20:38 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\spp
2012-04-12 20:38 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Speech
2012-04-12 20:38 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\SMI
2012-04-12 20:37 - 2012-02-16 13:13 - 0000000 ___HD C:\Windows\System32\Macromed
2012-04-12 20:37 - 2009-07-13 21:37 - 0000000 ____D C:\Windows\System32\Printing_Admin_Scripts
2012-04-12 20:37 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\oobe
2012-04-12 20:37 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\NetworkList
2012-04-12 20:37 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\MUI
2012-04-12 20:37 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\migwiz
2012-04-12 20:37 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\IME
2012-04-12 20:34 - 2009-07-13 21:32 - 0000000 ____D C:\Windows\Performance
2012-04-12 20:34 - 2009-07-13 20:45 - 0000000 ____D C:\Windows\ServiceProfiles
2012-04-12 20:34 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\Dism
2012-04-12 20:34 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\System32\com
2012-04-12 20:34 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Speech
2012-04-12 20:34 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\schemas
2012-04-12 20:34 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Resources
2012-04-12 20:34 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\PolicyDefinitions
2012-04-12 20:34 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\PLA
2012-04-12 20:30 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\IME
2012-04-12 20:30 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Help
2012-04-12 20:30 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Globalization
2012-04-12 20:30 - 2009-07-13 19:20 - 0000000 ____D C:\Windows\Branding
2012-04-12 20:27 - 2011-06-09 22:29 - 0000000 ___HD C:\Users\nolberto\Documents\Fax
2012-04-12 20:26 - 2011-06-01 07:38 - 0000000 ___HD C:\Users\nolberto\AppData\Roaming\Adobe
2012-04-12 20:26 - 2011-06-01 07:03 - 0000000 ___HD C:\Users\nolberto\AppData\LocalLow
2012-04-12 20:24 - 2011-12-10 21:18 - 0000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2012-04-12 20:24 - 2011-12-10 21:18 - 0000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2012-04-12 20:24 - 2011-08-13 22:59 - 0000000 ___HD C:\Users\All Users\CyberLink
2012-04-12 20:24 - 2011-08-13 22:59 - 0000000 ___HD C:\ProgramData\CyberLink
2012-04-12 20:24 - 2011-08-07 15:15 - 0000000 ___HD C:\Users\All Users\Google
2012-04-12 20:24 - 2011-08-07 15:15 - 0000000 ___HD C:\ProgramData\Google
2012-04-12 20:24 - 2011-06-29 08:57 - 0000000 ___HD C:\Users\nolberto\AppData\Local\Microsoft Games
2012-04-12 20:24 - 2011-06-05 21:18 - 0000000 ____D C:\Program Files\Microsoft Office
2012-04-12 20:24 - 2010-11-15 20:51 - 0000000 ___HD C:\Users\All Users\Gateway
2012-04-12 20:24 - 2010-11-15 20:51 - 0000000 ___HD C:\ProgramData\Gateway
2012-04-12 20:24 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Photo Viewer
2012-04-12 20:24 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Windows Defender
2012-04-12 20:24 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\Reference Assemblies
2012-04-12 20:24 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\MSBuild
2012-04-12 20:24 - 2009-07-13 19:20 - 0000000 ___RD C:\users\Default
2012-04-12 20:24 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Windows NT
2012-04-12 20:23 - 2011-02-27 19:10 - 0000000 ____D C:\Program Files\ATI
2012-04-12 20:23 - 2010-11-15 20:59 - 0000000 ____D C:\Program Files (x86)\NortonInstaller
2012-04-12 20:23 - 2010-11-15 20:54 - 0000000 ____D C:\Program Files (x86)\Nero
2012-04-12 20:23 - 2010-11-15 20:47 - 0000000 ____D C:\Program Files (x86)\NewTech Infosystems
2012-04-12 20:23 - 2010-11-15 20:39 - 0000000 ____D C:\Program Files (x86)\Realtek
2012-04-12 20:23 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files\DVD Maker
2012-04-12 20:23 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2012-04-12 20:23 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Windows Defender
2012-04-12 20:23 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\Reference Assemblies
2012-04-12 20:23 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\System
2012-04-12 20:23 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files\Common Files\SpeechEngines
2012-04-12 20:23 - 2009-07-13 19:20 - 0000000 ____D C:\Program Files (x86)\Windows NT
2012-04-12 20:22 - 2011-06-05 23:00 - 0000000 ____D C:\Program Files (x86)\Java
2012-04-12 20:22 - 2011-02-27 19:27 - 0000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2012-04-12 20:22 - 2011-02-27 19:25 - 0000000 ____D C:\Program Files (x86)\Microsoft Office
2012-04-12 20:22 - 2010-11-15 20:45 - 0000000 ____D C:\Program Files (x86)\Gateway
2012-04-12 20:22 - 2009-07-13 21:32 - 0000000 ____D C:\Program Files (x86)\MSBuild
2012-04-12 20:21 - 2012-03-26 20:17 - 0000000 ____D C:\Program Files (x86)\ComboViewer
2012-04-12 20:21 - 2011-06-09 16:22 - 0000000 ____D C:\Program Files (x86)\Avery Dennison
2012-04-12 20:20 - 2010-11-15 20:58 - 0000000 ____D C:\Program Files (x86)\Adobe
2012-04-12 20:19 - 2011-06-09 21:11 - 0000000 ___RD C:\MSOCache
2012-04-11 17:08 - 2010-11-15 20:59 - 0000000 ___HD C:\Users\All Users\NortonInstaller
2012-04-11 17:08 - 2010-11-15 20:59 - 0000000 ___HD C:\ProgramData\NortonInstaller
2012-04-11 16:44 - 2011-07-03 20:48 - 0055808 __ASH C:\Users\nolberto\Documents\Thumbs.db
2012-04-11 16:43 - 2012-04-11 16:43 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{31AF0737-C72A-4783-8AE7-E779FE2D1A3C}
2012-04-01 17:41 - 2012-01-02 02:31 - 0000000 ___HD C:\Users\nolberto\Documents\College
2012-04-01 15:03 - 2009-07-13 20:45 - 0400040 ____A C:\Windows\System32\FNTCACHE.DAT
2012-04-01 14:43 - 2012-04-01 14:42 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{C5AAB872-543F-46DD-BA12-CD8E3E046CEF}
2012-04-01 14:37 - 2012-04-01 14:36 - 0275304 ____A C:\Windows\Minidump\040112-55286-01.dmp
2012-04-01 14:33 - 2012-04-01 14:33 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{FAFCDD35-770A-4A64-BFF5-894B7FBF8804}
2012-04-01 14:29 - 2012-04-01 14:28 - 0275304 ____A C:\Windows\Minidump\040112-56441-01.dmp
2012-04-01 00:30 - 2012-04-01 00:30 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{3CF55598-A275-4D32-AA2F-32AC636C3C54}
2012-03-31 22:46 - 2011-06-01 07:04 - 0000000 ___HD C:\Users\nolberto\AppData\Local\Deployment
2012-03-31 22:22 - 2012-03-31 22:22 - 0389024 ___AH (Bleeping Computer, LLC) C:\Users\nolberto\Desktop\unhide.exe
2012-03-31 22:15 - 2012-01-02 01:13 - 0000000 ___HD C:\Users\nolberto\Documents\MyTIData
2012-03-31 22:15 - 2011-08-12 19:50 - 0000000 ___HD C:\Users\nolberto\Desktop\ortiga nilsa
2012-03-31 22:09 - 2012-03-31 21:48 - 0000344 ____A C:\Windows\Tasks\At24.job
2012-03-31 22:09 - 2012-03-31 21:48 - 0000344 ____A C:\Windows\Tasks\At14.job
2012-03-31 22:09 - 2012-03-31 21:48 - 0000344 ____A C:\Windows\Tasks\At10.job
2012-03-31 22:09 - 2012-03-31 21:48 - 0000342 ____A C:\Windows\Tasks\At9.job
2012-03-31 22:09 - 2012-03-31 21:48 - 0000342 ____A C:\Windows\Tasks\At23.job
2012-03-31 22:09 - 2012-03-31 21:48 - 0000342 ____A C:\Windows\Tasks\At13.job
2012-03-31 22:09 - 2012-03-31 21:47 - 0000344 ____A C:\Windows\Tasks\At2.job
2012-03-31 22:09 - 2012-03-31 21:47 - 0000342 ____A C:\Windows\Tasks\At1.job
2012-03-31 04:28 - 2012-03-31 01:09 - 0000264 ___AH C:\Users\All Users\~xOWgqJZq0FUmCB
2012-03-31 04:28 - 2012-03-31 01:09 - 0000264 ___AH C:\ProgramData\~xOWgqJZq0FUmCB
2012-03-31 04:22 - 2012-03-26 20:13 - 0000000 ___HD C:\VxCapture
2012-03-31 03:59 - 2011-06-12 22:28 - 0000000 ___HD C:\Users\nolberto\AppData\Local\Windows Live
2012-03-31 03:34 - 2012-03-31 03:34 - 0389024 ___AH (Bleeping Computer, LLC) C:\Users\nolberto\Downloads\unhide.exe
2012-03-31 03:34 - 2012-03-31 03:34 - 0389024 ___AH (Bleeping Computer, LLC) C:\Users\nolberto\Downloads\unhide (1).exe
2012-03-31 02:22 - 2012-03-31 02:22 - 9502424 ___AH (Malwarebytes Corporation ) C:\Users\nolberto\Downloads\mbam--setup-1.60.1.1000 (2).exe
2012-03-31 02:21 - 2012-03-31 02:20 - 9502424 ___AH (Malwarebytes Corporation ) C:\Users\nolberto\Downloads\mbam--setup-1.60.1.1000 (1).exe
2012-03-31 02:05 - 2012-03-31 02:05 - 9502424 ___AH (Malwarebytes Corporation ) C:\Users\nolberto\Downloads\mbam--setup-1.60.1.1000.exe
2012-03-31 01:09 - 2012-03-31 01:09 - 0000168 ___AH C:\Users\All Users\~xOWgqJZq0FUmCBr
2012-03-31 01:09 - 2012-03-31 01:09 - 0000168 ___AH C:\ProgramData\~xOWgqJZq0FUmCBr
2012-03-31 01:01 - 2012-03-31 01:00 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{65E0ADFF-4BE3-413A-A925-D1FA3139C28D}
2012-03-28 18:53 - 2012-03-28 18:53 - 0042234 ___AH C:\Users\nolberto\Documents\Hamlet Act 4 Common Assessment _ 1 Writing Section for e chalk.docx
2012-03-28 18:53 - 2012-03-28 18:53 - 0000162 ___AH C:\Users\nolberto\Documents\~$mlet Act 4 Common Assessment _ 1 Writing Section for e chalk.docx
2012-03-28 18:04 - 2012-03-28 18:04 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{F461C055-F123-44B4-B246-FF599CFA5A66}
2012-03-28 18:02 - 2012-03-28 18:02 - 0275304 ____A C:\Windows\Minidump\032812-37206-01.dmp
2012-03-28 17:47 - 2012-03-28 17:47 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{3F4969C1-5D34-4BAF-A872-08EDE2A34432}
2012-03-28 17:40 - 2012-03-28 17:40 - 0000000 ___HD C:\Users\All Users\boost_interprocess
2012-03-28 17:40 - 2012-03-28 17:40 - 0000000 ___HD C:\ProgramData\boost_interprocess
2012-03-28 17:37 - 2012-03-28 17:37 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{097EAC17-4F07-476F-925C-11C4D6BB3F56}
2012-03-27 21:18 - 2012-03-27 21:18 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{AD511B3F-DB4A-4958-BA1A-D46738919F94}
2012-03-27 19:23 - 2012-03-27 19:23 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{E3508091-2AAB-4F3F-B28D-6486794A07B4}
2012-03-27 19:22 - 2012-03-27 19:21 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{A8C8E316-28F1-43E9-A04D-1DED772182CC}
2012-03-27 19:17 - 2012-03-27 19:17 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{ADB9F7FB-4370-4D55-B11A-28CF8AC184AB}
2012-03-26 19:59 - 2012-03-26 19:59 - 0000000 ___HD C:\Users\nolberto\Documents\CyberLink
2012-03-26 19:59 - 2012-03-26 19:59 - 0000000 ___HD C:\Users\nolberto\AppData\Roaming\CyberLink
2012-03-26 19:57 - 2012-03-26 19:57 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{18D13BEB-5B23-4EDA-A050-076884D4A36E}
2012-03-26 19:57 - 2012-03-26 19:57 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{0340B1FA-8CAB-4B50-BF70-524CC8C71725}
2012-03-26 15:10 - 2012-03-26 14:58 - 0000264 ___AH C:\Users\All Users\~RsAqkcQa5RDP5y
2012-03-26 15:10 - 2012-03-26 14:58 - 0000264 ___AH C:\ProgramData\~RsAqkcQa5RDP5y
2012-03-26 15:10 - 2012-03-26 14:58 - 0000176 ___AH C:\Users\All Users\~RsAqkcQa5RDP5yr
2012-03-26 15:10 - 2012-03-26 14:58 - 0000176 ___AH C:\ProgramData\~RsAqkcQa5RDP5yr
2012-03-26 15:09 - 2012-03-26 15:09 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{66E36730-DC20-43CA-A5C9-4A9DDCC64C65}
2012-03-26 15:05 - 2012-03-16 14:12 - 0000000 ___HD C:\Users\nolberto\AppData\Local\Systweak
2012-03-26 14:47 - 2012-03-26 14:47 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{EE83A4FD-5AB2-4FBE-B893-7DDEA7E2B5A1}
2012-03-26 14:47 - 2012-03-26 14:45 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{5ED87DFE-0CA7-45FC-A353-1513D7C7BDFF}
2012-03-26 13:21 - 2012-03-26 13:21 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{6C00F74A-127F-4669-ACBB-6C5720D4B0D0}
2012-03-26 13:21 - 2012-03-26 13:20 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{A7D67F1B-46E2-4693-A59D-E6F84D5FD4DE}
2012-03-20 12:50 - 2012-04-26 22:21 - 0251528 ____A (PC Tools) C:\Windows\System32\Drivers\PCTSD64.sys
2012-03-16 14:45 - 2012-03-16 14:45 - 0000000 ___HD C:\Users\nolberto\Documents\Haenlein-Software
2012-03-16 14:45 - 2012-03-16 14:45 - 0000000 ___HD C:\Users\nolberto\AppData\Roaming\Haenlein-Software
2012-03-16 14:45 - 2012-03-16 14:45 - 0000000 ___HD C:\Users\nolberto\AppData\Local\IsolatedStorage
2012-03-16 14:44 - 2012-03-16 14:44 - 0000000 ___HD C:\Users\nolberto\Documents\pvas21022
2012-03-16 14:03 - 2012-03-16 14:03 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{2BFEBD8E-25F2-4EC2-995B-E3824F5E3CA4}
2012-03-15 22:39 - 2011-12-10 21:20 - 0000000 ___HD C:\Users\nolberto\Adobe Photoshop CS5.1
2012-03-15 22:23 - 2012-03-15 22:22 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{60F8F7FE-4AD0-4B46-8B3B-BF95FBA01009}
2012-03-15 22:22 - 2012-03-15 22:21 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{3F88D207-12C0-43D7-B685-F825C1A87C10}
2012-03-15 22:02 - 2012-03-15 22:02 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{104E2703-4E1E-4F78-A2CC-F1D08FD1E4BF}
2012-03-15 22:02 - 2012-03-15 22:01 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{77F8E084-FD8F-410B-AFE4-C762078481F6}
2012-03-15 21:22 - 2012-03-15 21:22 - 0000000 ___HD C:\Users\nolberto\AppData\Roaming\Nero
2012-03-15 21:04 - 2012-03-15 21:04 - 0000264 ___AH C:\Users\All Users\~A5xcokiChWTba7
2012-03-15 21:04 - 2012-03-15 21:04 - 0000264 ___AH C:\ProgramData\~A5xcokiChWTba7
2012-03-15 21:04 - 2012-03-15 21:04 - 0000176 ___AH C:\Users\All Users\~A5xcokiChWTba7r
2012-03-15 21:04 - 2012-03-15 21:04 - 0000176 ___AH C:\ProgramData\~A5xcokiChWTba7r
2012-03-15 20:59 - 2012-03-15 20:59 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{BD0B59E2-D0F2-47E5-ACBF-ACDC589DBE7F}
2012-03-15 20:59 - 2012-03-15 20:58 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{92C3812A-6790-4BFA-AA8D-CB9EEF06ACE6}
2012-03-15 20:26 - 2012-03-15 20:26 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{802E329E-C4CF-4A4F-A557-F20DA1F2B485}
2012-03-15 20:26 - 2012-03-15 20:26 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{15FDB19C-2694-4AEE-B628-DE304BA04064}
2012-03-15 20:22 - 2012-03-15 20:22 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{96DB36C7-72E6-453A-AACE-34C60B7DA369}
2012-03-14 13:48 - 2012-03-14 13:48 - 0000136 ___AH C:\Users\nolberto\AppData\Roaming\srvblck2.tmp
2012-03-14 13:48 - 2012-03-14 13:48 - 0000065 ___AH C:\Users\nolberto\AppData\Roaming\AcroIEHelpe.txt
2012-03-14 13:48 - 2012-03-14 13:48 - 0000032 ___AH C:\Users\nolberto\AppData\Roaming\blckdom.res
2012-03-14 13:48 - 2012-03-14 13:47 - 0000000 ___HD C:\Users\nolberto\AppData\Roaming\xmldm
2012-03-14 13:48 - 2012-03-14 13:47 - 0000000 ___HD C:\Users\nolberto\AppData\Roaming\kock
2012-03-14 13:32 - 2012-03-14 13:32 - 0065536 __ASH C:\Windows\System32\config\components{3d55d37b-6e1c-11e1-993d-1c7508ab179d}.TxR.blf
2012-03-14 13:28 - 2012-03-14 13:28 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{91CC46A5-868E-43E5-A109-318B1E85BF21}
2012-03-14 13:28 - 2012-03-14 13:28 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{17858664-9A94-4232-9D1F-3DD3850E4763}
2012-03-14 12:04 - 2012-03-14 09:45 - 0000264 ___AH C:\Users\All Users\~NFdtRhcmQ8qJ7C
2012-03-14 12:04 - 2012-03-14 09:45 - 0000264 ___AH C:\ProgramData\~NFdtRhcmQ8qJ7C
2012-03-14 09:45 - 2012-03-14 09:45 - 0000176 ___AH C:\Users\All Users\~NFdtRhcmQ8qJ7Cr
2012-03-14 09:45 - 2012-03-14 09:45 - 0000176 ___AH C:\ProgramData\~NFdtRhcmQ8qJ7Cr
2012-03-14 09:45 - 2012-03-14 09:45 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{4129C9BB-A617-4D85-AEF4-FB519E939FE4}
2012-03-14 09:45 - 2012-03-14 09:44 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{3FBD0B36-E7C0-450A-9C17-B77D72BB303B}
2012-03-14 09:40 - 2012-03-14 09:40 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{350FA94A-B8C6-4CF8-B14F-876361AE33AB}
2012-03-14 09:33 - 2012-03-14 09:33 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{DD4F8E8B-F710-4DF5-807E-0E15AC19C919}
2012-03-14 09:28 - 2012-03-14 09:28 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{65767A34-D172-4A49-9841-D2B051AE0FA0}
2012-03-14 09:20 - 2012-03-14 09:19 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{EAE17854-9DA8-4E30-A688-396D2E84265A}
2012-03-14 09:19 - 2012-03-14 09:18 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{2CC8A8BD-C4BC-4723-BA45-0B734250737D}
2012-03-12 18:02 - 2012-03-12 18:02 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{F1BB3405-6C3A-497F-843C-E92BB0224C1B}
2012-03-12 17:59 - 2012-03-12 17:59 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{0A7EC5F7-4BEE-4A0B-88F7-F8F8EC07513E}
2012-03-12 17:59 - 2012-03-12 17:58 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{2ECDA73D-FEAA-4EB7-A883-2AA1E22F6FC7}
2012-03-10 13:06 - 2012-03-10 13:06 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{1C6A58FD-7CBE-4519-9587-FBE2FA1133DC}
2012-03-10 11:04 - 2012-03-10 11:04 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{F4F2D1BB-6841-499A-9926-F8CCD85343B2}
2012-03-10 07:07 - 2012-03-10 07:07 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{A0FF3B38-9574-4F94-8CC1-0DC015B2EE13}
2012-03-09 18:35 - 2012-03-09 18:35 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{493DD921-809C-42A3-B9E6-27199BC2A027}
2012-03-08 14:24 - 2012-03-08 14:24 - 0065536 __ASH C:\Windows\System32\config\components{9a0e457f-6967-11e1-a193-1c7508ab179d}.TxR.blf
2012-03-08 14:06 - 2011-06-06 18:33 - 0000000 ___HD C:\Users\nolberto\AppData\Local\Apple Computer
2012-03-08 14:00 - 2012-03-08 14:00 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{BA6A8557-F6C0-40D2-A572-60AC52051FA8}
2012-03-08 14:00 - 2012-03-08 14:00 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{1E510330-99CC-4E3A-9A5B-AEDFB4B11C9C}
2012-03-08 13:46 - 2012-03-08 13:46 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{AAA3B65F-4CC3-4205-9812-592C86D03B7A}
2012-03-08 13:46 - 2012-03-08 13:45 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{AB6D0C5D-9589-4268-B8D9-CFD66389A835}
2012-03-08 13:43 - 2012-03-08 13:43 - 0275304 ____A C:\Windows\Minidump\030812-42869-01.dmp
2012-03-08 11:36 - 2012-03-08 11:36 - 0065536 __ASH C:\Windows\System32\config\components{f05e8409-6894-11e1-8e17-1c7508ab179d}.TxR.blf
2012-03-07 20:49 - 2012-03-07 20:49 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{B08E1338-D25A-4ABF-9284-9F4174DF8DDF}
2012-03-07 20:41 - 2012-03-07 20:41 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{D841720E-D983-4F8D-85E9-0D0D42313D16}
2012-03-07 19:28 - 2012-03-07 19:28 - 0013073 ___AH C:\Users\nolberto\Documents\HAMLETS WEST SIDE STORY.wlmp
2012-03-07 19:16 - 2012-03-07 19:16 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{D0DF273C-79D5-4CEC-AB54-4E6EA27A8C46}
2012-03-07 19:16 - 2012-03-07 19:16 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{604B0535-FBD6-4AF3-82AC-D85DD2CBF1D2}
2012-03-07 17:45 - 2012-03-07 17:45 - 0015152 ___AH C:\Users\nolberto\Documents\ophelia song (Autosaved).docx
2012-03-07 12:37 - 2012-03-07 12:37 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{7EA7E048-32D0-4B32-B5B8-8F2E9D7C45E1}
2012-03-07 12:33 - 2012-03-07 12:33 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{9910C8EC-77A6-426C-B5A1-1440B1D65EE9}
2012-03-07 12:28 - 2012-03-07 12:28 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{4BB380EF-4ACA-4D46-A58C-0F8B56DFC437}
2012-03-05 11:52 - 2012-03-05 11:52 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{60A492D4-9491-41D1-8DDA-54C35B68E60B}
2012-03-05 11:52 - 2012-03-05 11:52 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{41567FB1-0784-444D-8639-74E7958A8C23}
2012-03-05 11:48 - 2012-03-05 11:48 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{4E240C36-6A21-4E85-84E7-78AEB2603E45}
2012-03-05 11:47 - 2012-03-05 11:47 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{76CA825E-2156-4767-BDF2-EBBF2D8FA017}
2012-03-05 11:28 - 2012-03-05 11:28 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{3253B6AB-3C53-4226-938A-876563241187}
2012-03-04 14:15 - 2012-03-04 14:15 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{11A8A61E-717A-4A5D-A1E9-2FE1B10C021C}
2012-03-04 14:14 - 2012-03-04 14:14 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{82D9625F-3110-4782-A098-0A6B9B210F60}
2012-03-04 14:13 - 2012-03-04 14:13 - 0275304 ____A C:\Windows\Minidump\030412-35802-01.dmp
2012-03-04 13:22 - 2012-03-04 12:05 - 0000162 ___AH C:\Users\nolberto\Documents\~$Act I.docx
2012-03-04 13:22 - 2012-03-03 12:04 - 0018879 ___AH C:\Users\nolberto\Documents\Act I.docx
2012-03-04 12:04 - 2012-03-04 12:03 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{D0A2CABE-F13F-48B2-8CC8-572C7ACF7E0E}
2012-03-04 12:03 - 2012-03-04 12:02 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{CACA9A63-920E-4A4F-B296-1718AF4A14AC}
2012-03-04 11:58 - 2009-07-13 23:44 - 0000000 __RHD C:\Users\Public\Recorded TV
2012-03-03 11:22 - 2012-03-03 11:22 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{1075E12B-610B-4CA4-8D5B-4EE54F9BB819}
2012-03-03 11:18 - 2012-03-03 11:18 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{41BE6809-28C1-4A05-B05C-6515CA2E3DB8}
2012-03-02 23:58 - 2012-03-02 23:58 - 0000000 ____D C:\Users\Default\AppData\Local\Apple Computer
2012-03-02 23:58 - 2012-03-02 23:58 - 0000000 ____D C:\Users\Default User\AppData\Local\Apple Computer
2012-03-02 23:57 - 2012-03-02 23:57 - 0000000 ____D C:\Users\Default\AppData\Roaming\Apple Computer
2012-03-02 23:57 - 2012-03-02 23:57 - 0000000 ____D C:\Users\Default User\AppData\Roaming\Apple Computer
2012-03-02 22:58 - 2012-03-02 22:57 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{A19C9AA5-B96A-4E5C-A122-C05DBF4798A3}
2012-03-02 22:57 - 2012-03-02 22:55 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{4BDE9376-A83B-4293-AE6B-B98698100781}
2012-03-02 21:17 - 2012-03-02 21:17 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{709D9DC3-481B-492E-99E2-226437032E99}
2012-03-02 21:17 - 2012-03-02 21:16 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{22F2765A-782D-4BA7-86B6-456EFC844DFA}
2012-03-02 20:54 - 2011-11-12 12:42 - 0000000 ___HD C:\Users\nolberto\AppData\Local\Spotify
2012-03-01 19:55 - 2012-03-01 19:55 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{7275407A-021E-4BC4-81D0-44DD6630A147}
2012-02-29 22:54 - 2012-04-15 10:44 - 0022896 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-02-29 22:45 - 2012-04-15 10:44 - 0220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-02-29 22:40 - 2012-04-15 10:44 - 0080896 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-02-29 22:35 - 2012-04-15 10:44 - 0005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-02-29 21:49 - 2012-04-15 10:44 - 0172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-02-29 21:45 - 2012-04-15 10:44 - 0158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2012-02-29 21:40 - 2012-04-15 10:44 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2012-02-29 09:31 - 2011-12-21 09:07 - 0000000 ___HD C:\Users\nolberto\Documents\English
2012-02-27 23:34 - 2012-04-15 10:45 - 17790976 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-02-27 23:02 - 2012-04-15 10:45 - 10888704 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-02-27 22:56 - 2012-04-15 10:45 - 2311168 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-02-27 22:50 - 2012-04-15 10:45 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-02-27 22:49 - 2012-04-15 10:45 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-02-27 22:48 - 2012-04-15 10:45 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-02-27 22:48 - 2012-04-15 10:45 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-02-27 22:47 - 2012-04-15 10:45 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-02-27 22:45 - 2012-04-15 10:45 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-02-27 22:43 - 2012-04-15 10:46 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-02-27 22:43 - 2012-04-15 10:46 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-02-27 22:42 - 2012-04-15 10:46 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-02-27 22:39 - 2012-04-15 10:45 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-02-27 17:52 - 2012-04-15 10:45 - 12281856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-02-27 17:27 - 2012-04-15 10:45 - 9705984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-02-27 17:18 - 2012-04-15 10:45 - 1799168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-02-27 17:12 - 2012-04-15 10:45 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-02-27 17:11 - 2012-04-15 10:45 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-02-27 17:11 - 2012-04-15 10:45 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-02-27 17:09 - 2012-04-15 10:45 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-02-27 17:08 - 2012-04-15 10:45 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-02-27 17:06 - 2012-04-15 10:45 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-02-27 17:04 - 2012-04-15 10:46 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-02-27 17:03 - 2012-04-15 10:46 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-02-27 17:03 - 2012-04-15 10:46 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-02-27 16:59 - 2012-04-15 10:45 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-02-27 07:37 - 2012-02-25 08:58 - 0014308 ___AH C:\Users\nolberto\Documents\Prologue.docx
2012-02-19 06:55 - 2012-02-19 06:55 - 3695416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2012-02-19 06:55 - 2012-02-19 06:55 - 3695416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2012-02-19 06:55 - 2012-02-19 06:55 - 0697344 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-02-19 06:55 - 2012-02-19 06:55 - 0603648 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-02-19 06:55 - 2012-02-19 06:55 - 0580608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-02-19 06:55 - 2012-02-19 06:55 - 0534528 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2012-02-19 06:55 - 2012-02-19 06:55 - 0452608 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2012-02-19 06:55 - 2012-02-19 06:55 - 0448512 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-02-19 06:55 - 2012-02-19 06:55 - 0434176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2012-02-19 06:55 - 2012-02-19 06:55 - 0420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-02-19 06:55 - 2012-02-19 06:55 - 0403248 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-02-19 06:55 - 2012-02-19 06:55 - 0367104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2012-02-19 06:55 - 2012-02-19 06:55 - 0353792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2012-02-19 06:55 - 2012-02-19 06:55 - 0353584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2012-02-19 06:55 - 2012-02-19 06:55 - 0282112 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2012-02-19 06:55 - 2012-02-19 06:55 - 0267776 ____A (Microsoft Corporation) C:\Windows\System32\ieaksie.dll
2012-02-19 06:55 - 2012-02-19 06:55 - 0249344 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2012-02-19 06:55 - 2012-02-19 06:55 - 0227840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2012-02-19 06:55 - 2012-02-19 06:55 - 0223232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2012-02-19 06:55 - 2012-02-19 06:55 - 0222208 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2012-02-19 06:55 - 2012-02-19 06:55 - 0203776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2012-02-19 06:55 - 2012-02-19 06:55 - 0197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2012-02-19 06:55 - 2012-02-19 06:55 - 0173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-02-19 06:55 - 2012-02-19 06:55 - 0165888 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2012-02-19 06:55 - 2012-02-19 06:55 - 0163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2012-02-19 06:55 - 2012-02-19 06:55 - 0163840 ____A (Microsoft Corporation) C:\Windows\System32\ieakui.dll
2012-02-19 06:55 - 2012-02-19 06:55 - 0162304 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2012-02-19 06:55 - 2012-02-19 06:55 - 0161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2012-02-19 06:55 - 2012-02-19 06:55 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2012-02-19 06:55 - 2012-02-19 06:55 - 0160256 ____A (Microsoft Corporation) C:\Windows\System32\ieakeng.dll
2012-02-19 06:55 - 2012-02-19 06:55 - 0152064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2012-02-19 06:55 - 2012-02-19 06:55 - 0150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2012-02-19 06:55 - 2012-02-19 06:55 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2012-02-19 06:55 - 2012-02-19 06:55 - 0145920 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-02-19 06:55 - 2012-02-19 06:55 - 0142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-02-19 06:55 - 2012-02-19 06:55 - 0135168 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2012-02-19 06:55 - 2012-02-19 06:55 - 0130560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2012-02-19 06:55 - 2012-02-19 06:55 - 0123392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2012-02-19 06:55 - 2012-02-19 06:55 - 0118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2012-02-19 06:55 - 2012-02-19 06:55 - 0114176 ____A (Microsoft Corporation) C:\Windows\System32\admparse.dll
2012-02-19 06:55 - 2012-02-19 06:55 - 0111616 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2012-02-19 06:55 - 2012-02-19 06:55 - 0110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2012-02-19 06:55 - 2012-02-19 06:55 - 0103936 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2012-02-19 06:55 - 2012-02-19 06:55 - 0101888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2012-02-19 06:55 - 2012-02-19 06:55 - 0091648 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2012-02-19 06:55 - 2012-02-19 06:55 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2012-02-19 06:55 - 2012-02-19 06:55 - 0089088 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2012-02-19 06:55 - 2012-02-19 06:55 - 0086528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2012-02-19 06:55 - 2012-02-19 06:55 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2012-02-19 06:55 - 2012-02-19 06:55 - 0082432 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2012-02-19 06:55 - 2012-02-19 06:55 - 0078848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2012-02-19 06:55 - 2012-02-19 06:55 - 0076800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2012-02-19 06:55 - 2012-02-19 06:55 - 0076800 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2012-02-19 06:55 - 2012-02-19 06:55 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2012-02-19 06:55 - 2012-02-19 06:55 - 0074752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2012-02-19 06:55 - 2012-02-19 06:55 - 0074240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2012-02-19 06:55 - 2012-02-19 06:55 - 0072822 ____A C:\Windows\SysWOW64\ieuinit.inf
2012-02-19 06:55 - 2012-02-19 06:55 - 0072822 ____A C:\Windows\System32\ieuinit.inf
2012-02-19 06:55 - 2012-02-19 06:55 - 0066048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2012-02-19 06:55 - 2012-02-19 06:55 - 0065024 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2012-02-19 06:55 - 2012-02-19 06:55 - 0063488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2012-02-19 06:55 - 2012-02-19 06:55 - 0055296 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-02-19 06:55 - 2012-02-19 06:55 - 0054272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2012-02-19 06:55 - 2012-02-19 06:55 - 0049664 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2012-02-19 06:55 - 2012-02-19 06:55 - 0048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2012-02-19 06:55 - 2012-02-19 06:55 - 0048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2012-02-19 06:55 - 2012-02-19 06:55 - 0041472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2012-02-19 06:55 - 2012-02-19 06:55 - 0039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2012-02-19 06:55 - 2012-02-19 06:55 - 0035840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2012-02-19 06:55 - 2012-02-19 06:55 - 0031744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2012-02-19 06:55 - 2012-02-19 06:55 - 0030720 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-02-19 06:55 - 2012-02-19 06:55 - 0023552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2012-02-19 06:55 - 2012-02-19 06:55 - 0012288 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2012-02-19 06:55 - 2012-02-19 06:55 - 0011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2012-02-19 06:55 - 2012-02-19 06:55 - 0010752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2012-02-19 06:55 - 2012-02-19 06:55 - 0010752 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-02-19 06:55 - 2012-02-19 05:55 - 0003882 ___AH C:\Windows\IE9_main.log
2012-02-17 19:14 - 2012-03-31 22:32 - 0001864 ____A C:\Users\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
2012-02-16 13:13 - 2012-02-16 13:13 - 0000000 ___HD C:\Users\All Users\McAfee
2012-02-16 13:13 - 2012-02-16 13:13 - 0000000 ___HD C:\ProgramData\McAfee
2012-02-16 13:13 - 2011-08-07 15:15 - 0414368 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-02-14 22:27 - 2012-03-31 21:43 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-02-14 21:44 - 2012-03-31 21:43 - 0826368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-02-14 20:47 - 2012-03-31 21:43 - 0204800 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-02-14 20:46 - 2012-03-31 21:43 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-02-10 17:42 - 2012-02-10 17:41 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{89EB2FD9-4757-4AE9-9E45-37250DEA466A}
2012-02-10 17:41 - 2012-02-10 17:41 - 0000000 ___HD C:\Users\nolberto\AppData\Local\{BC3DB06F-659C-4D82-9A22-15E147A8242C}

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe
[2009-07-13 15:34] - [2009-07-13 17:14] - 0026112 ____A (Microsoft Corporation) 6DE80F60D7DE9CE6B8C2DDFDF79EF175

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 17%
Total physical RAM: 3834.9 MB
Available physical RAM: 3147.65 MB
Total Pagefile: 3833.05 MB
Available Pagefile: 3136.87 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (Gateway) (Fixed) (Total:452.65 GB) (Free:400.7 GB) NTFS
2 Drive e: (PQSERVICE) (Fixed) (Total:13 GB) (Free:1.92 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive g: () (Removable) (Total:0.24 GB) (Free:0.02 GB) FAT
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 247 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Recovery 13 GB 1024 KB
Partition 2 Primary 100 MB 13 GB
Partition 3 Primary 452 GB 13 GB

======================================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E PQSERVICE NTFS Partition 13 GB Healthy Hidden

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM RESE NTFS Partition 100 MB Healthy

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C Gateway NTFS Partition 452 GB Healthy

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 246 MB 16 KB

======================================================================================================

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G FAT Removable 246 MB Healthy

======================================================================================================
==========================================================
TDL4: custom:26000022 <===== ATTENTION!


==========================================================

Last Boot: 2012-05-06 17:51

======================= End Of Log ==========================

Edited by farbar, 09 May 2012 - 12:28 PM.


BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,711 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:21 AM

Posted 09 May 2012 - 12:37 PM

Hi fles0011,

Please copy and paste the logs instead of attaching them unless otherwise requested. I have opened the attached log.

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
HKU\nolberto\...\Run: [lpc] rundll32.exe "er. como quiera ill stillbe able to see and meet with people in highschool. and pos since i have your number ill be able to reach you and let you knkow of upcoing stuff we might have to doso far i have maya, myself, you, jacky, and elizabeth ", RegisterDll [x]
HKU\nolberto\...\Run: [LHWmcRqHquM.exe] C:\ProgramData\LHWmcRqHquM.exe [x]
HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [296960 2009-07-13] (Microsoft Corporation)
SubSystems: [Windows] ATTENTION! ====> ZeroAccess
cmd: del /a/f/q C:\Windows\Tasks\At*.job
TDL4: custom:26000022 <===== ATTENTION!
cmd: bootrec /FixMbr
end

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options and select Command Prompt.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

#3 flex0011

flex0011
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:21 PM

Posted 09 May 2012 - 08:42 PM

Hi farbar,
Thanks for helping me. Did as you indicated and here is the log


Fix result of Farbar Recovery Tool (FRST written by farbar) Version: 08-05-2012
Ran by SYSTEM at 2012-05-09 18:31:18 Run:1
Running from G:\

==============================================

HKEY_USERS\nolberto\Software\Microsoft\Windows\CurrentVersion\Run\\lpc Value deleted successfully.
HKEY_USERS\nolberto\Software\Microsoft\Windows\CurrentVersion\Run\\LHWmcRqHquM.exe Value deleted successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\*Restore Value deleted successfully.
HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored.

========= del /a/f/q C:\Windows\Tasks\At*.job =========


========= End of CMD: =========


The operation completed successfully.
The operation completed successfully.

========= bootrec /FixMbr =========

˙ūT h e o p e r a t i o n c o m p l e t e d s u c c e s s f u l l y .

========= End of CMD: =========


==== End of Fixlog ====

#4 flex0011

flex0011
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:21 PM

Posted 09 May 2012 - 08:47 PM

Thank you so much my computer is up and running again. I'm thrilled. :clapping:

#5 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,711 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:21 AM

Posted 10 May 2012 - 08:52 AM

Great. :thumbup2:

Let's check for other things and restore winsock entries that get altered by this malware.

  • Please download Malwarebytes' Anti-Malware from one of these locations:
    malwarebytes.org
    majorgeeks.com
    • Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the MBAM log.
    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

  • Please download MiniRegTool64.zip and unzip it.
    • Run the tool.
    • Copy and paste the following into the edit box:

      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters\NameSpace_Catalog5
    • Check Export keys radio button.
    • Press Go button and post the result.


#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,711 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:21 AM

Posted 15 May 2012 - 11:51 PM

This thread will now be closed since the issue seems to be resolved.

If you need this topic reopened, please send me a Private Message and I will reopen it for you.

If you should have a new issue, please start a new topic.

Every one else should start a new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users