Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Trojans


  • This topic is locked This topic is locked
23 replies to this topic

#1 Oleuanna

Oleuanna

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:05:54 PM

Posted 01 July 2012 - 01:08 AM

I have wanted to format my computer but have recently discovered my back up is unreliable so must try to salvage my computer. I have had a trojan on the computer for some time now and the more I try to remove it the more it reacts (quite impressive really)..I have now taken most programs off the computer via uninstall but two refuse to budge which is AVG and Movie Magic Screenwriter 6 which is where I believe the virus came from.

As I remove the programs the performance of the computer improves remarkably, the worse affliction is with the internet, not so much pop ups but the screen just freezes or I am unable to open anything on the computer at all. Also once I run the AVG rootkit removal it found several but when it went to remove them it crashed. When I restarted the computer the rootkit removal driver had disabled AVG from working that program again and now refuses to be uninstalled.

Some advice on unwanted program removal would be helpful..Thank you

Attached Files


Edited by Oleuanna, 01 July 2012 - 01:27 AM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,764 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:54 PM

Posted 05 July 2012 - 09:09 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Lets start with these scans.

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.

#3 Oleuanna

Oleuanna
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:05:54 PM

Posted 06 July 2012 - 03:58 AM

09:54:54.0149 7120 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08
09:54:56.0152 7120 ============================================================
09:54:56.0153 7120 Current date / time: 2012/07/06 09:54:56.0152
09:54:56.0153 7120 SystemInfo:
09:54:56.0153 7120
09:54:56.0153 7120 OS Version: 6.1.7601 ServicePack: 1.0
09:54:56.0153 7120 Product type: Workstation
09:54:56.0153 7120 ComputerName: OLEUANNA-HP
09:54:56.0155 7120 UserName: Oleuanna
09:54:56.0155 7120 Windows directory: C:\Windows
09:54:56.0155 7120 System windows directory: C:\Windows
09:54:56.0155 7120 Running under WOW64
09:54:56.0155 7120 Processor architecture: Intel x64
09:54:56.0155 7120 Number of processors: 4
09:54:56.0155 7120 Page size: 0x1000
09:54:56.0155 7120 Boot type: Normal boot
09:54:56.0155 7120 ============================================================
09:55:00.0846 7120 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:55:00.0853 7120 ============================================================
09:55:00.0853 7120 \Device\Harddisk0\DR0:
09:55:00.0853 7120 MBR partitions:
09:55:00.0853 7120 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
09:55:00.0853 7120 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x55971800
09:55:00.0853 7120 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x559D5800, BlocksNum 0x1B3D000
09:55:00.0853 7120 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x57512800, BlocksNum 0x336F0
09:55:00.0853 7120 ============================================================
09:55:01.0019 7120 C: <-> \Device\Harddisk0\DR0\Partition1
09:55:01.0078 7120 D: <-> \Device\Harddisk0\DR0\Partition2
09:55:01.0078 7120 ============================================================
09:55:01.0078 7120 Initialize success
09:55:01.0078 7120 ============================================================
09:55:03.0377 4916 ============================================================
09:55:03.0377 4916 Scan started
09:55:03.0377 4916 Mode: Manual;
09:55:03.0377 4916 ============================================================
09:55:06.0296 4916 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
09:55:06.0297 4916 !SASCORE - ok
09:55:07.0046 4916 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
09:55:07.0050 4916 1394ohci - ok
09:55:07.0148 4916 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
09:55:07.0151 4916 ACPI - ok
09:55:07.0233 4916 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
09:55:07.0234 4916 AcpiPmi - ok
09:55:07.0665 4916 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
09:55:07.0668 4916 AdobeARMservice - ok
09:55:07.0814 4916 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
09:55:07.0824 4916 adp94xx - ok
09:55:07.0927 4916 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
09:55:07.0949 4916 adpahci - ok
09:55:08.0075 4916 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
09:55:08.0079 4916 adpu320 - ok
09:55:08.0125 4916 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
09:55:08.0127 4916 AeLookupSvc - ok
09:55:08.0218 4916 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
09:55:08.0226 4916 AFD - ok
09:55:08.0283 4916 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
09:55:08.0286 4916 agp440 - ok
09:55:08.0355 4916 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
09:55:08.0358 4916 ALG - ok
09:55:08.0457 4916 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
09:55:08.0460 4916 aliide - ok
09:55:08.0494 4916 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
09:55:08.0496 4916 amdide - ok
09:55:08.0742 4916 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
09:55:08.0796 4916 AmdK8 - ok
09:55:08.0862 4916 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
09:55:08.0872 4916 AmdPPM - ok
09:55:09.0019 4916 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
09:55:09.0022 4916 amdsata - ok
09:55:09.0112 4916 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
09:55:09.0176 4916 amdsbs - ok
09:55:09.0272 4916 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
09:55:09.0273 4916 amdxata - ok
09:55:09.0339 4916 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
09:55:09.0342 4916 AppID - ok
09:55:09.0374 4916 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
09:55:09.0376 4916 AppIDSvc - ok
09:55:09.0429 4916 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
09:55:09.0433 4916 Appinfo - ok
09:55:09.0589 4916 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
09:55:09.0593 4916 arc - ok
09:55:09.0629 4916 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
09:55:09.0632 4916 arcsas - ok
09:55:09.0808 4916 aswFsBlk (df59b8e8df0bd2e0e303778a3806a17d) C:\Windows\system32\drivers\aswFsBlk.sys
09:55:09.0810 4916 aswFsBlk - ok
09:55:09.0950 4916 aswMonFlt (f8e6ab4f876feff69250f2e0c29ef004) C:\Windows\system32\drivers\aswMonFlt.sys
09:55:09.0952 4916 aswMonFlt - ok
09:55:10.0043 4916 aswRdr (aa92bc4bcba40ca3aa3ffd1be24f0c09) C:\Windows\System32\Drivers\aswrdr2.sys
09:55:10.0046 4916 aswRdr - ok
09:55:10.0300 4916 aswSnx (f06e230e1e8ca9437a6474b7b551cd37) C:\Windows\system32\drivers\aswSnx.sys
09:55:10.0310 4916 aswSnx - ok
09:55:10.0448 4916 aswSP (3610ca74a69e380424f0452dec5c1317) C:\Windows\system32\drivers\aswSP.sys
09:55:10.0454 4916 aswSP - ok
09:55:10.0573 4916 aswTdi (87de3e31cb0091d22351349869324065) C:\Windows\system32\drivers\aswTdi.sys
09:55:10.0575 4916 aswTdi - ok
09:55:10.0659 4916 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
09:55:10.0662 4916 AsyncMac - ok
09:55:10.0713 4916 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
09:55:10.0714 4916 atapi - ok
09:55:10.0835 4916 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
09:55:10.0845 4916 AudioEndpointBuilder - ok
09:55:10.0853 4916 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
09:55:10.0858 4916 AudioSrv - ok
09:55:11.0139 4916 avast! Antivirus (2f7c0f3e39c45e0127fb78b2f18a41f3) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
09:55:11.0141 4916 avast! Antivirus - ok
09:55:12.0176 4916 AVGIDSAgent (ba60fd7a64b9759a14c0fba4a9ed4c7b) C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
09:55:12.0229 4916 AVGIDSAgent - ok
09:55:12.0409 4916 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\Windows\system32\DRIVERS\avgidsdrivera.sys
09:55:12.0411 4916 AVGIDSDriver - ok
09:55:12.0506 4916 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\Windows\system32\DRIVERS\avgidsfiltera.sys
09:55:12.0507 4916 AVGIDSFilter - ok
09:55:12.0557 4916 AVGIDSHA - ok
09:55:12.0668 4916 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\Windows\system32\DRIVERS\avgldx64.sys
09:55:12.0670 4916 Avgldx64 - ok
09:55:12.0729 4916 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\Windows\system32\DRIVERS\avgmfx64.sys
09:55:12.0766 4916 Avgmfx64 - ok
09:55:12.0902 4916 Avgrkx64 - ok
09:55:13.0002 4916 Avgtdia - ok
09:55:13.0254 4916 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
09:55:13.0271 4916 avgwd - ok
09:55:13.0388 4916 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
09:55:13.0392 4916 AxInstSV - ok
09:55:13.0472 4916 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
09:55:13.0480 4916 b06bdrv - ok
09:55:13.0581 4916 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
09:55:13.0587 4916 b57nd60a - ok
09:55:14.0029 4916 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
09:55:14.0076 4916 BCM43XX - ok
09:55:14.0135 4916 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
09:55:14.0139 4916 BDESVC - ok
09:55:14.0212 4916 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
09:55:14.0214 4916 Beep - ok
09:55:14.0373 4916 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
09:55:14.0393 4916 BFE - ok
09:55:14.0538 4916 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
09:55:14.0596 4916 BITS - ok
09:55:14.0704 4916 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
09:55:14.0707 4916 blbdrive - ok
09:55:14.0933 4916 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
09:55:14.0936 4916 bowser - ok
09:55:15.0214 4916 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
09:55:15.0216 4916 BrFiltLo - ok
09:55:15.0328 4916 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
09:55:15.0331 4916 BrFiltUp - ok
09:55:15.0527 4916 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
09:55:15.0531 4916 BridgeMP - ok
09:55:15.0636 4916 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
09:55:15.0641 4916 Browser - ok
09:55:15.0761 4916 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
09:55:15.0768 4916 Brserid - ok
09:55:15.0973 4916 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
09:55:15.0976 4916 BrSerWdm - ok
09:55:16.0093 4916 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
09:55:16.0095 4916 BrUsbMdm - ok
09:55:16.0140 4916 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
09:55:16.0142 4916 BrUsbSer - ok
09:55:16.0227 4916 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
09:55:16.0238 4916 BTHMODEM - ok
09:55:16.0371 4916 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
09:55:16.0375 4916 bthserv - ok
09:55:16.0430 4916 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
09:55:16.0433 4916 cdfs - ok
09:55:16.0568 4916 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
09:55:16.0570 4916 cdrom - ok
09:55:16.0849 4916 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
09:55:16.0853 4916 CertPropSvc - ok
09:55:17.0002 4916 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
09:55:17.0005 4916 circlass - ok
09:55:17.0203 4916 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
09:55:17.0224 4916 CLFS - ok
09:55:17.0381 4916 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:55:17.0385 4916 clr_optimization_v2.0.50727_32 - ok
09:55:17.0576 4916 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
09:55:17.0579 4916 clr_optimization_v2.0.50727_64 - ok
09:55:17.0727 4916 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:55:17.0737 4916 clr_optimization_v4.0.30319_32 - ok
09:55:17.0842 4916 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
09:55:17.0847 4916 clr_optimization_v4.0.30319_64 - ok
09:55:17.0946 4916 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys
09:55:17.0948 4916 clwvd - ok
09:55:18.0049 4916 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
09:55:18.0051 4916 CmBatt - ok
09:55:18.0099 4916 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
09:55:18.0101 4916 cmdide - ok
09:55:18.0252 4916 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
09:55:18.0261 4916 CNG - ok
09:55:18.0372 4916 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
09:55:18.0373 4916 Compbatt - ok
09:55:18.0489 4916 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
09:55:18.0492 4916 CompositeBus - ok
09:55:18.0529 4916 COMSysApp - ok
09:55:18.0739 4916 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
09:55:18.0742 4916 crcdisk - ok
09:55:18.0926 4916 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
09:55:18.0931 4916 CryptSvc - ok
09:55:19.0105 4916 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
09:55:19.0120 4916 DcomLaunch - ok
09:55:19.0186 4916 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
09:55:19.0195 4916 defragsvc - ok
09:55:19.0311 4916 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
09:55:19.0314 4916 DfsC - ok
09:55:19.0413 4916 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
09:55:19.0420 4916 Dhcp - ok
09:55:19.0475 4916 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
09:55:19.0477 4916 discache - ok
09:55:19.0592 4916 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
09:55:19.0594 4916 Disk - ok
09:55:19.0798 4916 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
09:55:19.0805 4916 Dnscache - ok
09:55:19.0922 4916 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
09:55:19.0929 4916 dot3svc - ok
09:55:19.0960 4916 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
09:55:19.0963 4916 DPS - ok
09:55:20.0111 4916 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
09:55:20.0113 4916 drmkaud - ok
09:55:20.0293 4916 dtsoftbus01 (821bf177a24172f5f0ee9b322f58516c) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
09:55:20.0298 4916 dtsoftbus01 - ok
09:55:20.0550 4916 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
09:55:20.0564 4916 DXGKrnl - ok
09:55:20.0603 4916 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
09:55:20.0607 4916 EapHost - ok
09:55:21.0152 4916 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
09:55:21.0253 4916 ebdrv - ok
09:55:21.0580 4916 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
09:55:21.0584 4916 EFS - ok
09:55:21.0905 4916 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
09:55:22.0013 4916 ehRecvr - ok
09:55:22.0091 4916 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
09:55:22.0095 4916 ehSched - ok
09:55:22.0729 4916 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
09:55:22.0779 4916 elxstor - ok
09:55:22.0861 4916 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
09:55:22.0864 4916 ErrDev - ok
09:55:23.0223 4916 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
09:55:23.0231 4916 EventSystem - ok
09:55:23.0515 4916 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
09:55:23.0534 4916 exfat - ok
09:55:23.0718 4916 ezSharedSvc - ok
09:55:24.0207 4916 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
09:55:24.0213 4916 fastfat - ok
09:55:24.0710 4916 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
09:55:24.0729 4916 Fax - ok
09:55:24.0874 4916 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
09:55:24.0877 4916 fdc - ok
09:55:24.0929 4916 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
09:55:24.0933 4916 fdPHost - ok
09:55:25.0035 4916 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
09:55:25.0056 4916 FDResPub - ok
09:55:25.0327 4916 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
09:55:25.0330 4916 FileInfo - ok
09:55:25.0362 4916 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
09:55:25.0365 4916 Filetrace - ok
09:55:26.0317 4916 FLEXnet Licensing Service (bb0667b0171b632b97ea759515476f07) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
09:55:26.0372 4916 FLEXnet Licensing Service - ok
09:55:26.0444 4916 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
09:55:26.0446 4916 flpydisk - ok
09:55:26.0644 4916 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
09:55:26.0665 4916 FltMgr - ok
09:55:26.0903 4916 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
09:55:27.0111 4916 FontCache - ok
09:55:27.0404 4916 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
09:55:27.0408 4916 FontCache3.0.0.0 - ok
09:55:27.0496 4916 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
09:55:27.0500 4916 FsDepends - ok
09:55:27.0849 4916 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
09:55:27.0851 4916 Fs_Rec - ok
09:55:28.0106 4916 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
09:55:28.0109 4916 fvevol - ok
09:55:28.0307 4916 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
09:55:28.0309 4916 gagp30kx - ok
09:55:28.0474 4916 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
09:55:28.0511 4916 gpsvc - ok
09:55:28.0710 4916 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
09:55:28.0712 4916 hcw85cir - ok
09:55:28.0837 4916 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
09:55:28.0851 4916 HdAudAddService - ok
09:55:28.0976 4916 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
09:55:28.0978 4916 HDAudBus - ok
09:55:29.0064 4916 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
09:55:29.0067 4916 HECIx64 - ok
09:55:29.0141 4916 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
09:55:29.0145 4916 HidBatt - ok
09:55:29.0283 4916 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
09:55:29.0287 4916 HidBth - ok
09:55:29.0387 4916 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
09:55:29.0391 4916 HidIr - ok
09:55:29.0421 4916 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
09:55:29.0426 4916 hidserv - ok
09:55:29.0524 4916 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
09:55:29.0526 4916 HidUsb - ok
09:55:29.0807 4916 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
09:55:29.0813 4916 hkmsvc - ok
09:55:29.0926 4916 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
09:55:29.0941 4916 HomeGroupListener - ok
09:55:30.0063 4916 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
09:55:30.0095 4916 HomeGroupProvider - ok
09:55:30.0411 4916 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
09:55:30.0413 4916 HP Support Assistant Service - ok
09:55:30.0897 4916 HPClientSvc (3dc11a802353401332d49c3cbfbbe5fc) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
09:55:30.0902 4916 HPClientSvc - ok
09:55:31.0437 4916 hpCMSrv (8f123d1fa65adecea0244c615ea95dfa) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
09:55:31.0485 4916 hpCMSrv - ok
09:55:31.0681 4916 HPDrvMntSvc.exe (d17f9e527f01770bd04a9223bc40ec22) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
09:55:31.0685 4916 HPDrvMntSvc.exe - ok
09:55:31.0827 4916 hpqwmiex (0955c23c041451fb4e7099d6b2cf1c06) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
09:55:31.0833 4916 hpqwmiex - ok
09:55:32.0075 4916 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
09:55:32.0078 4916 HpSAMD - ok
09:55:32.0484 4916 HPWMISVC (f630dd7564ebb7248a13b1cc774d9ea6) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
09:55:32.0485 4916 HPWMISVC - ok
09:55:32.0797 4916 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
09:55:32.0871 4916 HTTP - ok
09:55:32.0965 4916 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
09:55:32.0966 4916 hwpolicy - ok
09:55:33.0082 4916 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
09:55:33.0086 4916 i8042prt - ok
09:55:33.0153 4916 iaStor (d469b77687e12fe43e344806740b624d) C:\Windows\system32\DRIVERS\iaStor.sys
09:55:33.0159 4916 iaStor - ok
09:55:33.0830 4916 IAStorDataMgrSvc (983fc69644ddf0486c8dfea262948d1a) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
09:55:33.0831 4916 IAStorDataMgrSvc - ok
09:55:34.0046 4916 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
09:55:34.0051 4916 iaStorV - ok
09:55:34.0367 4916 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
09:55:34.0564 4916 idsvc - ok
09:55:38.0289 4916 igfx (0d1b8c64bdf0e5cdc523a1409ffb5ef0) C:\Windows\system32\DRIVERS\igdkmd64.sys
09:55:38.0501 4916 igfx - ok
09:55:38.0904 4916 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
09:55:38.0906 4916 iirsp - ok
09:55:38.0986 4916 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
09:55:38.0997 4916 IKEEXT - ok
09:55:39.0121 4916 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
09:55:39.0129 4916 Impcd - ok
09:55:39.0215 4916 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
09:55:39.0219 4916 IntcDAud - ok
09:55:39.0282 4916 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
09:55:39.0286 4916 intelide - ok
09:55:39.0367 4916 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
09:55:39.0369 4916 intelppm - ok
09:55:39.0396 4916 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
09:55:39.0400 4916 IPBusEnum - ok
09:55:39.0473 4916 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:55:39.0477 4916 IpFilterDriver - ok
09:55:39.0646 4916 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
09:55:39.0691 4916 iphlpsvc - ok
09:55:39.0745 4916 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
09:55:39.0747 4916 IPMIDRV - ok
09:55:39.0802 4916 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
09:55:39.0804 4916 IPNAT - ok
09:55:39.0855 4916 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
09:55:39.0856 4916 IRENUM - ok
09:55:39.0898 4916 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
09:55:39.0899 4916 isapnp - ok
09:55:39.0960 4916 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
09:55:39.0968 4916 iScsiPrt - ok
09:55:40.0191 4916 ISWKL (1152f8beb568f2f72f1c5c32a1f4e529) C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
09:55:40.0192 4916 ISWKL - ok
09:55:40.0611 4916 IswSvc (ef46ef3a790c42bba9b5afa2586448db) C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
09:55:40.0616 4916 IswSvc - ok
09:55:40.0806 4916 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
09:55:40.0808 4916 kbdclass - ok
09:55:40.0888 4916 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
09:55:40.0891 4916 kbdhid - ok
09:55:40.0938 4916 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
09:55:40.0941 4916 KeyIso - ok
09:55:41.0195 4916 KL1 (e656fe10d6d27794afa08136685a69e8) C:\Windows\system32\DRIVERS\kl1.sys
09:55:41.0201 4916 KL1 - ok
09:55:41.0303 4916 kl2 (d865dd8b0448e3f963d68c04c532858f) C:\Windows\system32\DRIVERS\kl2.sys
09:55:41.0304 4916 kl2 - ok
09:55:41.0388 4916 KLIF (055790d38d7ec73aef03e4aa7f67ba03) C:\Windows\system32\DRIVERS\klif.sys
09:55:41.0391 4916 KLIF - ok
09:55:41.0434 4916 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
09:55:41.0436 4916 KSecDD - ok
09:55:41.0463 4916 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
09:55:41.0465 4916 KSecPkg - ok
09:55:41.0569 4916 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
09:55:41.0571 4916 ksthunk - ok
09:55:41.0635 4916 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
09:55:41.0647 4916 KtmRm - ok
09:55:41.0818 4916 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
09:55:41.0828 4916 LanmanServer - ok
09:55:41.0910 4916 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
09:55:41.0920 4916 LanmanWorkstation - ok
09:55:42.0054 4916 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
09:55:42.0057 4916 lltdio - ok
09:55:42.0123 4916 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
09:55:42.0131 4916 lltdsvc - ok
09:55:42.0242 4916 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
09:55:42.0246 4916 lmhosts - ok
09:55:42.0448 4916 LMS (0405f4bcd1c7a7b309f620fe0b5de5e6) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
09:55:42.0450 4916 LMS - ok
09:55:42.0526 4916 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
09:55:42.0529 4916 LSI_FC - ok
09:55:42.0579 4916 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
09:55:42.0581 4916 LSI_SAS - ok
09:55:42.0631 4916 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
09:55:42.0633 4916 LSI_SAS2 - ok
09:55:42.0690 4916 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
09:55:42.0692 4916 LSI_SCSI - ok
09:55:42.0931 4916 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
09:55:42.0935 4916 luafv - ok
09:55:43.0046 4916 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
09:55:43.0048 4916 MBAMProtector - ok
09:55:43.0294 4916 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
09:55:43.0301 4916 MBAMService - ok
09:55:43.0390 4916 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
09:55:43.0394 4916 Mcx2Svc - ok
09:55:43.0643 4916 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
09:55:43.0645 4916 megasas - ok
09:55:43.0738 4916 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
09:55:43.0742 4916 MegaSR - ok
09:55:43.0827 4916 Microsoft SharePoint Workspace Audit Service - ok
09:55:43.0861 4916 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
09:55:43.0864 4916 MMCSS - ok
09:55:43.0893 4916 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
09:55:43.0896 4916 Modem - ok
09:55:43.0964 4916 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
09:55:43.0965 4916 monitor - ok
09:55:44.0097 4916 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
09:55:44.0099 4916 mouclass - ok
09:55:44.0225 4916 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\drivers\mouhid.sys
09:55:44.0228 4916 mouhid - ok
09:55:44.0284 4916 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
09:55:44.0286 4916 mountmgr - ok
09:55:44.0350 4916 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
09:55:44.0353 4916 mpio - ok
09:55:44.0400 4916 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
09:55:44.0401 4916 mpsdrv - ok
09:55:44.0573 4916 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
09:55:44.0616 4916 MpsSvc - ok
09:55:44.0661 4916 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
09:55:44.0665 4916 MRxDAV - ok
09:55:44.0732 4916 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
09:55:44.0736 4916 mrxsmb - ok
09:55:44.0773 4916 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:55:44.0791 4916 mrxsmb10 - ok
09:55:44.0826 4916 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:55:44.0828 4916 mrxsmb20 - ok
09:55:44.0853 4916 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
09:55:44.0854 4916 msahci - ok
09:55:44.0944 4916 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
09:55:44.0948 4916 msdsm - ok
09:55:44.0977 4916 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
09:55:44.0981 4916 MSDTC - ok
09:55:45.0037 4916 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
09:55:45.0039 4916 Msfs - ok
09:55:45.0154 4916 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
09:55:45.0156 4916 mshidkmdf - ok
09:55:45.0264 4916 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
09:55:45.0267 4916 msisadrv - ok
09:55:45.0336 4916 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
09:55:45.0340 4916 MSiSCSI - ok
09:55:45.0343 4916 msiserver - ok
09:55:45.0392 4916 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
09:55:45.0394 4916 MSKSSRV - ok
09:55:45.0455 4916 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
09:55:45.0457 4916 MSPCLOCK - ok
09:55:45.0510 4916 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
09:55:45.0512 4916 MSPQM - ok
09:55:45.0565 4916 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
09:55:45.0592 4916 MsRPC - ok
09:55:45.0647 4916 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
09:55:45.0648 4916 mssmbios - ok
09:55:45.0714 4916 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
09:55:45.0715 4916 MSTEE - ok
09:55:45.0766 4916 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
09:55:45.0768 4916 MTConfig - ok
09:55:45.0798 4916 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
09:55:45.0799 4916 Mup - ok
09:55:45.0929 4916 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
09:55:46.0021 4916 napagent - ok
09:55:46.0124 4916 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
09:55:46.0152 4916 NativeWifiP - ok
09:55:46.0282 4916 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
09:55:46.0291 4916 NDIS - ok
09:55:46.0346 4916 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
09:55:46.0348 4916 NdisCap - ok
09:55:46.0435 4916 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
09:55:46.0437 4916 NdisTapi - ok
09:55:46.0471 4916 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
09:55:46.0473 4916 Ndisuio - ok
09:55:46.0594 4916 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
09:55:46.0636 4916 NdisWan - ok
09:55:46.0687 4916 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
09:55:46.0690 4916 NDProxy - ok
09:55:46.0772 4916 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
09:55:46.0775 4916 NetBIOS - ok
09:55:46.0929 4916 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
09:55:46.0949 4916 NetBT - ok
09:55:47.0070 4916 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
09:55:47.0074 4916 Netlogon - ok
09:55:47.0322 4916 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
09:55:47.0340 4916 Netman - ok
09:55:47.0419 4916 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
09:55:47.0427 4916 netprofm - ok
09:55:47.0779 4916 netr28x (a98071e3e1e5e503462cc9e0ded91a36) C:\Windows\system32\DRIVERS\netr28x.sys
09:55:47.0886 4916 netr28x - ok
09:55:48.0065 4916 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:55:48.0069 4916 NetTcpPortSharing - ok
09:55:48.0364 4916 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
09:55:48.0367 4916 nfrd960 - ok
09:55:48.0542 4916 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
09:55:48.0548 4916 NlaSvc - ok
09:55:48.0654 4916 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
09:55:48.0656 4916 Npfs - ok
09:55:48.0682 4916 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
09:55:48.0687 4916 nsi - ok
09:55:48.0742 4916 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
09:55:48.0745 4916 nsiproxy - ok
09:55:49.0112 4916 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
09:55:49.0179 4916 Ntfs - ok
09:55:49.0383 4916 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
09:55:49.0385 4916 Null - ok
09:55:49.0506 4916 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
09:55:49.0572 4916 NVENETFD - ok
09:55:49.0772 4916 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
09:55:49.0789 4916 nvraid - ok
09:55:49.0862 4916 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
09:55:49.0866 4916 nvstor - ok
09:55:49.0941 4916 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
09:55:49.0944 4916 nv_agp - ok
09:55:49.0987 4916 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
09:55:49.0990 4916 ohci1394 - ok
09:55:50.0351 4916 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:55:50.0389 4916 ose - ok
09:55:51.0580 4916 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
09:55:51.0716 4916 osppsvc - ok
09:55:52.0065 4916 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
09:55:52.0120 4916 p2pimsvc - ok
09:55:52.0253 4916 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
09:55:52.0287 4916 p2psvc - ok
09:55:52.0603 4916 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
09:55:52.0663 4916 Parport - ok
09:55:52.0721 4916 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
09:55:52.0724 4916 partmgr - ok
09:55:52.0806 4916 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
09:55:52.0814 4916 PcaSvc - ok
09:55:52.0865 4916 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
09:55:52.0869 4916 pci - ok
09:55:52.0979 4916 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
09:55:52.0981 4916 pciide - ok
09:55:53.0087 4916 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
09:55:53.0091 4916 pcmcia - ok
09:55:53.0182 4916 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
09:55:53.0185 4916 pcw - ok
09:55:53.0309 4916 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
09:55:53.0317 4916 PEAUTH - ok
09:55:53.0791 4916 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
09:55:53.0797 4916 PerfHost - ok
09:55:53.0997 4916 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
09:55:54.0058 4916 pla - ok
09:55:54.0349 4916 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
09:55:54.0391 4916 PlugPlay - ok
09:55:54.0490 4916 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
09:55:54.0494 4916 PNRPAutoReg - ok
09:55:54.0578 4916 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
09:55:54.0584 4916 PNRPsvc - ok
09:55:54.0689 4916 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
09:55:54.0696 4916 PolicyAgent - ok
09:55:54.0739 4916 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
09:55:54.0745 4916 Power - ok
09:55:54.0973 4916 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
09:55:54.0976 4916 PptpMiniport - ok
09:55:55.0011 4916 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
09:55:55.0014 4916 Processor - ok
09:55:55.0140 4916 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
09:55:55.0145 4916 ProfSvc - ok
09:55:55.0193 4916 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
09:55:55.0195 4916 ProtectedStorage - ok
09:55:55.0338 4916 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
09:55:55.0340 4916 Psched - ok
09:55:55.0768 4916 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
09:55:55.0841 4916 ql2300 - ok
09:55:56.0137 4916 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
09:55:56.0141 4916 ql40xx - ok
09:55:56.0218 4916 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
09:55:56.0227 4916 QWAVE - ok
09:55:56.0297 4916 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
09:55:56.0300 4916 QWAVEdrv - ok
09:55:56.0345 4916 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
09:55:56.0348 4916 RasAcd - ok
09:55:56.0431 4916 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
09:55:56.0434 4916 RasAgileVpn - ok
09:55:56.0534 4916 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
09:55:56.0555 4916 RasAuto - ok
09:55:56.0639 4916 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
09:55:56.0643 4916 Rasl2tp - ok
09:55:56.0718 4916 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
09:55:56.0727 4916 RasMan - ok
09:55:56.0785 4916 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
09:55:56.0787 4916 RasPppoe - ok
09:55:56.0831 4916 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
09:55:56.0833 4916 RasSstp - ok
09:55:56.0900 4916 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
09:55:56.0907 4916 rdbss - ok
09:55:56.0965 4916 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
09:55:56.0967 4916 rdpbus - ok
09:55:57.0026 4916 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
09:55:57.0028 4916 RDPCDD - ok
09:55:57.0055 4916 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
09:55:57.0057 4916 RDPENCDD - ok
09:55:57.0109 4916 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
09:55:57.0111 4916 RDPREFMP - ok
09:55:57.0188 4916 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
09:55:57.0194 4916 RDPWD - ok
09:55:57.0313 4916 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
09:55:57.0318 4916 rdyboost - ok
09:55:57.0361 4916 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
09:55:57.0368 4916 RemoteAccess - ok
09:55:57.0407 4916 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
09:55:57.0416 4916 RemoteRegistry - ok
09:55:57.0451 4916 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
09:55:57.0457 4916 RpcEptMapper - ok
09:55:57.0536 4916 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
09:55:57.0541 4916 RpcLocator - ok
09:55:57.0806 4916 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\System32\rpcss.dll
09:55:57.0819 4916 RpcSs - ok
09:55:57.0968 4916 RSPCIESTOR (546d7f426776090b90ef5f195b6ae662) C:\Windows\system32\DRIVERS\RtsPStor.sys
09:55:57.0973 4916 RSPCIESTOR - ok
09:55:58.0081 4916 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
09:55:58.0084 4916 rspndr - ok
09:55:58.0244 4916 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
09:55:58.0253 4916 RTL8167 - ok
09:55:58.0283 4916 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
09:55:58.0288 4916 SamSs - ok
09:55:58.0471 4916 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
09:55:58.0472 4916 SASDIFSV - ok
09:55:58.0526 4916 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
09:55:58.0527 4916 SASKUTIL - ok
09:55:58.0573 4916 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
09:55:58.0576 4916 sbp2port - ok
09:55:58.0627 4916 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
09:55:58.0638 4916 SCardSvr - ok
09:55:58.0663 4916 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
09:55:58.0666 4916 scfilter - ok
09:55:58.0807 4916 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
09:55:58.0853 4916 Schedule - ok
09:55:58.0910 4916 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
09:55:58.0913 4916 SCPolicySvc - ok
09:55:58.0980 4916 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys
09:55:58.0985 4916 sdbus - ok
09:55:59.0030 4916 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
09:55:59.0049 4916 SDRSVC - ok
09:55:59.0108 4916 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
09:55:59.0111 4916 secdrv - ok
09:55:59.0161 4916 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
09:55:59.0166 4916 seclogon - ok
09:55:59.0228 4916 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
09:55:59.0236 4916 SENS - ok
09:55:59.0334 4916 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
09:55:59.0341 4916 SensrSvc - ok
09:55:59.0424 4916 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
09:55:59.0426 4916 Serenum - ok
09:55:59.0474 4916 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
09:55:59.0479 4916 Serial - ok
09:55:59.0556 4916 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
09:55:59.0559 4916 sermouse - ok
09:55:59.0637 4916 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
09:55:59.0646 4916 SessionEnv - ok
09:55:59.0724 4916 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
09:55:59.0727 4916 sffdisk - ok
09:55:59.0768 4916 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
09:55:59.0770 4916 sffp_mmc - ok
09:55:59.0805 4916 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
09:55:59.0807 4916 sffp_sd - ok
09:55:59.0860 4916 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
09:55:59.0863 4916 sfloppy - ok
09:55:59.0982 4916 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
09:55:59.0992 4916 SharedAccess - ok
09:56:00.0256 4916 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
09:56:00.0305 4916 ShellHWDetection - ok
09:56:00.0402 4916 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
09:56:00.0405 4916 SiSRaid2 - ok
09:56:00.0472 4916 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
09:56:00.0476 4916 SiSRaid4 - ok
09:56:00.0570 4916 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
09:56:00.0573 4916 Smb - ok
09:56:00.0773 4916 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
09:56:00.0779 4916 SNMPTRAP - ok
09:56:00.0892 4916 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
09:56:00.0894 4916 spldr - ok
09:56:00.0992 4916 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
09:56:01.0003 4916 Spooler - ok
09:56:01.0421 4916 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
09:56:01.0449 4916 sppsvc - ok
09:56:01.0675 4916 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
09:56:01.0684 4916 sppuinotify - ok
09:56:01.0778 4916 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
09:56:01.0784 4916 srv - ok
09:56:01.0886 4916 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
09:56:01.0905 4916 srv2 - ok
09:56:02.0017 4916 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
09:56:02.0022 4916 SrvHsfHDA - ok
09:56:02.0238 4916 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
09:56:02.0269 4916 SrvHsfV92 - ok
09:56:02.0575 4916 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
09:56:02.0583 4916 SrvHsfWinac - ok
09:56:02.0672 4916 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
09:56:02.0683 4916 srvnet - ok
09:56:02.0767 4916 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
09:56:02.0772 4916 SSDPSRV - ok
09:56:02.0791 4916 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
09:56:02.0795 4916 SstpSvc - ok
09:56:02.0962 4916 STacSV (b2d8b364a831427a5741f6c408fa8ae3) C:\Program Files\IDT\WDM\STacSV64.exe
09:56:02.0964 4916 STacSV - ok
09:56:03.0028 4916 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
09:56:03.0030 4916 stexstor - ok
09:56:03.0136 4916 STHDA (ef5acde92ba3f691bbfef781cb063501) C:\Windows\system32\DRIVERS\stwrt64.sys
09:56:03.0147 4916 STHDA - ok
09:56:03.0281 4916 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
09:56:03.0297 4916 stisvc - ok
09:56:03.0358 4916 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
09:56:03.0359 4916 swenum - ok
09:56:03.0441 4916 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
09:56:03.0450 4916 swprv - ok
09:56:03.0530 4916 SynTP (ac3cc98b1bdb6540021d3ffb105ac2b9) C:\Windows\system32\DRIVERS\SynTP.sys
09:56:03.0533 4916 SynTP - ok
09:56:03.0732 4916 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
09:56:03.0780 4916 SysMain - ok
09:56:04.0008 4916 SystemExplorerHelpService (53e7ab72790294a27f06f4ef5af2e6ba) C:\Program Files (x86)\System Explorer\SystemExplorerService64.exe
09:56:04.0016 4916 SystemExplorerHelpService - ok
09:56:04.0195 4916 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
09:56:04.0200 4916 TabletInputService - ok
09:56:04.0283 4916 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
09:56:04.0295 4916 TapiSrv - ok
09:56:04.0332 4916 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
09:56:04.0338 4916 TBS - ok
09:56:04.0723 4916 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
09:56:04.0804 4916 Tcpip - ok
09:56:05.0185 4916 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
09:56:05.0197 4916 TCPIP6 - ok
09:56:05.0405 4916 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
09:56:05.0407 4916 tcpipreg - ok
09:56:05.0424 4916 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
09:56:05.0426 4916 TDPIPE - ok
09:56:05.0461 4916 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
09:56:05.0463 4916 TDTCP - ok
09:56:05.0496 4916 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
09:56:05.0498 4916 tdx - ok
09:56:05.0581 4916 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
09:56:05.0582 4916 TermDD - ok
09:56:05.0660 4916 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
09:56:05.0670 4916 TermService - ok
09:56:05.0732 4916 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
09:56:05.0736 4916 Themes - ok
09:56:05.0784 4916 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
09:56:05.0787 4916 THREADORDER - ok
09:56:05.0818 4916 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
09:56:05.0822 4916 TrkWks - ok
09:56:05.0884 4916 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
09:56:05.0887 4916 TrustedInstaller - ok
09:56:05.0934 4916 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
09:56:05.0936 4916 tssecsrv - ok
09:56:05.0985 4916 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
09:56:05.0996 4916 TsUsbFlt - ok
09:56:06.0030 4916 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
09:56:06.0032 4916 TsUsbGD - ok
09:56:06.0113 4916 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
09:56:06.0117 4916 tunnel - ok
09:56:06.0169 4916 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
09:56:06.0171 4916 uagp35 - ok
09:56:06.0228 4916 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
09:56:06.0232 4916 udfs - ok
09:56:06.0270 4916 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
09:56:06.0274 4916 UI0Detect - ok
09:56:06.0333 4916 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
09:56:06.0336 4916 uliagpkx - ok
09:56:06.0967 4916 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
09:56:06.0971 4916 umbus - ok
09:56:07.0087 4916 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
09:56:07.0089 4916 UmPass - ok
09:56:07.0436 4916 UNS (6f895ca96552069b3d3ef5b4f6e90d3e) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
09:56:07.0449 4916 UNS - ok
09:56:07.0695 4916 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
09:56:07.0702 4916 upnphost - ok
09:56:07.0753 4916 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
09:56:07.0755 4916 usbccgp - ok
09:56:07.0819 4916 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
09:56:07.0822 4916 usbcir - ok
09:56:07.0842 4916 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
09:56:07.0844 4916 usbehci - ok
09:56:07.0927 4916 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
09:56:07.0931 4916 usbhub - ok
09:56:07.0967 4916 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
09:56:07.0969 4916 usbohci - ok
09:56:08.0001 4916 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
09:56:08.0003 4916 usbprint - ok
09:56:08.0019 4916 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
09:56:08.0021 4916 USBSTOR - ok
09:56:08.0066 4916 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
09:56:08.0067 4916 usbuhci - ok
09:56:08.0126 4916 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
09:56:08.0129 4916 usbvideo - ok
09:56:08.0167 4916 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
09:56:08.0171 4916 UxSms - ok
09:56:08.0193 4916 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
09:56:08.0195 4916 VaultSvc - ok
09:56:08.0263 4916 VClone (fd911873c0bb6945fa38c16e9a2b58f9) C:\Windows\system32\DRIVERS\VClone.sys
09:56:08.0265 4916 VClone - ok
09:56:08.0288 4916 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
09:56:08.0290 4916 vdrvroot - ok
09:56:08.0370 4916 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
09:56:08.0379 4916 vds - ok
09:56:08.0440 4916 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
09:56:08.0442 4916 vga - ok
09:56:08.0471 4916 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
09:56:08.0473 4916 VgaSave - ok
09:56:08.0512 4916 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
09:56:08.0516 4916 vhdmp - ok
09:56:08.0531 4916 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
09:56:08.0532 4916 viaide - ok
09:56:08.0565 4916 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
09:56:08.0567 4916 volmgr - ok
09:56:08.0606 4916 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
09:56:08.0611 4916 volmgrx - ok
09:56:08.0638 4916 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
09:56:08.0642 4916 volsnap - ok
09:56:08.0725 4916 Vsdatant (239d8d72730226cd460bdc8ca0a23d43) C:\Windows\system32\DRIVERS\vsdatant.sys
09:56:08.0732 4916 Vsdatant - ok
09:56:08.0874 4916 vsmon - ok
09:56:08.0935 4916 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
09:56:08.0938 4916 vsmraid - ok
09:56:09.0091 4916 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
09:56:09.0130 4916 VSS - ok
09:56:09.0430 4916 vToolbarUpdater11.2.0 (8ed347bad8d1fb7c40b593bfb01786d2) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
09:56:09.0442 4916 vToolbarUpdater11.2.0 - ok
09:56:09.0630 4916 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
09:56:09.0633 4916 vwifibus - ok
09:56:09.0694 4916 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
09:56:09.0696 4916 vwififlt - ok
09:56:09.0778 4916 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
09:56:09.0786 4916 W32Time - ok
09:56:09.0825 4916 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
09:56:09.0827 4916 WacomPen - ok
09:56:09.0902 4916 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
09:56:09.0905 4916 WANARP - ok
09:56:09.0909 4916 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
09:56:09.0911 4916 Wanarpv6 - ok
09:56:10.0163 4916 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
09:56:10.0213 4916 WatAdminSvc - ok
09:56:10.0320 4916 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
09:56:10.0338 4916 wbengine - ok
09:56:10.0472 4916 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
09:56:10.0478 4916 WbioSrvc - ok
09:56:10.0531 4916 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
09:56:10.0560 4916 wcncsvc - ok
09:56:10.0617 4916 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
09:56:10.0629 4916 WcsPlugInService - ok
09:56:10.0676 4916 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
09:56:10.0677 4916 Wd - ok
09:56:10.0781 4916 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
09:56:10.0800 4916 Wdf01000 - ok
09:56:10.0821 4916 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
09:56:10.0827 4916 WdiServiceHost - ok
09:56:10.0831 4916 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
09:56:10.0836 4916 WdiSystemHost - ok
09:56:10.0891 4916 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
09:56:10.0898 4916 WebClient - ok
09:56:10.0933 4916 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
09:56:10.0939 4916 Wecsvc - ok
09:56:10.0965 4916 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
09:56:10.0969 4916 wercplsupport - ok
09:56:11.0039 4916 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
09:56:11.0049 4916 WerSvc - ok
09:56:11.0149 4916 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
09:56:11.0165 4916 WfpLwf - ok
09:56:11.0200 4916 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
09:56:11.0202 4916 WIMMount - ok
09:56:11.0293 4916 WinDefend - ok
09:56:11.0324 4916 WinHttpAutoProxySvc - ok
09:56:11.0445 4916 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
09:56:11.0543 4916 Winmgmt - ok
09:56:11.0679 4916 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
09:56:11.0880 4916 WinRM - ok
09:56:12.0197 4916 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
09:56:12.0388 4916 Wlansvc - ok
09:56:12.0897 4916 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
09:56:13.0023 4916 wlidsvc - ok
09:56:13.0294 4916 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
09:56:13.0410 4916 WmiAcpi - ok
09:56:13.0503 4916 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
09:56:13.0524 4916 wmiApSrv - ok
09:56:13.0589 4916 WMPNetworkSvc - ok
09:56:13.0635 4916 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
09:56:13.0649 4916 WPCSvc - ok
09:56:13.0691 4916 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
09:56:13.0712 4916 WPDBusEnum - ok
09:56:13.0753 4916 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
09:56:13.0757 4916 ws2ifsl - ok
09:56:13.0804 4916 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
09:56:13.0829 4916 wscsvc - ok
09:56:13.0835 4916 WSearch - ok
09:56:14.0147 4916 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
09:56:14.0264 4916 wuauserv - ok
09:56:14.0602 4916 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
09:56:14.0620 4916 WudfPf - ok
09:56:14.0713 4916 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
09:56:14.0719 4916 WUDFRd - ok
09:56:14.0763 4916 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
09:56:14.0778 4916 wudfsvc - ok
09:56:14.0849 4916 WwanSvc (ce8cf9de9cbfdaa318bd04d8be3fcada) C:\Windows\System32\wwansvc.dll
09:56:14.0863 4916 WwanSvc - ok
09:56:14.0953 4916 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
09:56:15.0288 4916 \Device\Harddisk0\DR0 - ok
09:56:15.0317 4916 Boot (0x1200) (06ef56b23223d6e7a91e975afa0b71c2) \Device\Harddisk0\DR0\Partition0
09:56:15.0319 4916 \Device\Harddisk0\DR0\Partition0 - ok
09:56:15.0338 4916 Boot (0x1200) (e7295e41c77c932a36879e0793e1c7eb) \Device\Harddisk0\DR0\Partition1
09:56:15.0340 4916 \Device\Harddisk0\DR0\Partition1 - ok
09:56:15.0371 4916 Boot (0x1200) (ea3c68af2d193ee2ce2b80425bc5a637) \Device\Harddisk0\DR0\Partition2
09:56:15.0373 4916 \Device\Harddisk0\DR0\Partition2 - ok
09:56:15.0386 4916 Boot (0x1200) (d3ad097baa7eb9b4b9edf74b2320a3d2) \Device\Harddisk0\DR0\Partition3
09:56:15.0387 4916 \Device\Harddisk0\DR0\Partition3 - ok
09:56:15.0387 4916 ============================================================
09:56:15.0387 4916 Scan finished
09:56:15.0388 4916 ============================================================
09:56:15.0403 0912 Detected object count: 0
09:56:15.0404 0912 Actual detected object count: 0

#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,764 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:54 PM

Posted 06 July 2012 - 09:32 AM

Please run the aswMBR tool as requested on post No. 2.

===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
==============


Please post the logs and let me know what problem persists.

#5 Oleuanna

Oleuanna
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:05:54 PM

Posted 06 July 2012 - 11:05 AM

The aswMBR.exe will not complete, I am not sure if there is any point giving you a save log as the MBR.dat can not be processed automatically

#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,764 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:54 PM

Posted 06 July 2012 - 12:12 PM

Run the ComboFix tool as previously requested.

#7 Oleuanna

Oleuanna
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:05:54 PM

Posted 06 July 2012 - 08:35 PM

Trying to get combofix to work but it keeps crashing bear with me

#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,764 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:54 PM

Posted 07 July 2012 - 10:32 AM

Try this if you cannot get a report from ComboFix.

  • Download OTL to your Desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    %systemroot%\system32\drivers\*.sys /90
    %systemroot%\*. /mp /s
    c:\$recycle.bin\*.* /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    explorer.exe
    svchost.exe
    userinit.exe
    qmgr.dll
    proquota.exe
    kernel32.dll
    ndis.sys
    autochk.exe
    spoolsv.exe
    xmlprov.dll
    ntmssvc.dll
    mswsock.dll
    Beep.SYS
    ntfs.sys
    termsrv.dll
    sfcfiles.dll
    st3shark.sys
    ahcix86.sys
    srsvc.dll
    /md5stop
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
===

#9 Oleuanna

Oleuanna
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:05:54 PM

Posted 08 July 2012 - 11:28 AM

The two reports...Thank you


OTL logfile created on: 7/8/2012 4:17:14 PM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Oleuanna\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.80 Gb Total Physical Memory | 1.53 Gb Available Physical Memory | 40.30% Memory free
7.60 Gb Paging File | 4.79 Gb Available in Paging File | 63.03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 684.72 Gb Total Space | 366.25 Gb Free Space | 53.49% Space Free | Partition Type: NTFS
Drive D: | 13.62 Gb Total Space | 1.52 Gb Free Space | 11.18% Space Free | Partition Type: NTFS

Computer Name: OLEUANNA-HP | User Name: Oleuanna | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Oleuanna\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe ()
PRC - C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe (Comfort Software Group)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe (Hewlett-Packard Development Company L.P.)
PRC - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
MOD - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\SiteSafety.dll ()
MOD - C:\Users\Oleuanna\AppData\Local\Google\Chrome\Application\20.0.1132.47\ppgooglenaclpluginchrome.dll ()
MOD - C:\Users\Oleuanna\AppData\Local\Google\Chrome\Application\20.0.1132.47\pdf.dll ()
MOD - C:\Users\Oleuanna\AppData\Local\Google\Chrome\Application\20.0.1132.47\libglesv2.dll ()
MOD - C:\Users\Oleuanna\AppData\Local\Google\Chrome\Application\20.0.1132.47\libegl.dll ()
MOD - C:\Users\Oleuanna\AppData\Local\Google\Chrome\Application\20.0.1132.47\avutil-51.dll ()
MOD - C:\Users\Oleuanna\AppData\Local\Google\Chrome\Application\20.0.1132.47\avformat-54.dll ()
MOD - C:\Users\Oleuanna\AppData\Local\Google\Chrome\Application\20.0.1132.47\avcodec-54.dll ()
MOD - C:\Users\Oleuanna\AppData\Local\Google\Chrome\Application\20.0.1132.47\gcswf32.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\b1acb6d21dd13ae76f360354dc8f8de3\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\e2ed613308593613ac154671c7549c26\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (IswSvc) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies)
SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SRV:64bit: - (STacSV) -- C:\Program Files\IDT\WDM\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (HPClientSvc) -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (vToolbarUpdater11.2.0) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe ()
SRV - (vsmon) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (SystemExplorerHelpService) -- C:\Program Files (x86)\System Explorer\SystemExplorerService64.exe (Mister Group)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (hpCMSrv) -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe (Hewlett-Packard Development Company L.P.)
SRV - (IAStorDataMgrSvc) Intel® -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (HPWMISVC) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)
SRV - (UNS) Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (ISWKL) -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab)
DRV:64bit: - (KL1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV:64bit: - (kl2) -- C:\Windows\SysNative\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\avgidsfiltera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (Vsdatant) -- C:\Windows\SysNative\drivers\vsdatant.sys (Check Point Software Technologies LTD)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) Intel® -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (RSPCIESTOR) -- C:\Windows\SysNative\drivers\RtsPStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)
DRV:64bit: - (HECIx64) Intel® -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPNOT/2
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{AFCC1A2E-D835-4FA6-B310-14D72BF837AF}: "URL" = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/710-111095-2958-3/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{AFCC1A2E-D835-4FA6-B310-14D72BF837AF}: "URL" = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/710-111095-2958-3/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=100886&babsrc=SP_ss&mntrId=46ee89bc000000000000ccaf78148f98
IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={9EFC1E14-8B29-470D-A2CB-06900E44827C}&mid=fa90c72e2ca747d19f3afd6e9108f579-c7e924d4d4932d4c196775d34fbb46496a0f4512&lang=en&ds=AVG&pr=fr&d=2012-06-30 15:18:08&v=11.1.0.12&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{AFCC1A2E-D835-4FA6-B310-14D72BF837AF}: "URL" = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/710-111095-2958-3/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@spoon.net/Spoon Plugin 3.32: C:\Users\Oleuanna\AppData\Local\Spoon\3.32.2.12\npMozillaSpoonPlugin.dll File not found
FF - HKCU\Software\MozillaPlugins\@spoon.net/Spoon Plugin 3.33: C:\Users\Oleuanna\AppData\Local\Spoon\3.33.0.17\npMozillaSpoonPlugin.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Oleuanna\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Oleuanna\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER [2012/06/13 12:28:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2012/05/17 03:47:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\crossriderapp435@crossrider.com: C:\ProgramData\CodecCheck\firefox [2011/12/15 10:49:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/06/29 21:52:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/06/30 15:18:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.12\ [2012/06/30 15:18:16 | 000,000,000 | ---D | M]

[2012/06/29 02:51:49 | 000,003,748 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2011/12/15 10:40:17 | 000,002,310 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Oleuanna\AppData\Local\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Oleuanna\AppData\Local\Google\Chrome\Application\20.0.1132.47\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Oleuanna\AppData\Local\Google\Chrome\Application\20.0.1132.47\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Oleuanna\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Oleuanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\\npsitesafety.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: npFFApi (Enabled) = C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Oleuanna\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Google Translate = C:\Users\Oleuanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\1.2.3.1_0\
CHR - Extension: Learn French - Tr\u00E8s Bien = C:\Users\Oleuanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeifanonhefcaphaeeknpklkfnjjmpec\1.46_0\
CHR - Extension: Angry Birds = C:\Users\Oleuanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: X-notifier (Gmail, Hotmail, Yahoo, AOL ...) = C:\Users\Oleuanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\apebebenniibdlpbookhgelaghfnaonp\1.0.6_0\
CHR - Extension: YouTube = C:\Users\Oleuanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Firebug Lite for Google Chrome\u2122 = C:\Users\Oleuanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmagokdooijbeehmkpknfglimnifench\1.4.0.11967_0\
CHR - Extension: Google Search = C:\Users\Oleuanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Calendar = C:\Users\Oleuanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\
CHR - Extension: Tennis = C:\Users\Oleuanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekkomjfglgnfeeachhdckcbgjhfiahco\1.9_0\
CHR - Extension: Causality Games = C:\Users\Oleuanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\femoooemgmjaebeodbbikbkmhlafenpl\9_1\
CHR - Extension: Full Screen Weather = C:\Users\Oleuanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkaebihfmbofclegkcfkkemepfehibg\1.3_0\
CHR - Extension: 3D Bowling = C:\Users\Oleuanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\gemohgpikgjbgmdfbfjdailocichgbjm\1.9_0\
CHR - Extension: Cut the Rope = C:\Users\Oleuanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkddaofiamhgfjmaccfcfpfolpgbeomj\13_0\
CHR - Extension: Blackball Pool = C:\Users\Oleuanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjkhefodfbgjpcmahghmfggbcpjabnag\1.0.3_0\
CHR - Extension: Codec-V = C:\Users\Oleuanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho\1.17.48_0\
CHR - Extension: Blast PingPong = C:\Users\Oleuanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjdkomgefikcdchdpjfgjfpagieofnem\1.0_0\
CHR - Extension: AVG Do Not Track = C:\Users\Oleuanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\
CHR - Extension: RSS Subscription Extension (by Google) = C:\Users\Oleuanna\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd\2.2.0_0\

O1 HOSTS File: ([2012/06/18 11:44:33 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Zonealarm Helper Object) - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.5.23.8\bh\zonealarm.dll (Montera Technologeis LTD)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.5.23.8\zonealarmTlbr.dll (Montera Technologeis LTD)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [FreeAC] C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe (Comfort Software Group)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 1
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{26791476-3B6B-4D07-8470-FC7F2BC2C906}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll ()
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


========== Files/Folders - Created Within 30 Days ==========

[2012/07/08 05:41:19 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\{5BBD2827-4122-417B-BE81-66D44E40E3E2}
[2012/07/08 05:41:05 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\{B834AFCA-C000-4287-8837-6E41131EE234}
[2012/07/07 17:16:43 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\{D70B6BA5-10D5-4A48-B00A-48524EE12EFA}
[2012/07/07 17:16:36 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\{F3B2ADD9-E251-493D-ACAE-8B69013C5274}
[2012/07/07 05:16:10 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\{1230C1CF-13CD-4014-9C96-E61C2054D8DE}
[2012/07/07 05:15:53 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\{02FF8083-2D6B-43F4-928B-122BA5E3F572}
[2012/07/07 05:05:42 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\{E902E235-17D3-4564-8795-33EBA3CCBA12}
[2012/07/07 01:24:29 | 004,573,044 | R--- | C] (Swearware) -- C:\Users\Oleuanna\Desktop\ComboFix.exe
[2012/07/07 01:23:37 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2012/07/06 16:23:55 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\{58848610-2539-4DCA-AE4A-B65B1E13F6EB}
[2012/07/06 16:23:46 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\{3A931959-9E55-4D15-9358-1051B200F4B6}
[2012/07/06 11:06:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared
[2012/07/06 04:23:12 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\{38238FEB-8878-4756-89F2-6737D3B444F9}
[2012/07/06 04:23:04 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\{40E425F7-896D-4F1E-8A62-3F8039C9FD23}
[2012/07/06 02:41:48 | 000,000,000 | ---D | C] -- C:\wp-admin
[2012/07/06 01:30:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
[2012/07/06 01:30:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla FTP Client
[2012/07/05 13:18:08 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\{44958D3D-40BB-4DB9-8B4A-BA56DE01639E}
[2012/07/05 13:18:00 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\{EA49DBEE-6297-4E87-A9A8-B61CCCD2F7CB}
[2012/07/05 01:11:29 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\{95D58BA9-B0D0-4AD3-8DD8-49D358B5B644}
[2012/07/05 01:11:21 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\{99B9AD4B-0A62-4D34-9A96-6A935FFC9E1B}
[2012/07/04 13:11:10 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\{D4D390A5-27D1-4E82-9EBF-B9F997A23764}
[2012/07/04 13:11:03 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\{B7656B65-A18D-4588-A915-64EF0F4FABDE}
[2012/07/04 01:10:33 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\{75AE0831-AEAB-4CA0-A8E3-8630C3AB74B9}
[2012/07/04 01:10:23 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\{82DE521F-B1EA-4487-B742-AF1BA22BE48D}
[2012/07/03 13:09:42 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\{BF94D2EF-4546-43A2-8D73-68A87DD50D4D}
[2012/07/03 13:09:34 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\{4BCA5D74-015A-40F1-AA1F-9367573DEF37}
[2012/07/03 05:50:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012/07/03 05:03:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FreeAlarmClock
[2012/07/03 05:03:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Alarm Clock
[2012/07/03 01:08:22 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\{D182B9D5-A931-4BC0-82F5-6E506E725C2B}
[2012/07/03 01:08:15 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\{EE91BB45-BA12-4954-B841-DA5A3685D754}
[2012/07/03 01:03:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2012/07/03 01:02:45 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2012/07/03 01:01:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/07/03 01:00:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012/07/02 20:01:46 | 002,135,640 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Oleuanna\Desktop\TDSSKiller.exe
[2012/07/02 05:50:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweet Adder 3
[2012/07/02 05:49:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweet Adder 3
[2012/07/02 03:56:21 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2012/07/01 00:38:28 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\{E80F49DE-B037-4B35-A877-F98D6A191BBC}
[2012/07/01 00:37:56 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\{25D11404-FB25-4988-AA3C-25090EE6F424}
[2012/06/30 15:18:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
[2012/06/30 12:37:13 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\{B9EC7B0D-01CB-41E5-BFA3-9D0C7FC27865}
[2012/06/30 12:37:02 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\{B78A69B1-63DB-4F6D-BC01-9643386943B7}
[2012/06/30 00:36:36 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\{57AE7C52-D763-435B-B74E-3BF7CE2CC3FB}
[2012/06/30 00:36:27 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\{0AA9DB33-553C-4D1B-8C66-2B2460E72F12}
[2012/06/29 23:45:23 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012/06/29 23:32:59 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/06/29 21:06:46 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/06/29 18:14:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2012/06/29 17:05:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012/06/29 15:57:32 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\Pavark
[2012/06/29 15:47:44 | 000,000,000 | --SD | C] -- C:\Windows\SysWow64\Microsoft
[2012/06/29 12:35:24 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\{19375CB8-314E-46D9-84FC-2D2E6D044006}
[2012/06/29 12:34:58 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\{AD76740E-E6C1-4879-AC9D-B7C4CB60BDC6}
[2012/06/29 02:52:38 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Roaming\AVG2012
[2012/06/29 02:52:27 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\AVG Secure Search
[2012/06/29 02:52:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/06/29 02:50:54 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG
[2012/06/29 02:50:08 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012/06/29 02:50:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG
[2012/06/29 00:34:12 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\{5040D58E-D577-4AA5-8566-CD16D67E3FA0}
[2012/06/29 00:34:04 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\{9DF7B4B3-0C02-402C-81B1-CD555F4CE838}
[2012/06/28 17:23:21 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\twitter
[2012/06/28 12:33:36 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\{B257D94F-4282-48A1-8380-0D9EE70195CF}
[2012/06/28 12:33:30 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\{B690F2A8-B437-49DC-A3A9-C7A69F5FD83D}
[2012/06/28 00:32:38 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\{5ACF76C6-25EB-46A6-951B-15DA10B7F0F5}
[2012/06/28 00:32:22 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\{CE324388-5732-40BF-9A4E-42E1654E0946}
[2012/06/27 12:31:46 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\{A9944F07-1479-4565-A6F3-D13548E60D84}
[2012/06/27 12:31:40 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\{FFA14FCB-B322-4C71-8901-28CB8F29CEA9}
[2012/06/27 03:02:21 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/06/27 00:31:00 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\{F8B867B4-8731-49FD-9175-656978B34C15}
[2012/06/27 00:30:52 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\{F8038C58-8DCE-497B-A6AF-A26409FCF155}
[2012/06/26 12:30:32 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\{FF5CB7F5-F6E6-453E-8222-C218D025110B}
[2012/06/26 12:30:24 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\{2A6CEC65-833C-460C-9728-0F77DCF315EE}
[2012/06/26 00:29:45 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\{8495AA19-F33A-45D9-BB57-44AE5D84AFB9}
[2012/06/26 00:29:37 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\{90C44044-CB9D-4DEA-9E37-5A6B4465ED8C}
[2012/06/25 12:29:05 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\{533C929B-D31D-4587-BCCA-C88AAF3C1213}
[2012/06/25 12:28:58 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\{F15CA54C-86B6-4A4A-8CD4-8CF16F149872}
[2012/06/25 00:22:00 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\{FAF819BC-7529-4A5C-80DC-88FBFBBB1C7E}
[2012/06/25 00:21:50 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\{8DD64FF2-C6DD-425D-8B4D-A7CC63D9CAE1}
[2012/06/24 12:21:22 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\{65AE6C2D-3FA7-4F2E-8DCA-A3D7B72B9E55}
[2012/06/24 12:21:16 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\{ED7495A8-F14E-438D-90AE-454306070520}
[2012/06/23 23:00:02 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\{64251426-BA19-475B-B1BE-D4CE32836EC9}
[2012/06/23 22:59:55 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\{FDAEA217-C9CA-48AA-8CFA-D89BDE929F68}
[2012/06/23 15:06:22 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Roaming\com.socialbro.air
[2012/06/23 10:59:24 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\{C925C5FB-BC4A-4B9F-933A-D398DF6C737E}
[2012/06/23 10:59:17 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\{D27B58BD-4751-4BB0-A4D7-0AD0D88BD8B3}
[2012/06/22 22:58:41 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\{FF21DF84-A2BB-4AF7-A760-581F0D9EFDDE}
[2012/06/22 22:58:34 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\{B9C5F738-9244-4C37-B04A-1C5E691EB3C7}
[2012/06/22 12:37:37 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\IsolatedStorage
[2012/06/22 12:37:37 | 000,000,000 | ---D | C] -- C:\ProgramData\IsolatedStorage
[2012/06/22 12:37:24 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\Palo_Alto_Software
[2012/06/22 12:37:23 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Roaming\bppenu11
[2012/06/22 12:33:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Business Plan Pro
[2012/06/22 12:32:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Business Plan Pro
[2012/06/22 12:28:13 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\Downloaded Installations
[2012/06/22 10:58:00 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\{35E45383-25D8-4EAC-B775-BEB72CD965E8}
[2012/06/22 10:57:54 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\{CC2CB5DF-450A-4205-A4B7-222F666A9577}
[2012/06/22 04:15:02 | 000,000,000 | ---D | C] -- C:\Windows\maxdrive
[2012/06/22 03:43:36 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/06/22 03:43:12 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/06/22 03:43:12 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/06/22 03:02:25 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSSTDFMT.DLL
[2012/06/21 22:56:47 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\{210DCFA4-2482-4468-B621-1F0056B395EB}
[2012/06/21 22:56:36 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\{800161C7-E0F4-48C3-B76E-7C1AD6686704}
[2012/06/21 16:38:56 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012/06/21 16:38:56 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012/06/21 16:38:56 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012/06/21 16:38:32 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012/06/21 16:38:32 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012/06/21 16:38:32 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012/06/21 16:38:12 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012/06/21 16:38:12 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012/06/21 10:56:05 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\{4A7CF41F-976A-4CC6-A219-A5F3B7371874}
[2012/06/21 10:55:59 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\{5B336976-9427-4004-8EB4-E03BAE2AC69D}
[2012/06/20 22:55:17 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\{DC788A52-734E-4C92-8822-2F7A9ED1ECE7}
[2012/06/20 22:55:09 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\{F17C00A7-3DD8-4D9B-8111-9121B0D26758}
[2012/06/20 10:54:36 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\{8A89F59E-5EA1-4CF1-B6B3-A7F46FA8FA17}
[2012/06/20 10:54:29 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\{5946EB90-5CFB-4426-8C1C-0EDB06FD23BF}
[2012/06/19 22:53:50 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\{67C3E97D-A3C5-44D6-B848-C22D07D5DDC9}
[2012/06/19 22:53:42 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\{0A03802B-E13E-44C2-B901-3BE2F1E39ECD}
[2012/06/19 10:53:00 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\{DF9322D6-0895-415E-BB96-34EFCC8C9E89}
[2012/06/19 10:52:52 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\{98C126CE-7A47-4F04-8000-7BA4776D202B}
[2012/06/18 22:52:28 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\{08E7DC82-3FAB-4C22-9087-9C4C292C1F9F}
[2012/06/18 22:52:21 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\{46B95188-193B-403C-8D30-8E3FF1D96234}
[2012/06/18 12:28:01 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/06/18 10:50:40 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\{E82FB348-8D12-41F5-8454-EC76D94BB413}
[2012/06/18 10:42:05 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\{7D55CE83-0D40-4474-BBE3-30DDB7F798D7}
[2012/06/18 10:31:01 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\{A379D163-5772-4F9D-AA01-4423806A98E7}
[2012/06/17 22:19:39 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\{EB0BE9E7-183D-4D6C-A358-6A2690CFB6E4}
[2012/06/17 10:19:13 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\{ABCC2F1A-35BA-4979-B4A7-45F8D2D6AD2A}
[2012/06/16 22:12:47 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\{4F950D7D-0DCB-4CB3-893B-A30FCA56BC27}
[2012/06/16 20:21:42 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\Macromedia
[2012/06/16 10:12:22 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\{90F7D333-590D-4CF1-9364-FC46DD88A1CC}
[2012/06/16 10:12:10 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\{725C027D-D083-46AC-B8FC-74AE3A874C11}
[2012/06/15 22:11:42 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\{94FDD377-9AF3-4152-B8E8-ACC8F9FF0802}
[2012/06/15 10:11:14 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\{2CF6673B-4D15-407A-A188-07804CD1FCD8}
[2012/06/14 22:10:39 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\{FFEA02A6-5BFD-4E44-B6F0-0F3B98B52883}
[2012/06/14 22:10:27 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\{8A3FEAB6-B524-4AE9-A929-21569524FDF3}
[2012/06/14 10:09:54 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\{BF56131A-C3BD-4BDA-A46E-7CE0C40263C7}
[2012/06/14 10:09:43 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\{02546AD2-CA2A-4F5F-B142-90F33B39D915}
[2012/06/13 22:09:03 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\{E4AC81DC-ED18-44BD-9876-A407BAC59EA8}
[2012/06/13 22:08:49 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\{EA977961-6920-44CE-A7A5-E98B8D7B3574}
[2012/06/13 10:18:24 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/06/13 10:18:24 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/06/13 10:18:23 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/06/13 10:18:23 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/06/13 10:18:22 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/06/13 10:18:22 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/06/13 10:18:21 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/06/13 10:18:21 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/06/13 10:18:20 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/06/13 10:18:20 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/06/13 10:18:20 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/06/13 10:18:19 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/06/13 10:18:19 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/06/13 10:08:14 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\{012BC0F1-5093-4B02-A321-AA16BFF16CBF}
[2012/06/13 10:08:02 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\{3A9056E1-4978-44AC-AC55-E534BC19BE4D}
[2012/06/13 09:00:30 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/06/13 09:00:30 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/06/13 09:00:30 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/06/13 09:00:18 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/06/13 09:00:18 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/06/13 09:00:17 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/06/13 09:00:12 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012/06/13 09:00:01 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/06/13 09:00:01 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012/06/12 22:07:34 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\{B1E8DFCC-461E-4C86-957C-575F43D184D3}
[2012/06/12 22:07:22 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\{E2DFC629-28E5-4153-A5AC-11AB8472886E}
[2012/06/12 22:07:11 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\{024FBFE1-3023-4401-8EC4-AFFF80E6C566}
[2012/06/12 22:06:59 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\{0FD2C386-483A-4DBA-B310-3768D019D21A}
[2012/06/12 10:06:37 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\{33EF063A-91E5-4A46-B14D-FF8EFFF17AD5}
[2012/06/12 10:06:25 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\{A8621A8C-77E0-44D4-AA5A-339F23686FA8}
[2012/06/12 01:11:18 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012/06/12 00:44:33 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\CRE
[2012/06/11 20:21:31 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\{EB266CD4-8705-4C41-84A6-09CC1AC9BDCB}
[2012/06/11 20:21:18 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\{AE8B5176-24A3-48B0-9309-7B90090B9341}
[2012/06/11 08:20:51 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\{0156FA2D-AE16-496F-8FD8-4D6FEA70994C}
[2012/06/11 08:20:39 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\{16D7E3BE-F296-4B24-8C84-BD98011B68A0}
[2012/06/11 08:20:27 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\{63C51A33-B5C9-4681-8EEA-A7CD60587A59}
[2012/06/10 20:19:47 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\{E59E723E-DB1A-43C2-88A6-87643110C761}
[2012/06/10 20:19:35 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\{AB0A4980-A744-47DB-939F-532D7F836E1A}
[2012/06/10 09:53:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amazon
[2012/06/10 08:19:02 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\{A8E6E5A1-1713-4B89-8052-B5ECA802093E}
[2012/06/10 08:18:49 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\{07BB1206-24F2-47C5-9E62-DA506B82A4D2}
[2012/06/09 20:18:24 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\{3F078562-49CC-4D9A-A343-DEE2A3B9BB9B}
[2012/06/09 20:18:11 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\{D60A9B32-AB74-454E-A056-19613F95868C}
[2012/06/09 08:17:32 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\{05E069C0-9A77-494F-AA57-B45C205BE719}
[2012/06/09 08:17:20 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\{7211E812-7A6D-475A-A98D-9C3A158C471F}
[2012/06/09 08:16:43 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\{E1053776-98D5-4797-AB9E-2CBF94538D55}
[2012/06/09 08:16:15 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\{58765C5D-C707-4793-BD12-30B35EE8A735}
[2012/06/08 20:04:13 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\{CD8C2162-9E58-45E2-8791-353DBD9F8EE2}
[2012/06/08 20:04:01 | 000,000,000 | ---D | C] -- C:\Users\Oleuanna\AppData\Local\{E3B8AC78-D2C8-460D-8065-07B2EA2B1AAF}
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/08 16:48:05 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-725012988-2077640657-2150448371-1000UA.job
[2012/07/08 16:20:13 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/08 16:20:13 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/08 16:09:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/08 16:08:58 | 3062,255,616 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/07 17:48:01 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-725012988-2077640657-2150448371-1000Core.job
[2012/07/07 01:23:21 | 004,573,044 | R--- | M] (Swearware) -- C:\Users\Oleuanna\Desktop\ComboFix.exe
[2012/07/06 00:37:05 | 657,832,687 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/07/06 00:07:28 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/07/05 09:25:58 | 000,155,749 | ---- | M] () -- C:\Users\Oleuanna\Desktop\Oleuanna__CV.pdf
[2012/07/05 06:01:16 | 000,546,708 | ---- | M] () -- C:\Users\Oleuanna\Desktop\The-Second-Sex.pdf
[2012/07/03 17:21:18 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/07/03 13:06:50 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForOleuanna.job
[2012/07/02 20:01:46 | 002,135,640 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Oleuanna\Desktop\TDSSKiller.exe
[2012/07/02 03:06:39 | 000,223,141 | ---- | M] () -- C:\Users\Oleuanna\Desktop\en-soi pour-soi arts .bpdx
[2012/07/01 06:02:35 | 004,971,640 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/30 23:41:35 | 000,033,758 | ---- | M] () -- C:\Users\Oleuanna\AppData\Local\dt.dat
[2012/06/30 15:27:16 | 063,720,509 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/06/30 01:02:07 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/06/29 21:06:44 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/06/29 21:06:44 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/06/29 02:57:35 | 000,113,461 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjw.avm
[2012/06/29 02:50:54 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2012/06/29 02:50:54 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2012/06/27 03:03:02 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/27 03:03:02 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/23 10:05:18 | 000,871,040 | ---- | M] () -- C:\Users\Oleuanna\AppData\Local\census.cache
[2012/06/23 10:05:14 | 000,123,406 | ---- | M] () -- C:\Users\Oleuanna\AppData\Local\ars.cache
[2012/06/22 04:15:02 | 000,000,045 | ---- | M] () -- C:\Windows\look.bat
[2012/06/22 03:09:02 | 000,735,230 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/06/18 11:44:33 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/06/13 10:29:34 | 000,732,070 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/05 09:25:58 | 000,155,749 | ---- | C] () -- C:\Users\Oleuanna\Desktop\Oleuanna__CV.pdf
[2012/07/05 06:01:16 | 000,546,708 | ---- | C] () -- C:\Users\Oleuanna\Desktop\The-Second-Sex.pdf
[2012/07/03 01:06:24 | 000,002,172 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2012/07/01 22:23:54 | 000,223,141 | ---- | C] () -- C:\Users\Oleuanna\Desktop\en-soi pour-soi arts .bpdx
[2012/06/30 23:41:35 | 000,033,758 | ---- | C] () -- C:\Users\Oleuanna\AppData\Local\dt.dat
[2012/06/30 15:27:16 | 063,720,509 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/06/29 02:57:35 | 000,113,461 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\iavichjw.avm
[2012/06/29 02:50:54 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2012/06/29 02:50:54 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2012/06/22 03:43:36 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012/06/22 03:09:02 | 000,735,230 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/06/22 03:03:50 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/05/29 12:32:16 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/05/29 12:32:16 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/05/29 12:32:16 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/05/29 12:32:16 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/05/29 12:32:16 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/05/24 12:28:12 | 000,000,000 | ---- | C] () -- C:\Users\Oleuanna\defogger_reenable
[2012/05/18 18:37:59 | 000,871,040 | ---- | C] () -- C:\Users\Oleuanna\AppData\Local\census.cache
[2012/05/18 18:34:51 | 000,123,406 | ---- | C] () -- C:\Users\Oleuanna\AppData\Local\ars.cache
[2012/05/18 17:45:52 | 000,000,036 | ---- | C] () -- C:\Users\Oleuanna\AppData\Local\housecall.guid.cache
[2012/01/24 00:16:14 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll
[2012/01/24 00:16:14 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll
[2011/12/30 09:39:38 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/11/21 05:31:20 | 000,001,121 | ---- | C] () -- C:\Windows\PowerReg.dat
[2011/11/04 12:18:35 | 000,014,119 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2011/10/22 12:35:24 | 000,000,237 | ---- | C] () -- C:\Windows\SIERRA.INI
[2011/08/31 19:51:16 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2011/08/31 19:51:16 | 000,105,608 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2011/08/31 19:26:20 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011/05/14 21:05:26 | 000,000,068 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2011/05/03 19:07:24 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2011/03/04 06:04:58 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL

========== LOP Check ==========

[2012/06/29 21:52:11 | 000,000,000 | ---D | M] -- C:\Users\Oleuanna\AppData\Roaming\AVG2012
[2011/12/15 10:40:14 | 000,000,000 | ---D | M] -- C:\Users\Oleuanna\AppData\Roaming\Babylon
[2012/03/09 18:41:37 | 000,000,000 | ---D | M] -- C:\Users\Oleuanna\AppData\Roaming\BitZipper
[2012/06/25 01:48:33 | 000,000,000 | ---D | M] -- C:\Users\Oleuanna\AppData\Roaming\BookCoverPro
[2012/07/02 03:00:51 | 000,000,000 | ---D | M] -- C:\Users\Oleuanna\AppData\Roaming\bppenu11
[2012/03/27 05:23:59 | 000,000,000 | ---D | M] -- C:\Users\Oleuanna\AppData\Roaming\CheckPoint
[2012/06/23 15:06:22 | 000,000,000 | ---D | M] -- C:\Users\Oleuanna\AppData\Roaming\com.socialbro.air
[2011/11/30 06:14:04 | 000,000,000 | ---D | M] -- C:\Users\Oleuanna\AppData\Roaming\DAEMON Tools Pro
[2011/11/21 05:17:26 | 000,000,000 | ---D | M] -- C:\Users\Oleuanna\AppData\Roaming\Downloaded Installations
[2012/07/07 01:26:45 | 000,000,000 | ---D | M] -- C:\Users\Oleuanna\AppData\Roaming\Dropbox
[2012/07/08 07:14:23 | 000,000,000 | ---D | M] -- C:\Users\Oleuanna\AppData\Roaming\FileZilla
[2011/11/21 05:46:56 | 000,000,000 | ---D | M] -- C:\Users\Oleuanna\AppData\Roaming\Final Draft
[2012/05/31 10:15:04 | 000,000,000 | ---D | M] -- C:\Users\Oleuanna\AppData\Roaming\Flood Light Games
[2012/06/02 13:14:25 | 000,000,000 | ---D | M] -- C:\Users\Oleuanna\AppData\Roaming\IDT
[2011/12/05 05:00:49 | 000,000,000 | ---D | M] -- C:\Users\Oleuanna\AppData\Roaming\Orangeline Interactive
[2011/11/21 07:27:45 | 000,000,000 | ---D | M] -- C:\Users\Oleuanna\AppData\Roaming\PACE Anti-Piracy
[2012/06/03 23:07:11 | 000,000,000 | ---D | M] -- C:\Users\Oleuanna\AppData\Roaming\PrintMarketingPro
[2012/03/30 11:47:49 | 000,000,000 | ---D | M] -- C:\Users\Oleuanna\AppData\Roaming\RssBandit
[2011/12/08 22:12:49 | 000,000,000 | ---D | M] -- C:\Users\Oleuanna\AppData\Roaming\Smart PDF Converter Pro
[2011/12/08 22:22:31 | 000,000,000 | ---D | M] -- C:\Users\Oleuanna\AppData\Roaming\SmartSoftOCRHelper
[2012/01/25 03:00:34 | 000,000,000 | ---D | M] -- C:\Users\Oleuanna\AppData\Roaming\SPSSInc
[2011/10/19 16:47:38 | 000,000,000 | ---D | M] -- C:\Users\Oleuanna\AppData\Roaming\Synaptics
[2012/07/08 05:26:52 | 000,000,000 | ---D | M] -- C:\Users\Oleuanna\AppData\Roaming\TweetAdder3
[2011/10/20 00:52:50 | 000,000,000 | ---D | M] -- C:\Users\Oleuanna\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2011/10/23 11:42:19 | 000,000,000 | ---D | M] -- C:\Users\Oleuanna\AppData\Roaming\Windows Live Writer
[2012/03/09 18:42:05 | 000,000,000 | ---D | M] -- C:\Users\Oleuanna\AppData\Roaming\_MDLogs
[2012/06/27 02:21:41 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

Cont.

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< %systemroot%\system32\drivers\*.sys /90 >

< %systemroot%\*. /mp /s >

< c:\$recycle.bin\*.* /s >
[2012/07/06 07:18:24 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$I0HVPCP.exe
[2012/07/06 07:18:24 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$I0LUZDD.exe
[2012/07/06 00:17:13 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$I16PLTS.lnk
[2012/07/03 08:49:33 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$I20FFD2.png
[2012/07/06 07:20:21 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$I28PE4O.exe
[2012/07/02 04:08:33 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$I2E9WJE.txt
[2012/07/06 07:16:07 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$I32SGZN
[2012/07/02 03:58:47 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$I3NXFKT.jpg
[2012/07/03 08:49:28 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$I3RPTKK.png
[2012/07/06 07:17:31 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$I3YUD2J
[2012/07/06 07:14:04 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$I49OA1T
[2012/07/06 07:17:47 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$I4I5FXO
[2012/07/06 07:20:21 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$I4QBMYY.dmg
[2012/07/07 01:24:06 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$I4RD7NF.lnk
[2012/07/06 07:20:21 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$I4TN149.zip
[2012/07/02 04:08:08 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$I4UJKBP.ini
[2012/07/03 05:24:52 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$I5DAB45.lnk
[2012/07/06 07:20:44 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$I5WQ6B6.exe
[2012/07/02 14:32:48 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$I5XDNSD.docx
[2012/07/06 07:20:55 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$I6T6HER.exe
[2012/07/06 07:19:38 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$I7CRDFP.exe
[2012/07/06 07:18:24 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$I8447K5.exe
[2012/07/06 07:18:42 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$I86S4VD.bpdx
[2012/07/06 07:24:01 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$I89N8EC.txt
[2012/07/06 07:19:38 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$I8O5JXJ.msi
[2012/07/03 08:49:36 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$I8XISL7.png
[2012/07/06 07:18:12 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$I904VBK.exe
[2012/07/06 07:15:48 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$I960JP5
[2012/07/06 07:19:13 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$IAK52FQ.exe
[2012/07/06 07:20:55 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$IAQUWM1.zip
[2012/07/06 07:20:44 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$IAXCDQT.docx
[2012/07/02 03:58:44 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$IAXH96U.lnk
[2012/07/06 07:20:55 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$IAZ21UL.zip
[2012/07/06 07:18:24 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$IB48H0L.exe
[2012/07/05 20:28:25 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$IB92679.asd
[2012/07/06 07:18:24 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$IBCXQ2S.exe
[2012/07/06 07:19:12 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$IBCXW3F.exe
[2012/07/06 07:19:13 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$IBMDL9S.exe
[2012/07/06 07:15:41 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$ID12JBD
[2012/07/06 07:19:38 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$IDBRP5W.log
[2012/07/06 04:12:21 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$IDF3PRS.zip
[2012/07/06 00:05:56 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$IDTKIXJ
[2012/07/06 07:24:01 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$IEJ2REH.txt
[2012/07/06 07:19:38 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$IEJA3R2.msi
[2012/07/06 07:22:12 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$IEKFQBK.ini
[2012/07/06 07:20:44 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$IENTLVA.png
[2012/07/06 04:14:56 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$IEV9CN7.doc
[2012/07/06 07:17:39 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$IEWUOSP
[2012/07/06 07:17:47 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$IF6HRN3
[2012/07/01 21:45:08 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$IF79USZ.bpdx
[2012/07/06 07:20:44 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$IFBIWU4.zip
[2012/07/06 07:20:21 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$IFXBKWB.exe
[2012/07/06 07:24:01 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$IFZ8747.txt
[2012/07/06 07:22:18 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$IG853YS.ini
[2012/07/06 07:21:53 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$IG8X0DA.ini
[2012/07/06 07:20:21 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$IGE2SJR.exe
[2012/07/06 04:12:40 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$IGTO0KH.zip
[2012/07/06 07:19:12 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$IIJBZL0.png
[2012/07/06 07:16:14 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$IJ85EFT
[2012/07/06 07:20:44 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$IJN5VYW.docx
[2012/07/06 07:20:55 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$IK8MKAY.png
[2012/07/06 07:18:42 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$IKIKGJ0.exe
[2012/07/06 07:18:24 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$IKV57B4.exe
[2012/07/06 07:20:44 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$IL1JLYY.doc
[2012/07/06 07:17:47 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$ILACBSF
[2012/07/06 07:13:40 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$ILE3I7P
[2012/07/06 07:20:21 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$IMCACGS.zip
[2012/07/06 07:18:03 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$IMEX33K
[2012/07/06 07:19:38 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$INKQ1Q2.exe
[2012/07/06 07:20:21 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$INMD9GX.zip
[2012/07/06 07:19:12 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$IO0H377.exe
[2012/07/06 07:24:23 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$IOEAWLB.txt
[2012/07/06 07:13:18 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$IOGIY8X
[2012/07/06 07:20:21 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$IPFLPJ4.exe
[2012/07/06 07:18:24 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$IPSNXH9.exe
[2012/07/02 04:08:26 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$IQENB5D.ini
[2012/07/06 07:21:20 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$IQLIGOQ.ini
[2012/07/06 07:17:47 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$IR7B633
[2012/07/06 07:20:44 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$IR7GDHF.jpg
[2012/07/06 07:19:12 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$IRHSWFJ.exe
[2012/07/06 04:12:12 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$IRMFMAY.zip
[2012/07/06 07:20:21 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$ISCBL3T.pdf
[2012/07/06 07:20:44 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$ISFI8ZT.exe
[2012/07/06 00:17:15 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$ISS8X8Z.txt
[2012/07/02 06:03:15 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$ISSHD43.lnk
[2012/07/06 07:18:42 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$IT1U5UD.exe
[2012/07/06 07:20:44 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$IT7Z18I.vcf
[2012/07/06 07:20:21 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$ITAFDC4.exe
[2012/07/06 07:18:42 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$ITK0H6B.bpdx
[2012/07/02 14:31:28 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$IUZASIW.docx
[2012/07/06 07:20:21 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$IUZNT5S.exe
[2012/07/06 07:14:10 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$IV4T8F7
[2012/07/06 07:21:59 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$IV5SGGH.ini
[2012/07/06 07:19:12 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$IV7M4L8.png
[2012/07/06 07:19:38 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$IVBHP6X.exe
[2012/07/06 07:21:20 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$IVQWAQA.ini
[2012/07/06 04:12:28 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$IW74Q58.zip
[2012/07/06 07:24:01 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$IWQ8KVM.txt
[2012/07/02 14:36:43 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$IXBTNSR.ini
[2012/07/06 07:19:38 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$IXJNNFI.scr
[2012/07/06 07:24:01 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$IY1G3G4.txt
[2012/07/06 07:18:24 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$IYRT2H9.exe
[2012/07/03 08:49:39 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$IYSMTRD.png
[2012/07/06 07:24:01 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$IYW7SVN.log
[2012/07/06 07:20:44 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$IZBKBPC.png
[2012/06/29 02:39:19 | 003,879,304 | ---- | M] (AVG Technologies) -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R0HVPCP.exe
[2012/06/29 02:39:44 | 003,879,304 | ---- | M] (AVG Technologies) -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R0LUZDD.exe
[2012/07/06 00:07:37 | 000,001,922 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R16PLTS.lnk
[2012/07/03 06:16:00 | 000,047,583 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R20FFD2.png
[2012/07/03 05:45:22 | 022,259,528 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R28PE4O.exe
[2011/11/21 02:49:00 | 000,000,675 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R2E9WJE.txt
[2012/07/02 02:39:13 | 000,075,428 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R3NXFKT.jpg
[2012/06/28 02:45:15 | 007,655,099 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R4QBMYY.dmg
[2012/07/07 01:23:57 | 000,001,170 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R4RD7NF.lnk
[2012/07/06 04:10:34 | 009,214,685 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R4TN149.zip
[2012/06/30 04:38:45 | 000,000,169 | -HS- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R4UJKBP.ini
[2012/07/03 05:03:32 | 000,001,003 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R5DAB45.lnk
[2012/06/29 16:01:38 | 001,012,656 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R5WQ6B6.exe
[2012/03/31 13:33:40 | 000,000,162 | -HS- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R5XDNSD.docx
[2012/06/29 15:46:21 | 003,178,400 | ---- | M] (McAfee, Inc.) -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R6T6HER.exe
[2012/07/01 06:56:09 | 000,050,477 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R7CRDFP.exe
[2012/06/29 02:39:26 | 003,879,304 | ---- | M] (AVG Technologies) -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R8447K5.exe
[2012/07/01 21:41:11 | 000,222,585 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R86S4VD.bpdx
[2012/06/23 09:54:57 | 000,004,228 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R89N8EC.txt
[2012/06/29 15:42:51 | 001,402,880 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R8O5JXJ.msi
[2012/06/29 15:56:17 | 001,020,640 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R904VBK.exe
[2012/07/03 05:02:37 | 001,721,240 | ---- | M] (Comfort Software Group ) -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$RAK52FQ.exe
[2012/06/29 15:45:04 | 001,798,228 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$RAQUWM1.zip
[2012/06/26 12:22:52 | 000,036,491 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$RAXCDQT.docx
[2012/07/02 03:58:19 | 000,001,045 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$RAXH96U.lnk
[2012/06/27 01:12:50 | 000,030,859 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$RAZ21UL.zip
[2012/07/06 00:05:29 | 089,340,632 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$RB48H0L.exe
[2012/07/05 05:52:31 | 000,022,016 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$RB92679.asd
[2012/06/29 02:43:07 | 003,879,304 | ---- | M] (AVG Technologies) -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$RBCXQ2S.exe
[2012/07/06 01:29:15 | 004,518,720 | ---- | M] (FileZilla Project) -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$RBCXW3F.exe
[2011/11/14 21:48:45 | 026,514,296 | ---- | M] (The Cloud Networks) -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$RBMDL9S.exe
[2012/07/01 06:57:45 | 000,000,478 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$RDBRP5W.log
[2012/07/05 23:49:02 | 002,116,179 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$RDF3PRS.zip
[2012/05/24 09:50:30 | 000,133,558 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$REJ2REH.txt
[2012/06/29 15:40:43 | 001,402,880 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$REJA3R2.msi
[2012/07/03 05:38:29 | 000,000,380 | -HS- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$REKFQBK.ini
[2012/06/22 21:55:59 | 000,006,670 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$RENTLVA.png
[2012/07/05 05:52:22 | 000,000,162 | -H-- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$REV9CN7.doc
[2012/07/01 21:43:29 | 000,222,593 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$RF79USZ.bpdx
[2012/07/05 17:26:07 | 000,133,765 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$RFBIWU4.zip
[2012/07/02 05:46:07 | 005,343,523 | ---- | M] (TweetAdder.com) -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$RFXBKWB.exe
[2012/06/19 19:17:40 | 000,000,354 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$RFZ8747.txt
[2012/07/03 05:38:28 | 000,000,504 | -HS- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$RG853YS.ini
[2012/07/03 05:38:30 | 000,000,380 | -HS- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$RG8X0DA.ini
[2012/07/03 00:57:04 | 001,287,528 | ---- | M] (Microsoft Corporation) -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$RGE2SJR.exe
[2012/06/23 09:53:25 | 002,109,806 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$RGTO0KH.zip
[2012/06/26 23:40:29 | 000,063,666 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$RIJBZL0.png
[2012/06/26 12:22:44 | 000,036,491 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$RJN5VYW.docx
[2012/06/26 23:40:11 | 000,063,666 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$RK8MKAY.png
[2012/06/29 16:17:38 | 089,050,280 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$RKIKGJ0.exe
[2012/06/29 02:44:33 | 003,879,304 | ---- | M] (AVG Technologies) -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$RKV57B4.exe
[2012/07/05 05:52:19 | 000,056,320 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$RL1JLYY.doc
[2012/07/06 02:21:10 | 004,919,784 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$RMCACGS.zip
[2012/03/30 22:36:46 | 009,866,152 | ---- | M] (Pro Softnet Corp ) -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$RNKQ1Q2.exe
[2012/06/28 07:36:16 | 007,216,178 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$RNMD9GX.zip
[2012/07/06 01:28:42 | 001,620,836 | ---- | M] (FileZilla Project) -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$RO0H377.exe
[2012/05/26 20:09:59 | 000,129,482 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$ROEAWLB.txt
[2012/06/29 16:02:58 | 078,129,256 | ---- | M] (Sophos Limited) -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$RPFLPJ4.exe
[2012/06/29 02:45:37 | 003,879,304 | ---- | M] (AVG Technologies) -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$RPSNXH9.exe
[2012/06/29 23:22:25 | 000,000,169 | -HS- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$RQENB5D.ini
[2012/02/17 04:16:16 | 000,000,504 | -HS- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$RQLIGOQ.ini
[2012/07/02 02:39:13 | 000,075,428 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$RR7GDHF.jpg
[2012/07/06 01:24:11 | 001,620,836 | ---- | M] (FileZilla Project) -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$RRHSWFJ.exe
[2012/06/29 02:14:02 | 002,109,990 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$RRMFMAY.zip
[2012/07/05 05:59:59 | 000,546,708 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$RSCBL3T.pdf
[2012/07/01 06:14:56 | 051,460,046 | ---- | M] (Write Brothers, Inc. ) -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$RSFI8ZT.exe
[2011/01/01 01:14:00 | 000,002,254 | R--- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$RSS8X8Z.txt
[2012/07/02 05:50:40 | 000,001,019 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$RSSHD43.lnk
[2012/06/29 15:48:48 | 004,566,027 | R--- | M] (Swearware) -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$RT1U5UD.exe
[2012/06/28 07:57:22 | 000,000,223 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$RT7Z18I.vcf
[2012/06/28 02:45:39 | 005,343,523 | ---- | M] (TweetAdder.com) -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$RTAFDC4.exe
[2012/07/01 21:42:52 | 000,222,589 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$RTK0H6B.bpdx
[2012/06/20 01:39:19 | 000,000,162 | -H-- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$RUZASIW.docx
[2012/06/28 17:16:39 | 030,903,880 | ---- | M] (Code Systems Corporation) -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$RUZNT5S.exe
[2012/07/03 05:38:29 | 000,000,504 | -HS- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$RV5SGGH.ini
[2012/07/06 05:29:06 | 000,005,014 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$RV7M4L8.png
[2012/06/29 22:59:11 | 018,492,072 | ---- | M] (Dropbox, Inc.) -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$RVBHP6X.exe
[2009/07/14 05:54:24 | 000,000,380 | -HS- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$RVQWAQA.ini
[2012/06/29 16:08:47 | 002,114,838 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$RW74Q58.zip
[2012/06/22 04:15:46 | 000,131,358 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$RWQ8KVM.txt
[2012/07/01 03:04:42 | 000,000,278 | -HS- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$RXBTNSR.ini
[2012/07/01 06:56:30 | 000,607,260 | R--- | M] (Swearware) -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$RXJNNFI.scr
[2012/06/19 18:44:07 | 000,004,124 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$RY1G3G4.txt
[2012/06/30 15:41:03 | 003,879,304 | ---- | M] (AVG Technologies) -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$RYRT2H9.exe
[2012/06/29 16:04:11 | 000,000,450 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$RYW7SVN.log
[2012/06/22 21:55:54 | 000,006,670 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$RZBKBPC.png
[2012/06/18 12:28:01 | 000,000,129 | -HS- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\desktop.ini
[2012/02/07 01:42:27 | 000,004,799 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\dilbert.com.80.933376828.0c0f525fbcf1480b8457ecbc19684fe0.bin
[2012/02/07 01:42:27 | 000,006,302 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\dilbert.com.80.933376828.0c0f525fbcf1480b8457ecbc19684fe0.xml
[2012/02/07 01:40:36 | 000,018,803 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\dooce.com.80.427297426.da717e5395dd4ddbbc290f4964da6cd6.bin
[2012/02/07 01:40:36 | 000,009,079 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\dooce.com.80.427297426.da717e5395dd4ddbbc290f4964da6cd6.xml
[2012/03/30 02:04:58 | 000,001,150 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\london-craigslist-co-uk.ico
[2012/03/30 02:03:41 | 000,024,950 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\london.craigslist.co.uk.80.95096111.a0fafd129a804370940acda743a699c2.bin
[2012/03/30 02:03:41 | 000,028,787 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\london.craigslist.co.uk.80.95096111.a0fafd129a804370940acda743a699c2.xml
[2012/02/23 01:07:15 | 000,000,004 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\london.craigslist.co.uk.80.95096111.f682b9081c5147fbb4b80b96e1772fd9.bin
[2012/02/23 01:07:15 | 000,000,634 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\london.craigslist.co.uk.80.95096111.f682b9081c5147fbb4b80b96e1772fd9.xml
[2012/02/07 01:40:40 | 000,015,432 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\news.yahoo.com.80.1014274968.ae18d1f2a045410f9c5bdf6449f21f72.bin
[2012/02/07 01:40:40 | 000,028,017 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\news.yahoo.com.80.1014274968.ae18d1f2a045410f9c5bdf6449f21f72.xml
[2012/02/07 01:40:38 | 000,011,703 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\news.yahoo.com.80.1524355337.9505964740654952820ca51fbcf28379.bin
[2012/02/07 01:40:38 | 000,024,558 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\news.yahoo.com.80.1524355337.9505964740654952820ca51fbcf28379.xml
[2012/02/07 01:40:39 | 000,014,545 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\news.yahoo.com.80.95831256.698cf08fa22a41abb83c5aaa71d7bca5.bin
[2012/02/07 01:40:39 | 000,026,368 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\news.yahoo.com.80.95831256.698cf08fa22a41abb83c5aaa71d7bca5.xml
[2012/03/30 02:03:40 | 000,001,718 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\rssbandit-org.ico
[2012/03/29 09:01:50 | 000,000,944 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\rssbandit.org.80.604808850.daaf2eb05e594c9085591edff568962b.bin
[2012/03/29 09:01:50 | 000,001,943 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\rssbandit.org.80.604808850.daaf2eb05e594c9085591edff568962b.xml
[2012/02/07 01:40:37 | 000,032,332 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\scobleizer.com.80.1294397818.209d7c38f983447684ecc22ac30e8680.bin
[2012/02/07 01:40:37 | 000,009,819 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\scobleizer.com.80.1294397818.209d7c38f983447684ecc22ac30e8680.xml
[2012/02/07 01:40:37 | 000,068,812 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\scripting.com.80.471264876.c081625f776949a2b49bf8aed1fe3ca3.bin
[2012/02/07 01:40:37 | 000,025,094 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\scripting.com.80.471264876.c081625f776949a2b49bf8aed1fe3ca3.xml
[2012/02/07 01:40:39 | 000,041,424 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\slashdot.org.80.1018989608.7bc1263a58464855814d52c057cf7f51.bin
[2012/02/07 01:40:39 | 000,032,971 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\slashdot.org.80.1018989608.7bc1263a58464855814d52c057cf7f51.xml
[2012/03/30 02:03:40 | 000,001,406 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\sourceforge-net.ico
[2012/03/30 11:04:08 | 000,000,004 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\sourceforge.net.80.1972897606.de6f46276e404d70b4a78c989cc85909.bin
[2012/03/30 11:04:07 | 000,000,980 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\sourceforge.net.80.1972897606.de6f46276e404d70b4a78c989cc85909.xml
[2012/02/07 01:40:32 | 000,122,778 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\techcrunch.com.80.484657638.e33be214c6dc4df8b756e0bc21164b15.bin
[2012/02/07 01:40:32 | 000,066,205 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\techcrunch.com.80.484657638.e33be214c6dc4df8b756e0bc21164b15.xml
[2012/02/07 01:40:33 | 000,013,085 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\thisweekintech.com.80.1603893943.4da07badda0241858a202db301ea1a14.bin
[2012/02/07 01:40:33 | 000,027,919 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\thisweekintech.com.80.1603893943.4da07badda0241858a202db301ea1a14.xml
[2012/02/29 13:54:04 | 000,003,638 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\workingwritersnewsletter-blogspot-com.ico
[2012/03/30 02:05:00 | 000,001,078 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www-dgmarket-com.ico
[2012/03/30 02:04:59 | 000,003,262 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www-freelanceuk-com.ico
[2012/03/30 02:04:56 | 000,001,150 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www-online-writing-jobs-com.ico
[2012/03/30 02:04:57 | 000,001,150 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www-writingbids-com.ico
[2012/03/30 02:04:58 | 000,001,086 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www-writingcareer-com.ico
[2012/02/07 01:40:37 | 000,009,605 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.bbc.co.uk.80.1344597374.5a4d90d6eb7649f88d14ae60dc76ceb0.bin
[2012/02/07 01:40:37 | 000,038,291 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.bbc.co.uk.80.1344597374.5a4d90d6eb7649f88d14ae60dc76ceb0.xml
[2012/02/23 01:07:17 | 000,701,078 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.dgmarket.com.80.884758533.d800d213c1f9451fb6fb0f19e9d98ff6.bin
[2012/02/23 01:07:16 | 005,334,674 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.dgmarket.com.80.884758533.d800d213c1f9451fb6fb0f19e9d98ff6.xml
[2012/02/07 01:52:28 | 000,455,333 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.dgmarket.com.80.884758533.efb3e81d56674f039fb3dbf81e4879d0.bin
[2012/02/07 01:52:28 | 003,447,808 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.dgmarket.com.80.884758533.efb3e81d56674f039fb3dbf81e4879d0.xml
[2012/03/30 02:03:53 | 000,992,814 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.dgmarket.com.80.884758533.f9f29788b173426da806ef5afc1e3dfb.bin
[2012/03/30 02:03:50 | 007,707,105 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.dgmarket.com.80.884758533.f9f29788b173426da806ef5afc1e3dfb.xml
[2012/02/07 01:40:39 | 000,130,565 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.engadget.com.80.2048074792.934f028ae3974475a18868bb1128ce12.bin
[2012/02/07 01:40:39 | 000,072,195 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.engadget.com.80.2048074792.934f028ae3974475a18868bb1128ce12.xml
[2012/02/07 01:57:27 | 000,092,346 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.freelancejobopenings.com.80.649090652.1a7a98933f4741c19fcead1d8b1151d1.bin
[2012/02/07 01:57:27 | 000,091,734 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.freelancejobopenings.com.80.649090652.1a7a98933f4741c19fcead1d8b1151d1.xml
[2012/02/23 01:07:17 | 000,000,004 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.freelancejobopenings.com.80.649090652.66e1edaa353145aeb8878769abac6796.bin
[2012/02/23 01:07:17 | 000,000,695 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.freelancejobopenings.com.80.649090652.66e1edaa353145aeb8878769abac6796.xml
[2012/03/30 02:03:40 | 000,055,820 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.freelancejobopenings.com.80.649090652.7cfa76efc2954e8eae7578533dabbd4e.bin
[2012/03/30 02:03:40 | 000,056,049 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.freelancejobopenings.com.80.649090652.7cfa76efc2954e8eae7578533dabbd4e.xml
[2012/02/23 00:54:57 | 000,003,669 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.freelanceuk.com.80.1047769838.88e0ea366c134ee4b44b534f628e31db.bin
[2012/02/23 00:54:57 | 000,032,246 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.freelanceuk.com.80.1047769838.88e0ea366c134ee4b44b534f628e31db.xml
[2012/03/30 02:03:40 | 000,005,571 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.freelanceuk.com.80.1047769838.9bc07cac324a4873afb19fd6ff25ea05.bin
[2012/03/30 02:03:40 | 000,047,073 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.freelanceuk.com.80.1047769838.9bc07cac324a4873afb19fd6ff25ea05.xml
[2012/03/30 02:03:43 | 001,306,302 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.journalism.co.uk.80.201677607.7f76765f77464fe78cbad0a66baa2ffd.bin
[2012/03/30 02:03:43 | 001,251,145 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.journalism.co.uk.80.201677607.7f76765f77464fe78cbad0a66baa2ffd.xml
[2012/02/23 01:07:17 | 000,179,894 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.journalism.co.uk.80.201677607.9b0c72f7457e4e12965095f248cb3595.bin
[2012/02/23 01:07:17 | 000,166,954 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.journalism.co.uk.80.201677607.9b0c72f7457e4e12965095f248cb3595.xml
[2012/03/29 09:02:14 | 000,014,085 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.0c31eea120a043e389246baa5822925b.bin
[2012/03/29 09:02:14 | 000,029,692 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.0c31eea120a043e389246baa5822925b.xml
[2012/03/30 02:03:43 | 000,057,193 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.0c6931f7870a4ba6b5472a34e71bb1f8.bin
[2012/03/30 02:03:43 | 000,093,576 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.0c6931f7870a4ba6b5472a34e71bb1f8.xml
[2012/03/30 02:03:51 | 000,164,374 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.0d60aaf6df1e4c128e8b56ae88cfa685.bin
[2012/03/30 02:03:51 | 000,284,319 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.0d60aaf6df1e4c128e8b56ae88cfa685.xml
[2012/03/24 09:12:59 | 000,009,325 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.0db72c9b5286437ab8db70dae17afcdf.bin
[2012/03/24 09:12:59 | 000,013,969 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.0db72c9b5286437ab8db70dae17afcdf.xml
[2012/03/29 09:01:54 | 000,020,586 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.10d07a7b2ee54410a8d1891d37d92d44.bin
[2012/03/29 09:01:54 | 000,036,740 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.10d07a7b2ee54410a8d1891d37d92d44.xml
[2012/02/23 00:55:06 | 000,977,235 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.246887daf2724e21acba22d53c5232eb.bin
[2012/02/23 00:55:06 | 001,651,575 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.246887daf2724e21acba22d53c5232eb.xml
[2012/02/07 01:52:11 | 000,128,712 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.24d0b5926977495b81b9fc2ab2a1c2eb.bin
[2012/02/07 01:52:11 | 000,196,121 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.24d0b5926977495b81b9fc2ab2a1c2eb.xml
[2012/02/15 03:06:57 | 000,000,004 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.261d0524afa342399fa23d3123b728af.bin
[2012/02/15 03:06:57 | 000,000,787 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.261d0524afa342399fa23d3123b728af.xml
[2012/02/23 00:55:13 | 000,015,847 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.2bccb34a84d645bb982288c78601a27e.bin
[2012/02/23 00:55:13 | 000,029,877 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.2bccb34a84d645bb982288c78601a27e.xml
[2012/02/23 00:55:17 | 000,007,004 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.2d1f826f6b90406fa88e717a19ab2da8.bin
[2012/02/23 00:55:17 | 000,012,698 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.2d1f826f6b90406fa88e717a19ab2da8.xml
[2012/02/29 13:00:39 | 000,000,653 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.2ef9cca9942445b1bf2ee6092cb0c52d.bin
[2012/02/29 13:00:39 | 000,003,065 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.2ef9cca9942445b1bf2ee6092cb0c52d.xml
[2012/03/29 09:02:23 | 000,019,161 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.314519dacb15478199e03c4b582a825d.bin
[2012/03/29 09:02:23 | 000,039,559 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.314519dacb15478199e03c4b582a825d.xml
[2012/02/23 00:55:20 | 000,004,952 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.3efe97cf80d148628530ba08871ed0af.bin
[2012/02/23 00:55:20 | 000,012,644 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.3efe97cf80d148628530ba08871ed0af.xml
[2012/03/29 09:02:25 | 000,003,124 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.410a1c78d15540739e8785831d1e35c4.bin
[2012/03/29 09:02:25 | 000,009,985 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.410a1c78d15540739e8785831d1e35c4.xml
[2012/02/23 00:54:57 | 000,007,846 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.456b80503acc4bdc88abab98811540d9.bin
[2012/02/23 00:54:57 | 000,017,395 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.456b80503acc4bdc88abab98811540d9.xml
[2012/03/30 02:03:52 | 000,049,084 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.48d8ce9e10964b27ae89524993c3a275.bin
[2012/03/30 02:03:51 | 000,057,477 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.48d8ce9e10964b27ae89524993c3a275.xml
[2012/02/23 00:55:16 | 000,002,301 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.4ab7bb6b8a544510abab435d77b43815.bin
[2012/02/23 00:55:16 | 000,005,536 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.4ab7bb6b8a544510abab435d77b43815.xml
[2012/02/23 01:07:17 | 000,000,004 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.4c5ca41190c54f4b93019ff4ddb849d7.bin
[2012/02/23 01:07:17 | 000,000,782 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.4c5ca41190c54f4b93019ff4ddb849d7.xml
[2012/03/30 02:03:41 | 000,002,961 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.518b06698ea04e90ac21364ac8bb6fdc.bin
[2012/03/30 02:03:41 | 000,005,780 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.518b06698ea04e90ac21364ac8bb6fdc.xml
[2012/03/30 02:03:50 | 000,157,843 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.530e0840f7614d14a83ef5c41ae532e5.bin
[2012/03/30 02:03:50 | 000,291,067 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.530e0840f7614d14a83ef5c41ae532e5.xml
[2012/02/07 01:52:06 | 000,002,986 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.531f6acb65914890b43854158309cc2a.bin
[2012/02/07 01:52:06 | 000,005,530 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.531f6acb65914890b43854158309cc2a.xml
[2012/02/23 00:55:17 | 000,042,309 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.556a4e4f675a457cab774ffb1cabc1cf.bin
[2012/02/23 00:55:17 | 000,065,603 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.556a4e4f675a457cab774ffb1cabc1cf.xml
[2012/03/24 09:13:29 | 000,003,071 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.5d072055e1bf45209b099c209a17ee07.bin
[2012/03/24 09:13:29 | 000,004,268 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.5d072055e1bf45209b099c209a17ee07.xml
[2012/03/30 02:03:40 | 000,052,921 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.5fd0eede8a794e4e89aa6df823ad5776.bin
[2012/03/30 02:03:40 | 000,070,088 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.5fd0eede8a794e4e89aa6df823ad5776.xml
[2012/02/23 00:55:20 | 000,106,369 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.602524b812884fda8689fc82287aac3b.bin
[2012/02/23 00:55:20 | 000,185,014 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.602524b812884fda8689fc82287aac3b.xml
[2012/03/30 02:03:39 | 000,018,425 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.6169e19d240d460688ec7af852e7f0d0.bin
[2012/03/30 02:03:39 | 000,026,330 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.6169e19d240d460688ec7af852e7f0d0.xml
[2012/02/23 00:55:18 | 000,016,607 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.638780622d014c68871ed1f40c3d3ce9.bin
[2012/02/23 00:55:18 | 000,032,880 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.638780622d014c68871ed1f40c3d3ce9.xml
[2012/02/07 01:51:59 | 000,010,883 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.687be7cf29cb4f29ad18ab148e143616.bin
[2012/02/07 01:51:59 | 000,021,282 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.687be7cf29cb4f29ad18ab148e143616.xml
[2012/02/23 00:55:09 | 000,247,167 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.6c42022033634b29a4e287921ec27ddf.bin
[2012/02/23 00:55:09 | 000,250,144 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.6c42022033634b29a4e287921ec27ddf.xml
[2012/02/07 01:52:06 | 000,031,917 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.716b7e5fdcae431287f5849b97b62165.bin
[2012/02/07 01:52:06 | 000,049,260 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.716b7e5fdcae431287f5849b97b62165.xml
[2012/03/30 02:03:45 | 001,309,784 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.7546547fd1094114b454e6fd57b8b3f5.bin
[2012/03/30 02:03:45 | 002,101,154 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.7546547fd1094114b454e6fd57b8b3f5.xml
[2012/03/29 09:02:22 | 000,021,207 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.791f44d3efaa48068b0cc22565ed8fd2.bin
[2012/03/29 09:02:22 | 000,041,312 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.791f44d3efaa48068b0cc22565ed8fd2.xml
[2012/02/23 01:52:51 | 000,006,616 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.7b4a0d87a8174917975638c7202e87b1.bin
[2012/02/23 01:52:51 | 000,013,604 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.7b4a0d87a8174917975638c7202e87b1.xml
[2012/02/07 01:51:53 | 000,002,135 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.7f29a350eb1c48b4ba91522707b0f967.bin
[2012/02/07 01:51:53 | 000,004,400 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.7f29a350eb1c48b4ba91522707b0f967.xml
[2012/02/23 00:55:15 | 000,125,965 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.8165ce07b63746499d6c05a395c9644c.bin
[2012/02/23 00:55:15 | 000,249,138 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.8165ce07b63746499d6c05a395c9644c.xml
[2012/02/07 01:51:54 | 000,002,021 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.8211ac23752e420a8e9ceafee29c11aa.bin
[2012/02/07 01:51:54 | 000,005,419 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.8211ac23752e420a8e9ceafee29c11aa.xml
[2012/02/07 01:51:58 | 000,002,562 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.8491fa14485049919eee5f7c5fa7a29a.bin
[2012/02/07 01:51:58 | 000,004,331 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.8491fa14485049919eee5f7c5fa7a29a.xml
[2012/02/07 01:52:09 | 000,003,003 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.8543ee41a87d412e806889811ac9260a.bin
[2012/02/07 01:52:09 | 000,007,852 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.8543ee41a87d412e806889811ac9260a.xml
[2012/02/07 01:51:56 | 000,085,047 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.878bf82c00214bddadd536b038ef1b71.bin
[2012/02/07 01:51:56 | 000,101,537 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.878bf82c00214bddadd536b038ef1b71.xml
[2012/02/23 00:55:13 | 000,001,893 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.8d8ec179be104aa18b882fcbbe3801b6.bin
[2012/02/23 00:55:13 | 000,002,100 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.8d8ec179be104aa18b882fcbbe3801b6.xml
[2012/02/07 01:52:02 | 000,175,267 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.8f19374a78864ec3a3f5b55cab054c74.bin
[2012/02/07 01:52:02 | 000,181,201 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.8f19374a78864ec3a3f5b55cab054c74.xml
[2012/02/23 00:55:19 | 000,006,554 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.94c08a8de19440298a00d427f8623996.bin
[2012/02/23 00:55:19 | 000,010,217 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.94c08a8de19440298a00d427f8623996.xml
[2012/02/23 00:54:59 | 000,047,668 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.952cb13d59c5455384dd46c8ad0d3463.bin
[2012/02/23 00:54:59 | 000,073,531 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.952cb13d59c5455384dd46c8ad0d3463.xml
[2012/03/30 02:03:46 | 000,002,630 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.974191d1b80443d0a2ee06e4e637eab4.bin
[2012/03/30 02:03:46 | 000,006,799 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.974191d1b80443d0a2ee06e4e637eab4.xml
[2012/03/29 09:02:15 | 000,020,525 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.9d18928e7b154f45aa3199c1d1f75dc4.bin
[2012/03/29 09:02:15 | 000,043,312 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.9d18928e7b154f45aa3199c1d1f75dc4.xml
[2012/03/30 02:03:53 | 000,082,452 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.a362319d8bdd40aca6a3f8a02bf7f34e.bin
[2012/03/30 02:03:53 | 000,111,485 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.a362319d8bdd40aca6a3f8a02bf7f34e.xml
[2012/02/23 00:55:11 | 000,024,194 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.a69d6f1117e1441ca0e22bf73d935aa6.bin
[2012/02/23 00:55:11 | 000,041,877 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.a69d6f1117e1441ca0e22bf73d935aa6.xml
[2012/02/07 01:52:05 | 000,087,470 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.aad3e8ac8fde4315b29f8d65ef5edf3e.bin
[2012/02/07 01:52:05 | 000,165,025 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.aad3e8ac8fde4315b29f8d65ef5edf3e.xml
[2012/02/15 02:58:05 | 000,000,004 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.b75484be098f4b3f9d7d4c4295d470e6.bin
[2012/02/15 02:58:05 | 000,000,779 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.b75484be098f4b3f9d7d4c4295d470e6.xml
[2012/03/30 02:03:54 | 000,002,328 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.b97763e9458046e4b5c2df2531a5fa3d.bin
[2012/03/30 02:03:54 | 000,005,381 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.b97763e9458046e4b5c2df2531a5fa3d.xml
[2012/02/07 01:51:59 | 000,009,414 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.b9abd8cf162e488ab38fd8fb990c24b5.bin
[2012/02/07 01:51:59 | 000,016,106 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.b9abd8cf162e488ab38fd8fb990c24b5.xml
[2012/03/29 09:02:22 | 000,009,889 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.c51b96f05ada4cee9ab84bafdfb6fc69.bin
[2012/03/29 09:02:22 | 000,019,707 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.c51b96f05ada4cee9ab84bafdfb6fc69.xml
[2012/02/23 00:55:16 | 000,014,094 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.c975629431b54627b3d8e37522f03219.bin
[2012/02/23 00:55:16 | 000,027,861 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.c975629431b54627b3d8e37522f03219.xml
[2012/02/07 01:51:53 | 000,028,849 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.cbb53076e3824c47b14f153c3c97a6e1.bin
[2012/02/07 01:51:53 | 000,048,503 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.cbb53076e3824c47b14f153c3c97a6e1.xml
[2012/02/15 01:00:58 | 000,002,272 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.d126cd850d424e968df6bd37ccc29851.bin
[2012/02/15 01:00:58 | 000,006,569 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.d126cd850d424e968df6bd37ccc29851.xml
[2012/02/07 01:51:57 | 000,011,023 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.d42a59bb9e154bd0852999346ce247e8.bin
[2012/02/07 01:51:57 | 000,024,059 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.d42a59bb9e154bd0852999346ce247e8.xml
[2012/03/29 09:02:22 | 000,004,798 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.d44ab9dc46604e1eba878129cf1a4a8e.bin
[2012/03/29 09:02:22 | 000,010,358 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.d44ab9dc46604e1eba878129cf1a4a8e.xml
[2012/02/23 00:54:56 | 000,012,850 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.d77e6aa6bc264d88b23a54ce251ed040.bin
[2012/02/23 00:54:56 | 000,025,740 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.d77e6aa6bc264d88b23a54ce251ed040.xml
[2012/02/07 01:52:05 | 000,005,040 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.d79bc53bd0414741bfde2cc7e8ae9d4e.bin
[2012/02/07 01:52:05 | 000,010,237 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.d79bc53bd0414741bfde2cc7e8ae9d4e.xml
[2012/02/07 01:52:03 | 000,008,165 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.d97c2d39bfc34c489232c2dd22541409.bin
[2012/02/07 01:52:03 | 000,022,322 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.d97c2d39bfc34c489232c2dd22541409.xml
[2012/02/07 01:51:57 | 000,049,311 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.da0115b0e39c4d71a0f45efc475b2f0c.bin
[2012/02/07 01:51:57 | 000,075,899 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.da0115b0e39c4d71a0f45efc475b2f0c.xml
[2012/03/29 09:02:21 | 000,002,861 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.da68851f99384a36807d3227fed502b5.bin
[2012/03/29 09:02:21 | 000,007,668 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.da68851f99384a36807d3227fed502b5.xml
[2012/02/07 01:52:00 | 000,014,424 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.e05dc47ca5d9400ea110631839b08764.bin
[2012/02/07 01:52:00 | 000,028,906 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.e05dc47ca5d9400ea110631839b08764.xml
[2012/02/23 00:55:12 | 000,001,490 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.e26f48af94fc4455b6a57a4da91b203e.bin
[2012/02/23 00:55:12 | 000,003,160 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.e26f48af94fc4455b6a57a4da91b203e.xml
[2012/02/07 01:52:04 | 000,090,294 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.e29cf8c2ff8f4beebe9ada4a6f35b98a.bin
[2012/02/07 01:52:04 | 000,167,459 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.e29cf8c2ff8f4beebe9ada4a6f35b98a.xml
[2012/02/07 01:51:53 | 000,010,669 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.e4a9333be70b4a9fb9a6339fc447f363.bin
[2012/02/07 01:51:53 | 000,021,038 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.e4a9333be70b4a9fb9a6339fc447f363.xml
[2012/02/07 01:52:07 | 000,025,556 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.e6bd943bad414d2da7706481d4c88b49.bin
[2012/02/07 01:52:07 | 000,042,829 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.e6bd943bad414d2da7706481d4c88b49.xml
[2012/02/23 00:55:17 | 000,018,794 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.ea49c837ed794020baf6e7997439317c.bin
[2012/02/23 00:55:17 | 000,031,151 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.ea49c837ed794020baf6e7997439317c.xml
[2012/02/07 01:51:59 | 000,010,274 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.f1e29e919bba467a83b9ebff338a838b.bin
[2012/02/07 01:51:59 | 000,018,804 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.f1e29e919bba467a83b9ebff338a838b.xml
[2012/03/30 02:03:53 | 000,306,280 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.f5f19cddc4924166a0499256e29ae4a5.bin
[2012/03/30 02:03:53 | 000,303,654 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.f5f19cddc4924166a0499256e29ae4a5.xml
[2012/02/07 01:52:07 | 000,004,827 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.f9bc30d66d744b49a04d5a96d0f43be0.bin
[2012/02/07 01:52:07 | 000,006,855 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.onlinewritingjobs.com.80.1937712816.f9bc30d66d744b49a04d5a96d0f43be0.xml
[2012/03/30 09:04:03 | 000,000,004 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.rendelmann.info.80.1410387666.96abef727a1847bda11682f05da57d6a.bin
[2012/03/30 09:04:02 | 000,000,622 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.rendelmann.info.80.1410387666.96abef727a1847bda11682f05da57d6a.xml
[2012/02/07 01:40:34 | 000,025,756 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.theonion.com.80.671459081.c9575ba2768f47fbbbbcb19dad237c93.bin
[2012/02/07 01:40:34 | 000,055,384 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.theonion.com.80.671459081.c9575ba2768f47fbbbbcb19dad237c93.xml
[2012/02/07 01:40:33 | 000,007,336 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.tmz.com.80.596648642.9cd4fdd1c1d04411b681bc3bbd64125d.bin
[2012/02/07 01:40:33 | 000,016,108 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.tmz.com.80.596648642.9cd4fdd1c1d04411b681bc3bbd64125d.xml
[2012/02/07 04:34:11 | 000,002,028 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.umbrellablog.co.uk.80.619938403.9e701c1c5c9445afb362e18722f837d5.bin
[2012/02/07 04:34:11 | 000,001,910 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.umbrellablog.co.uk.80.619938403.9e701c1c5c9445afb362e18722f837d5.xml
[2012/02/07 01:40:31 | 000,000,004 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.violentacres.com.80.265313843.c3db1b2fc70540c2aa7a188df4dcca62.bin
[2012/02/07 01:40:31 | 000,001,299 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.violentacres.com.80.265313843.c3db1b2fc70540c2aa7a188df4dcca62.xml
[2012/02/07 01:53:13 | 002,244,577 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.writingbids.com.80.1328174866.532c1d2b6dde4696b0c0c66e171eb35a.bin
[2012/02/07 01:53:13 | 003,445,274 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.writingbids.com.80.1328174866.532c1d2b6dde4696b0c0c66e171eb35a.xml
[2012/03/30 02:04:09 | 006,696,270 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.writingbids.com.80.1328174866.879a6efeeeb840b788ede1a67421cf19.bin
[2012/03/30 02:04:04 | 010,313,546 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.writingbids.com.80.1328174866.879a6efeeeb840b788ede1a67421cf19.xml
[2012/02/23 00:56:07 | 004,101,733 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.writingbids.com.80.1328174866.e88f3a0b59ad4c68ac5b8203a2e29510.bin
[2012/02/23 00:56:06 | 006,291,177 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.writingbids.com.80.1328174866.e88f3a0b59ad4c68ac5b8203a2e29510.xml
[2012/03/30 02:03:44 | 000,750,318 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.writingcareer.com.80.387705180.2a0ee7b226ff4fb092a62c4cad79d773.bin
[2012/03/30 02:03:44 | 002,572,692 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.writingcareer.com.80.387705180.2a0ee7b226ff4fb092a62c4cad79d773.xml
[2012/02/23 00:55:11 | 000,476,395 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.writingcareer.com.80.387705180.d1d89cf1cfc24e409f677ac485a4f8f9.bin
[2012/02/23 00:55:11 | 001,704,056 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\www.writingcareer.com.80.387705180.d1d89cf1cfc24e409f677ac485a4f8f9.xml
[2012/02/07 01:40:32 | 000,001,365 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\xkcd.com.80.773354639.fc8c6af64d18455c9666c93cde935dbd.bin
[2012/02/07 01:40:32 | 000,001,469 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\Cache\xkcd.com.80.773354639.fc8c6af64d18455c9666c93cde935dbd.xml
[2012/03/30 11:14:12 | 000,000,020 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\index\segments.gen
[2012/03/30 11:14:12 | 000,000,306 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\index\segments_1j3
[2012/02/15 14:57:39 | 024,087,452 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\index\_91.cfs
[2012/02/16 01:38:06 | 000,000,019 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\index\_91_1.del
[2012/03/24 09:13:35 | 002,976,833 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\index\_mt.cfs
[2012/03/29 09:02:06 | 000,000,243 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\index\_mt_3.del
[2012/03/24 09:14:52 | 002,686,283 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\index\_ny.cfs
[2012/03/24 09:16:30 | 001,684,681 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\index\_oj.cfs
[2012/03/29 09:02:05 | 024,269,969 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\index\_p2.cfs
[2012/03/29 09:03:22 | 002,857,987 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\index\_pz.cfs
[2012/03/30 09:04:03 | 000,000,241 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\index\_pz_2.del
[2012/03/30 09:04:06 | 001,335,586 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\index\_qu.cfs
[2012/03/30 10:04:06 | 000,000,104 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\index\_qu_1.del
[2012/03/30 10:04:10 | 000,017,657 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\index\_qv.cfs
[2012/03/30 11:04:09 | 000,000,010 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\index\_qv_1.del
[2012/03/30 11:04:09 | 000,003,284 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\index\_qw.cfs
[2012/03/30 11:04:09 | 000,002,621 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\index\_qx.cfs
[2012/03/30 11:14:12 | 000,014,269 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R32SGZN\index\_qy.cfs
[2012/06/26 19:13:22 | 000,006,353 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R3YUD2J\Original_70x84.png
[2011/01/01 01:14:00 | 000,002,254 | R--- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R4I5FXO\eula.txt
[2012/06/25 21:19:12 | 002,128,984 | ---- | M] (Kaspersky Lab ZAO) -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$R4I5FXO\TDSSKiller.exe
[2012/04/14 12:02:04 | 000,039,781 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$RD12JBD\layout.ini
[2012/04/14 12:02:04 | 000,010,962 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$RD12JBD\Scwriter.ini
[2012/07/01 04:31:27 | 000,001,262 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$RDTKIXJ\Setup\history.ini
[2012/07/01 04:31:27 | 000,000,034 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$RDTKIXJ\Setup\setup.ini
[2012/06/26 18:41:35 | 008,933,328 | ---- | M] (Code Systems Corporation) -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$RJ85EFT\Client\Console\0.3.9.17\Spoon-Console.exe
[2012/03/19 17:53:00 | 000,000,016 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$RJ85EFT\Sandboxes\Spoon Console\0.3.7.8\XSandbox.bin
[2012/06/28 17:21:40 | 000,000,016 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$RJ85EFT\Sandboxes\Spoon Console\0.3.9.16\XSandbox.bin
[2012/06/29 01:57:33 | 000,000,016 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$RJ85EFT\Sandboxes\Spoon Console\0.3.9.17\XSandbox.bin
[2012/03/25 14:04:58 | 000,000,016 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$RJ85EFT\Sandboxes\Spoon Sandbox Manager\3.32.2.12\2012.01.27T20.06\XSandbox.bin
[2012/03/19 17:52:35 | 000,000,016 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$RJ85EFT\Sandboxes\Spoon Sandbox Manager\3.32.2.12\20120319165231393\XSandbox.bin
[2012/06/28 17:20:39 | 000,000,016 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$RJ85EFT\Sandboxes\Spoon Sandbox Manager\3.33.0.17\20120628162018076\XSandbox.bin
[2012/06/29 03:43:41 | 000,000,016 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$RJ85EFT\Sandboxes\Spoon Sandbox Manager\3.33.0.18\XSandbox.bin
[2012/06/29 01:57:02 | 000,000,016 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$RJ85EFT\Sandboxes\Spoon Sandbox Manager\3.33.0.18\20120629005631447\XSandbox.bin
[2011/06/05 12:56:18 | 000,000,236 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$RLE3I7P\Setup\bab033.tbinst.dat
[2011/06/15 09:08:24 | 000,000,174 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$RLE3I7P\Setup\bab091.norecovericon.dat
[2011/12/01 14:42:15 | 000,011,205 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$RLE3I7P\Setup\Babylon.dat
[2011/12/01 14:43:37 | 000,129,536 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$RLE3I7P\Setup\BExternal.dll
[2011/12/01 14:43:28 | 000,005,120 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$RLE3I7P\Setup\IECookieLow.dll
[2011/12/15 10:40:21 | 001,149,032 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$RLE3I7P\Setup\Setup-tbmntr903-9.0.3.34.zpb
[2011/12/01 16:49:13 | 001,789,040 | ---- | M] (Babylon Ltd.) -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$RLE3I7P\Setup\Setup.exe
[2011/12/01 14:42:16 | 000,078,257 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$RLE3I7P\Setup\SetupStrings.dat
[2010/03/29 13:02:48 | 000,520,234 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$RLE3I7P\Setup\sqlite3.dll
[2011/04/28 16:31:33 | 000,003,547 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$RLE3I7P\Setup\HtmlScreens\cmbx.png
[2011/07/18 14:22:43 | 000,003,291 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$RLE3I7P\Setup\HtmlScreens\common.js
[2011/12/01 16:46:04 | 000,079,858 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$RLE3I7P\Setup\HtmlScreens\eula.html
[2011/06/01 14:56:42 | 000,025,645 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$RLE3I7P\Setup\HtmlScreens\lngs.png
[2011/05/26 09:29:40 | 000,003,710 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$RLE3I7P\Setup\HtmlScreens\page1.css
[2011/07/18 14:22:43 | 000,004,698 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$RLE3I7P\Setup\HtmlScreens\page1.html
[2011/07/05 09:02:15 | 000,008,138 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$RLE3I7P\Setup\HtmlScreens\page1.js
[2011/06/01 16:49:37 | 000,003,811 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$RLE3I7P\Setup\HtmlScreens\page1Lrg.css
[2011/07/11 14:34:58 | 000,002,782 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$RLE3I7P\Setup\HtmlScreens\page2.css
[2011/10/31 11:53:42 | 000,003,814 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$RLE3I7P\Setup\HtmlScreens\page2.html
[2011/10/31 11:53:42 | 000,003,667 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$RLE3I7P\Setup\HtmlScreens\page2.js
[2011/07/11 14:34:58 | 000,001,876 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$RLE3I7P\Setup\HtmlScreens\page2Lrg.css
[2011/10/10 14:14:04 | 000,000,667 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$RLE3I7P\Setup\HtmlScreens\page9.html
[2011/07/05 09:02:16 | 000,003,208 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$RLE3I7P\Setup\HtmlScreens\pBar.gif
[2011/05/26 14:14:18 | 000,026,111 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$RLE3I7P\Setup\HtmlScreens\title1.png
[2011/05/26 14:14:18 | 000,045,973 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$RLE3I7P\Setup\HtmlScreens\title2.png
[2011/04/28 16:31:37 | 000,019,693 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$RLE3I7P\Setup\HtmlScreens\toolBar.jpg
[2011/04/28 16:31:37 | 000,003,052 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$RLE3I7P\Setup\HtmlScreens\vIcn.png
[2012/03/08 11:21:14 | 007,242,884 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$RMEX33K\Women In Business 2012.pdf
[2012/05/11 01:33:18 | 000,001,120 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$ROGIY8X\SPSS\Statistics\20\Eclipse\configuration\nl\en_US\org.eclipse.core.runtime\.contributions.11
[2012/05/11 01:33:18 | 000,001,626 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$ROGIY8X\SPSS\Statistics\20\Eclipse\configuration\nl\en_US\org.eclipse.core.runtime\.contributors.11
[2012/05/11 01:33:18 | 000,019,127 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$ROGIY8X\SPSS\Statistics\20\Eclipse\configuration\nl\en_US\org.eclipse.core.runtime\.extraData.11
[2012/05/11 01:33:18 | 000,090,217 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$ROGIY8X\SPSS\Statistics\20\Eclipse\configuration\nl\en_US\org.eclipse.core.runtime\.mainData.11
[2012/05/11 01:33:18 | 000,001,552 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$ROGIY8X\SPSS\Statistics\20\Eclipse\configuration\nl\en_US\org.eclipse.core.runtime\.namespaces.11
[2012/05/11 01:33:18 | 000,000,004 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$ROGIY8X\SPSS\Statistics\20\Eclipse\configuration\nl\en_US\org.eclipse.core.runtime\.orphans.11
[2012/05/01 19:26:49 | 000,012,835 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$ROGIY8X\SPSS\Statistics\20\Eclipse\configuration\nl\en_US\org.eclipse.core.runtime\.table.10
[2012/05/11 01:33:18 | 000,012,835 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$ROGIY8X\SPSS\Statistics\20\Eclipse\configuration\nl\en_US\org.eclipse.core.runtime\.table.11
[2012/05/01 19:26:49 | 000,000,166 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$ROGIY8X\SPSS\Statistics\20\Eclipse\configuration\nl\en_US\org.eclipse.core.runtime\.manager\.fileTable.17
[2012/05/11 01:33:18 | 000,000,166 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$ROGIY8X\SPSS\Statistics\20\Eclipse\configuration\nl\en_US\org.eclipse.core.runtime\.manager\.fileTable.18
[2012/01/24 02:20:16 | 000,000,000 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$ROGIY8X\SPSS\Statistics\20\Eclipse\configuration\nl\en_US\org.eclipse.core.runtime\.manager\.fileTableLock
[2012/01/24 02:20:17 | 000,000,000 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$ROGIY8X\SPSS\Statistics\20\Eclipse\configuration\nl\en_US\org.eclipse.equinox.app\.manager\.fileTableLock
[2012/01/25 02:44:14 | 000,000,000 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$ROGIY8X\SPSS\Statistics\20\Eclipse\configuration\nl\en_US\org.eclipse.help.base\index\en_US.lock
[2012/01/25 02:44:14 | 000,000,004 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$ROGIY8X\SPSS\Statistics\20\Eclipse\configuration\nl\en_US\org.eclipse.help.base\index\en_US\deletable
[2012/01/25 02:44:15 | 000,000,568 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$ROGIY8X\SPSS\Statistics\20\Eclipse\configuration\nl\en_US\org.eclipse.help.base\index\en_US\indexed_contributions
[2012/01/25 02:44:14 | 000,000,163 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$ROGIY8X\SPSS\Statistics\20\Eclipse\configuration\nl\en_US\org.eclipse.help.base\index\en_US\indexed_dependencies
[2012/01/25 02:44:14 | 000,668,494 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$ROGIY8X\SPSS\Statistics\20\Eclipse\configuration\nl\en_US\org.eclipse.help.base\index\en_US\indexed_docs
[2012/01/25 02:44:14 | 000,000,029 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$ROGIY8X\SPSS\Statistics\20\Eclipse\configuration\nl\en_US\org.eclipse.help.base\index\en_US\segments
[2012/01/25 02:44:15 | 019,307,048 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$ROGIY8X\SPSS\Statistics\20\Eclipse\configuration\nl\en_US\org.eclipse.help.base\index\en_US\_8y4.cfs
[2012/05/11 00:48:46 | 000,027,251 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$ROGIY8X\SPSS\Statistics\20\Eclipse\configuration\nl\en_US\org.eclipse.osgi\.bundledata.1
[2012/05/11 00:48:47 | 000,092,196 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$ROGIY8X\SPSS\Statistics\20\Eclipse\configuration\nl\en_US\org.eclipse.osgi\.lazy.1
[2012/05/11 00:48:47 | 000,011,304 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$ROGIY8X\SPSS\Statistics\20\Eclipse\configuration\nl\en_US\org.eclipse.osgi\.state.1
[2012/05/11 00:48:47 | 000,000,094 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$ROGIY8X\SPSS\Statistics\20\Eclipse\configuration\nl\en_US\org.eclipse.osgi\.manager\.fileTable.4
[2012/05/11 00:48:48 | 000,000,094 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$ROGIY8X\SPSS\Statistics\20\Eclipse\configuration\nl\en_US\org.eclipse.osgi\.manager\.fileTable.5
[2012/05/11 00:47:43 | 000,000,000 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$ROGIY8X\SPSS\Statistics\20\Eclipse\configuration\nl\en_US\org.eclipse.osgi\.manager\.fileTableLock
[2012/05/11 00:48:28 | 000,335,872 | ---- | M] (Eclipse Foundation) -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$ROGIY8X\SPSS\Statistics\20\Eclipse\configuration\nl\en_US\org.eclipse.osgi\bundles\62\1\.cp\swt-win32-3448.dll
[2012/05/11 00:48:10 | 000,000,285 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$ROGIY8X\SPSS\Statistics\20\Eclipse\configuration\nl\en_US\org.eclipse.osgi\manifests\com.ibm.iehs.updater.nl1_1.0.0.MF
[2012/05/11 00:48:11 | 000,000,450 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$ROGIY8X\SPSS\Statistics\20\Eclipse\configuration\nl\en_US\org.eclipse.osgi\manifests\com.ibm.spss.statistics.coach_20.0.0.MF
[2012/05/11 00:48:11 | 000,000,443 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$ROGIY8X\SPSS\Statistics\20\Eclipse\configuration\nl\en_US\org.eclipse.osgi\manifests\com.ibm.spss.statistics.cs_20.0.0.MF
[2012/05/11 00:48:14 | 000,000,442 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$ROGIY8X\SPSS\Statistics\20\Eclipse\configuration\nl\en_US\org.eclipse.osgi\manifests\com.ibm.spss.statistics.extras_20.0.0.MF
[2012/05/11 00:48:15 | 000,000,443 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$ROGIY8X\SPSS\Statistics\20\Eclipse\configuration\nl\en_US\org.eclipse.osgi\manifests\com.ibm.spss.statistics.help_19.0.0.MF
[2012/05/11 00:48:15 | 000,000,440 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$ROGIY8X\SPSS\Statistics\20\Eclipse\configuration\nl\en_US\org.eclipse.osgi\manifests\com.ibm.spss.statistics.tut_20.0.0.MF
[2012/05/11 00:48:16 | 000,000,325 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$ROGIY8X\SPSS\Statistics\20\Eclipse\configuration\nl\en_US\org.eclipse.osgi\manifests\org.eclipse.help.base.nl1_3.0.1.MF
[2012/05/11 00:48:16 | 000,000,284 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$ROGIY8X\SPSS\Statistics\20\Eclipse\configuration\nl\en_US\org.eclipse.osgi\manifests\org.eclipse.help.debug.nl1_1.0.0.MF
[2012/05/11 00:48:16 | 000,000,281 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$ROGIY8X\SPSS\Statistics\20\Eclipse\configuration\nl\en_US\org.eclipse.osgi\manifests\org.eclipse.help.nl1_3.0.0.MF
[2012/05/11 00:48:16 | 000,000,331 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$ROGIY8X\SPSS\Statistics\20\Eclipse\configuration\nl\en_US\org.eclipse.osgi\manifests\org.eclipse.help.webapp.nl1_3.1.0.MF
[2012/05/11 00:48:16 | 000,000,348 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$ROGIY8X\SPSS\Statistics\20\Eclipse\configuration\nl\en_US\org.eclipse.osgi\manifests\org.eclipse.update.configurator.nl1_3.0.0.MF
[2012/05/11 00:48:16 | 000,000,324 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$ROGIY8X\SPSS\Statistics\20\Eclipse\configuration\nl\en_US\org.eclipse.osgi\manifests\org.eclipse.update.core.nl1_3.0.0.MF
[2012/05/11 00:48:16 | 000,000,016 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$ROGIY8X\SPSS\Statistics\20\Eclipse\configuration\nl\en_US\org.eclipse.update\last.config.stamp
[2012/05/11 00:47:51 | 000,000,427 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$ROGIY8X\SPSS\Statistics\20\Eclipse\configuration\nl\en_US\org.eclipse.update\platform.xml
[2012/01/24 02:20:15 | 000,000,427 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$ROGIY8X\SPSS\Statistics\20\Eclipse\configuration\nl\en_US\org.eclipse.update\history\1327368015869.xml
[2012/01/25 02:39:14 | 000,000,427 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$ROGIY8X\SPSS\Statistics\20\Eclipse\configuration\nl\en_US\org.eclipse.update\history\1327455554187.xml
[2012/01/25 02:42:32 | 000,000,427 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$ROGIY8X\SPSS\Statistics\20\Eclipse\configuration\nl\en_US\org.eclipse.update\history\1327455752323.xml
[2012/02/12 12:15:13 | 000,000,427 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$ROGIY8X\SPSS\Statistics\20\Eclipse\configuration\nl\en_US\org.eclipse.update\history\1329045313490.xml
[2012/02/16 17:06:38 | 000,000,427 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$ROGIY8X\SPSS\Statistics\20\Eclipse\configuration\nl\en_US\org.eclipse.update\history\1329408398657.xml
[2012/02/20 06:17:40 | 000,000,427 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$ROGIY8X\SPSS\Statistics\20\Eclipse\configuration\nl\en_US\org.eclipse.update\history\1329715060401.xml
[2012/02/29 21:50:47 | 000,000,427 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$ROGIY8X\SPSS\Statistics\20\Eclipse\configuration\nl\en_US\org.eclipse.update\history\1330548647118.xml
[2012/03/23 05:32:46 | 000,000,427 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$ROGIY8X\SPSS\Statistics\20\Eclipse\configuration\nl\en_US\org.eclipse.update\history\1332477166587.xml
[2012/04/04 05:15:29 | 000,000,427 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$ROGIY8X\SPSS\Statistics\20\Eclipse\configuration\nl\en_US\org.eclipse.update\history\1333512929903.xml
[2012/05/01 19:24:51 | 000,000,427 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$ROGIY8X\SPSS\Statistics\20\Eclipse\configuration\nl\en_US\org.eclipse.update\history\1335896691846.xml
[2011/01/01 01:14:00 | 000,002,254 | R--- | M] () -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$RR7B633\eula.txt
[2012/06/29 17:54:52 | 002,134,616 | ---- | M] (Kaspersky Lab ZAO) -- c:\$recycle.bin\S-1-5-21-725012988-2077640657-2150448371-1000\$RR7B633\TDSSKiller.exe

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< MD5 for: AGP440.SYS >
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\ERDNT\cache64\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2010/11/21 04:24:27 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\SysNative\autochk.exe
[2010/11/21 04:24:27 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_4019f2b8d860ad30\autochk.exe
[2010/11/21 04:23:53 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\SysWOW64\autochk.exe
[2010/11/21 04:23:53 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe

< MD5 for: BEEP.SYS >
[2009/07/14 01:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=16A47CE2DECC9B099349A5F840654746 -- C:\Windows\SysNative\drivers\beep.sys
[2009/07/14 01:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=16A47CE2DECC9B099349A5F840654746 -- C:\Windows\winsxs\amd64_microsoft-windows-beepsys_31bf3856ad364e35_6.1.7600.16385_none_201592fa214e4f02\beep.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache86\cngaudit.dll
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\ERDNT\cache64\cngaudit.dll
[2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: EXPLORER.EXE >
[2011/02/26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\ERDNT\cache86\explorer.exe
[2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Oleuanna\AppData\Local\Temp\RarSFX0\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Oleuanna\AppData\Local\Temp\RarSFX2\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Oleuanna\AppData\Local\Temp\RarSFX3\procs\explorer.exe
[2011/01/16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Oleuanna\AppData\Local\Temp\RarSFX4\procs\explorer.exe
[2010/11/21 04:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Oleuanna\AppData\Local\Temp\RarSFX0\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Oleuanna\AppData\Local\Temp\RarSFX2\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Oleuanna\AppData\Local\Temp\RarSFX3\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Oleuanna\AppData\Local\Temp\RarSFX4\h\explorer.exe
[2010/11/21 04:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2008/04/29 16:42:08 | 000,090,624 | ---- | M] () MD5=FBB39A4487E11F64DCFFD36AEC2D2216 -- C:\Program Files\CheckPoint\ZAForceField\Heuristics\explorer.exe

< MD5 for: IASTOR.SYS >
[2011/01/13 02:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\Windows\SysNative\drivers\iaStor.sys
[2011/01/13 02:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_a36325196df56f7d\iaStor.sys

< MD5 for: IASTORV.SYS >
[2010/11/21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010/11/21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011/03/11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011/03/11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys

< MD5 for: KERNEL32.DLL >
[2011/07/16 06:28:00 | 001,163,264 | ---- | M] (Microsoft Corporation) MD5=27AC02D8EE4C02E7648C41CB880151DA -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.21772_none_f22aa945863b24d8\kernel32.dll
[2010/11/21 04:24:07 | 001,161,216 | ---- | M] (Microsoft Corporation) MD5=7A6326D96D53048FDEC542DF23D875A0 -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17514_none_f1e3eab06ceb12ef\kernel32.dll
[2011/07/16 05:24:22 | 001,114,112 | ---- | M] (Microsoft Corporation) MD5=99C3F8E9CC59D95666EB8D8A8B4C2BEB -- C:\Windows\ERDNT\cache86\kernel32.dll
[2011/07/16 05:24:22 | 001,114,112 | ---- | M] (Microsoft Corporation) MD5=99C3F8E9CC59D95666EB8D8A8B4C2BEB -- C:\Windows\SysWOW64\kernel32.dll
[2011/07/16 05:24:22 | 001,114,112 | ---- | M] (Microsoft Corporation) MD5=99C3F8E9CC59D95666EB8D8A8B4C2BEB -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17651_none_fc0a565aa16ef5d0\kernel32.dll
[2011/07/16 06:37:12 | 001,162,752 | ---- | M] (Microsoft Corporation) MD5=B9B42A302325537D7B9DC52D47F33A73 -- C:\Windows\ERDNT\cache64\kernel32.dll
[2011/07/16 06:37:12 | 001,162,752 | ---- | M] (Microsoft Corporation) MD5=B9B42A302325537D7B9DC52D47F33A73 -- C:\Windows\SysNative\kernel32.dll
[2011/07/16 06:37:12 | 001,162,752 | ---- | M] (Microsoft Corporation) MD5=B9B42A302325537D7B9DC52D47F33A73 -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17651_none_f1b5ac086d0e33d5\kernel32.dll
[2011/07/16 05:49:33 | 001,114,112 | ---- | M] (Microsoft Corporation) MD5=D3CB12854171DF61D117D7C2BF22C675 -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.21772_none_fc7f5397ba9be6d3\kernel32.dll
[2010/11/21 04:24:15 | 000,837,632 | ---- | M] (Microsoft Corporation) MD5=E80758CF485DB142FCA1EE03A34EAD05 -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17514_none_fc389502a14bd4ea\kernel32.dll

< MD5 for: MSWSOCK.DLL >
[2010/11/21 04:24:00 | 000,326,144 | ---- | M] (Microsoft Corporation) MD5=1D5185A4C7E6695431AE4B55C3D7D333 -- C:\Windows\ERDNT\cache64\mswsock.dll
[2010/11/21 04:24:00 | 000,326,144 | ---- | M] (Microsoft Corporation) MD5=1D5185A4C7E6695431AE4B55C3D7D333 -- C:\Windows\SysNative\mswsock.dll
[2010/11/21 04:24:00 | 000,326,144 | ---- | M] (Microsoft Corporation) MD5=1D5185A4C7E6695431AE4B55C3D7D333 -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_16795c7543eb48cf\mswsock.dll
[2010/11/21 04:24:09 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\ERDNT\cache86\mswsock.dll
[2010/11/21 04:24:09 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\SysWOW64\mswsock.dll
[2010/11/21 04:24:09 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_ba5ac0f18b8dd799\mswsock.dll

< MD5 for: NDIS.SYS >
[2011/05/14 20:35:25 | 000,950,656 | ---- | M] (Microsoft Corporation) MD5=303310C91F8C0740ED1C76851C759874 -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.21628_none_066fff3d4bd0b870\ndis.sys
[2010/11/21 04:23:55 | 000,951,680 | ---- | M] (Microsoft Corporation) MD5=79B47FD40D9A817E932F9D26FAC0A81C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17514_none_05ed313632ae9759\ndis.sys
[2011/05/14 20:35:25 | 000,951,680 | ---- | M] (Microsoft Corporation) MD5=C38B8AE57F78915905064A9A24DC1586 -- C:\Windows\ERDNT\cache64\ndis.sys
[2011/05/14 20:35:25 | 000,951,680 | ---- | M] (Microsoft Corporation) MD5=C38B8AE57F78915905064A9A24DC1586 -- C:\Windows\SysNative\drivers\ndis.sys
[2011/05/14 20:35:25 | 000,951,680 | ---- | M] (Microsoft Corporation) MD5=C38B8AE57F78915905064A9A24DC1586 -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17530_none_05d3903632c269df\ndis.sys

< MD5 for: NETLOGON.DLL >
[2010/11/21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\ERDNT\cache64\netlogon.dll
[2010/11/21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010/11/21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\ERDNT\cache86\netlogon.dll
[2010/11/21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010/11/21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll

< MD5 for: NTFS.SYS >
[2010/11/21 04:23:55 | 001,659,776 | ---- | M] (Microsoft Corporation) MD5=05D78AA5CB5F3F5C31160BDB955D0B7C -- C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17514_none_04972f2c338b23d4\ntfs.sys
[2011/03/11 07:19:20 | 001,659,776 | ---- | M] (Microsoft Corporation) MD5=87B104128D4D3BA3C13098BAEBF38082 -- C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.21680_none_04d11b5b4ce521d9\ntfs.sys
[2011/03/11 07:41:34 | 001,659,776 | ---- | M] (Microsoft Corporation) MD5=A2F74975097F52A00745F9637451FDD8 -- C:\Windows\ERDNT\cache64\ntfs.sys
[2011/03/11 07:41:34 | 001,659,776 | ---- | M] (Microsoft Corporation) MD5=A2F74975097F52A00745F9637451FDD8 -- C:\Windows\SysNative\drivers\ntfs.sys
[2011/03/11 07:41:34 | 001,659,776 | ---- | M] (Microsoft Corporation) MD5=A2F74975097F52A00745F9637451FDD8 -- C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17577_none_0459508233b9177f\ntfs.sys

< MD5 for: NVSTOR.SYS >
[2011/03/11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011/03/11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

< MD5 for: PROQUOTA.EXE >
[2010/11/21 04:24:32 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=2E77BAB79F078654782F83F0A0AEFE31 -- C:\Windows\SysWOW64\proquota.exe
[2010/11/21 04:24:32 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=2E77BAB79F078654782F83F0A0AEFE31 -- C:\Windows\winsxs\x86_microsoft-windows-proquota_31bf3856ad364e35_6.1.7601.17514_none_29ce61c2f0a740f4\proquota.exe
[2010/11/21 04:24:16 | 000,031,744 | ---- | M] (Microsoft Corporation) MD5=C6C83C0DF40E11FA1F06625E95E41DE7 -- C:\Windows\SysNative\proquota.exe
[2010/11/21 04:24:16 | 000,031,744 | ---- | M] (Microsoft Corporation) MD5=C6C83C0DF40E11FA1F06625E95E41DE7 -- C:\Windows\winsxs\amd64_microsoft-windows-proquota_31bf3856ad364e35_6.1.7601.17514_none_85ecfd46a904b22a\proquota.exe

< MD5 for: QMGR.DLL >
[2010/11/21 04:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\ERDNT\cache64\qmgr.dll
[2010/11/21 04:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\SysNative\qmgr.dll
[2010/11/21 04:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_81b6ca5c101195cd\qmgr.dll

< MD5 for: SCECLI.DLL >
[2010/11/21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\ERDNT\cache86\scecli.dll
[2010/11/21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010/11/21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\ERDNT\cache64\scecli.dll
[2010/11/21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010/11/21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

< MD5 for: SPOOLSV.EXE >
[2010/11/21 04:24:27 | 000,559,104 | ---- | M] (Microsoft Corporation) MD5=B96C17B5DC1424D56EEA3A99E97428CD -- C:\Windows\ERDNT\cache64\spoolsv.exe
[2010/11/21 04:24:27 | 000,559,104 | ---- | M] (Microsoft Corporation) MD5=B96C17B5DC1424D56EEA3A99E97428CD -- C:\Windows\SysNative\spoolsv.exe
[2010/11/21 04:24:27 | 000,559,104 | ---- | M] (Microsoft Corporation) MD5=B96C17B5DC1424D56EEA3A99E97428CD -- C:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.17514_none_3471a890d8284f57\spoolsv.exe

< MD5 for: SVCHOST.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache86\svchost.exe
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\ERDNT\cache64\svchost.exe
[2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
[2008/07/01 14:17:12 | 000,090,624 | ---- | M] () MD5=FBB39A4487E11F64DCFFD36AEC2D2216 -- C:\Program Files\CheckPoint\ZAForceField\Heuristics\svchost.exe

< MD5 for: TERMSRV.DLL >
[2010/11/21 04:24:07 | 000,680,960 | ---- | M] (Microsoft Corporation) MD5=2E648163254233755035B46DD7B89123 -- C:\Windows\ERDNT\cache64\termsrv.dll
[2010/11/21 04:24:07 | 000,680,960 | ---- | M] (Microsoft Corporation) MD5=2E648163254233755035B46DD7B89123 -- C:\Windows\SysNative\termsrv.dll
[2010/11/21 04:24:07 | 000,680,960 | ---- | M] (Microsoft Corporation) MD5=2E648163254233755035B46DD7B89123 -- C:\Windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.17514_none_ecc547376ae3a1a3\termsrv.dll

< MD5 for: USERINIT.EXE >
[2010/11/21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache86\userinit.exe
[2010/11/21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Oleuanna\AppData\Local\Temp\RarSFX0\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Oleuanna\AppData\Local\Temp\RarSFX2\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Oleuanna\AppData\Local\Temp\RarSFX3\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Oleuanna\AppData\Local\Temp\RarSFX4\userinit.exe
[2010/11/21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\ERDNT\cache64\userinit.exe
[2010/11/21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:5C321E34

< End of report >

OTL Extras logfile created on: 7/8/2012 4:17:14 PM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Oleuanna\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.80 Gb Total Physical Memory | 1.53 Gb Available Physical Memory | 40.30% Memory free
7.60 Gb Paging File | 4.79 Gb Available in Paging File | 63.03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 684.72 Gb Total Space | 366.25 Gb Free Space | 53.49% Space Free | Partition Type: NTFS
Drive D: | 13.62 Gb Total Space | 1.52 Gb Free Space | 11.18% Space Free | Partition Type: NTFS

Computer Name: OLEUANNA-HP | User Name: Oleuanna | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0373848C-007A-4766-B12E-676B1A68838D}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{0F1A42CB-8C9E-40CD-B968-D19F381C7A13}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{18EED515-B73D-433B-9537-5F53E755AC67}" = rport=139 | protocol=6 | dir=out | app=system |
"{2A166D28-EEBC-4066-A69C-1D009008C113}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2A90E2AB-C1D7-49EB-9552-27E57CEE99CA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{31DA1F9D-8E34-4FEB-AFCD-BB7ED4926C49}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{342D75B3-AFAC-40F9-8589-70A772161A74}" = rport=10243 | protocol=6 | dir=out | app=system |
"{415B9216-C1C6-484B-9D7C-5A3313DAB96D}" = lport=10243 | protocol=6 | dir=in | app=system |
"{5054BE62-F876-4FD0-BD3D-8B54A2B298D4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5ADEE8C7-BF93-4790-934E-900B56BE3660}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{5BA67416-BBA1-4268-8A3E-8B3FD7F465F1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5F346465-C50A-4C33-981F-DF64C79611B8}" = rport=137 | protocol=17 | dir=out | app=system |
"{69A77D36-4D47-4937-A5D8-72B146C75909}" = lport=137 | protocol=17 | dir=in | app=system |
"{8039CB29-08CD-42C4-B31D-8F16EEF19879}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{942B2855-8696-4CF8-8C23-7FDEAE3B4B08}" = lport=445 | protocol=6 | dir=in | app=system |
"{9AD37F36-BC48-4AFB-B1AD-CFF8B03474E7}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A558036E-0626-49D6-A87B-B63995E6165F}" = rport=445 | protocol=6 | dir=out | app=system |
"{B70FAFEB-56E1-4BA4-ADD9-13E21008B32D}" = lport=139 | protocol=6 | dir=in | app=system |
"{B9BFB06D-479C-4AD4-9B19-74938920A335}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CDFD70CD-3CF8-4B0A-A42C-E25EC3AA5A10}" = lport=138 | protocol=17 | dir=in | app=system |
"{DD78DD7B-79A6-4379-8819-C7DF59E6CD2A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E4EA3A7E-9CB1-4E95-B57A-B9F1D2D162DF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E7E47CA4-FB83-4AFF-8FEA-8C522DEFBBA8}" = rport=138 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05A27D3F-EBD1-4154-8512-714733CE4698}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{05E61F3F-13A9-4EAA-BB1E-9059B7551702}" = protocol=6 | dir=in | app=c:\users\oleuanna\appdata\roaming\dropbox\bin\dropbox.exe |
"{079A151B-9F91-4A5C-A64F-130F2C57E42C}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{13F001D7-2BF7-4555-8089-CA96DEC950EE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1419CBDC-C6A6-4F84-9522-AFCC05C2A147}" = dir=in | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe |
"{1BC3CFBF-66B1-49FA-A951-D7231B16F765}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{2408C1EE-8C38-4BEA-A81D-97D4B7EE097E}" = dir=in | app=c:\program files (x86)\easybits for kids\ezdesktop.exe |
"{36988E26-0779-489C-885B-A95247EDE955}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{38A78803-5E25-45C9-B3BE-4310ED32D77C}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{38DF6115-5309-4F9A-8AAB-2BE7E6D7F342}" = dir=in | app=c:\windows\system32\ezsharedsvchost.exe |
"{3B3FD1A8-08DB-4A2A-A0CB-79BA3EBF2DD9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{40421FEB-E30E-4041-909B-1F4A857794F8}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{426690AA-AB46-46D2-98E8-00A0C192D42E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{49B19453-FE3D-4DAA-B43F-8752F807CB73}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{4AC1D1E1-655E-4167-9A7D-30A0917A18B1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4C3E733D-727B-4B43-B91C-F9D6AD7DBC46}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{4F57B5B1-A44C-4A74-AAC2-418F94900ED1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{56C3F3AF-E576-4A60-97E3-B56A01A1171F}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{5AC7C699-B18F-4880-9F19-2CCB94AD625E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{614E3CD8-20D9-4E3E-8F51-0A6A099003FA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65A0C51D-D6B2-418F-A48F-A1994D00E4E9}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{6E3068E2-E38B-4AA4-9DB1-79BAD7920A90}" = protocol=6 | dir=out | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\support\bin\win\rosettastoneltdservices.exe |
"{70C6752F-9650-407E-82C4-757046A40644}" = protocol=17 | dir=in | app=c:\users\oleuanna\appdata\roaming\dropbox\bin\dropbox.exe |
"{71534C3C-4FFB-49B8-B038-DBE9DC082263}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{718E693B-5C9B-4FA9-A6BB-7144BB09BCD1}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{8684ABBC-B777-462A-93C8-77539A44F5FF}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{911024C9-AC56-444D-8CD3-3F90DD0F6D56}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{93B7DF76-80B1-4024-ACA8-113835F3BA8D}" = protocol=6 | dir=out | app=system |
"{995A7E94-A673-44DC-9029-D28D22BEA910}" = protocol=6 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"{9A16CEE6-6B0A-44E3-BA82-5733AD0D7911}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{A7D3A7DD-FE83-423F-9637-FF2F855F4A85}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B954E2A7-261D-4E87-A081-9B1DBA659CD7}" = protocol=6 | dir=out | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe |
"{CA170C69-975A-4D16-AC46-3BE16560F40F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CA587C3E-B4A7-412E-9572-0C09701D4E93}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CE28CFF4-58EC-4839-A89F-FF0090168EEA}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{D23805B3-CDD3-473D-A8C4-3BF77E6A1705}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D43AD65C-7684-4219-95E9-56004F6106BE}" = protocol=17 | dir=in | app=c:\program files (x86)\veoh networks\veohwebplayer\veohwebplayer.exe |
"{D7A8414E-F10F-4AF6-8511-06318453A410}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{DAD46D5F-D69A-4201-B052-878D400DF3B2}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{E0701BE6-7451-4862-A261-DE01A13720B0}" = dir=in | app=c:\program files (x86)\rosetta stone\rosetta stone version 3\rosettastoneversion3.exe |
"{E6328DA3-BCA9-4819-A07D-253E981AB362}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{EA1C71D3-8412-43CB-A6EE-832C6852CB3F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{EB06E227-DF14-4CF1-8435-7247132D35F0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EDCE0E53-0E88-46D4-9DB1-21F0337230B9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{F4D23886-806A-4335-BEB0-B0342CCB2BF4}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{FAE1DCAC-2303-4C8A-8830-9050F5F0F592}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{3C8159DD-1890-4625-A5B2-E3D8D78D4486}" = AVG 2012
"{49A4F76E-4285-4AEE-9D5D-9CCE5E86AA8F}" = AVG 2012
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240D3}" = WinZip 16.5
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2012
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics TouchPad Driver
"ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{210A03F5-B2ED-4947-B27E-516F50CBB292}" = HP Setup
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{31EEA563-3544-4EA1-8773-BCBF83F9627A}" = HP Software Framework
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{3E9E68FB-49FA-410A-8787-424F2A506E0F}" = Business Plan Pro 15th Anniversary Edition
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5884CB45-C54B-4550-BAD5-3E060FD75D17}" = ZoneAlarm Firewall
"{5E63C0AB-19B0-47D4-842E-6B324EB0614B}" = HP Connection Manager
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6C453C9C-38AE-494D-BF89-7AA0DE87F3E5}" = HP Documentation
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{80F7CA44-F3A5-4853-8BA6-DDF57CD4F078}" = Rosetta Stone Version 3
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{872B1C80-38EC-4A31-A25C-980820593900}" = HP Power Manager
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1" = Free Alarm Clock 2.7.0
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT5390 802.11b/g/n WiFi Adapter
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B9B8EE4-2EDB-41C2-AF2E-63E75D37CDDF}" = HP On Screen Display
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3E8FC19-2107-49DA-967F-23E1B5210D9C}" = ZoneAlarm Security
"{A7765932-77D6-E0B2-1B27-E2973B5E1BD5}" = TweetDeck
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.3) MUI
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{B51D1A7C-7620-4899-BF63-F5E0192D615A}" = Tweet Adder 3
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DBCD5E64-7379-4648-9444-8A6558DCB614}" = Recovery Manager
"{DC10C616-22E5-40AD-A3EA-3E7A957ECDC7}" = Movie Magic Screenwriter 6
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E96CAA2A-0244-4A2A-8403-0C3C9534778B}" = ESU for Microsoft Windows 7 SP1
"{EB58480C-0721-483C-B354-9D35A147999F}" = HP Quick Launch
"{F012A635-8E2C-4AF2-BD46-C508D00289B2}" = ZoneAlarm Antivirus
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"DAEMON Tools Pro" = DAEMON Tools Pro
"FeedDemon_is1" = FeedDemon
"FileZilla Client" = FileZilla Client 3.5.3
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"System Explorer_is1" = System Explorer 3.5.2
"Trusted Software Assistant_is1" = File Type Assistant
"TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1" = TweetDeck
"VLC media player" = VLC media player 2.0.1
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WT087328" = Blackhawk Striker 2
"WT087330" = Bounce Symphony
"WT087335" = Build-a-lot 2
"WT087343" = Dora's World Adventure
"WT087393" = Mah Jong Medley
"WT087394" = Penguins!
"WT087395" = Poker Superstars III
"WT087396" = Polar Bowler
"WT087397" = Polar Golfer
"WT087536" = Diner Dash 2 Restaurant Rescue
"WT089307" = Virtual Villagers 4 - The Tree of Life
"WT089308" = Blasterball 3
"WT089328" = Farm Frenzy
"WT089359" = Cake Mania
"WT089362" = Agatha Christie - Peril at End House
"WT089453" = Bejeweled 2 Deluxe
"WT089454" = Chuzzle Deluxe
"WT089455" = Zuma Deluxe
"WT089457" = Slingo Supreme
"WT089458" = Plants vs. Zombies - Game of the Year
"WT089470" = FATE - The Traitor Soul
"WT089484" = Namco All-Stars PAC-MAN
"WT089496" = Mystery P.I. - Stolen in San Francisco
"WT089498" = Bejeweled 3
"WT089504" = Final Drive Nitro
"ZoneAlarm Free Antivirus + Firewall" = ZoneAlarm Free Antivirus + Firewall
"ZoneAlarm Security Toolbar" = ZoneAlarm Security Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/6/2012 8:30:16 PM | Computer Name = Oleuanna-hp | Source = WinMgmt | ID = 10
Description =

Error - 7/6/2012 8:47:47 PM | Computer Name = Oleuanna-hp | Source = Application Hang | ID = 1002
Description = The program ComboFix.exe version 12.7.6.2 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1368 Start
Time: 01cd5bd7d548604a Termination Time: 60000 Application Path: C:\Users\Oleuanna\Desktop\ComboFix.exe

Report
Id:

Error - 7/7/2012 12:09:35 AM | Computer Name = Oleuanna-hp | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = Application or service 'Windows Search' could not be shut down.

Error - 7/7/2012 12:24:02 AM | Computer Name = Oleuanna-hp | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = Application or service 'Windows Live Mail' could not be shut down.

Error - 7/7/2012 12:31:38 AM | Computer Name = Oleuanna-hp | Source = WinMgmt | ID = 10
Description =

Error - 7/7/2012 11:54:54 AM | Computer Name = Oleuanna-hp | Source = WinMgmt | ID = 10
Description =

Error - 7/7/2012 8:12:31 PM | Computer Name = Oleuanna-hp | Source = WinMgmt | ID = 10
Description =

Error - 7/7/2012 10:32:44 PM | Computer Name = Oleuanna-hp | Source = Application Hang | ID = 1002
Description = The program FeedDemon.exe version 4.0.0.22 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 2944 Start
Time: 01cd5cb1a1a75d72 Termination Time: 8 Application Path: C:\Program Files (x86)\FeedDemon\FeedDemon.exe

Report
Id: 2e981d4d-c8a5-11e1-b79c-2c27d7ec1c8a

Error - 7/8/2012 12:11:13 AM | Computer Name = Oleuanna-hp | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16446 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 3208 Start
Time: 01cd5cbf9cbd7764 Termination Time: 37 Application Path: C:\Program Files\Internet
Explorer\iexplore.exe Report Id:

Error - 7/8/2012 12:40:10 AM | Computer Name = Oleuanna-hp | Source = WinMgmt | ID = 10
Description =

Error - 7/8/2012 11:09:57 AM | Computer Name = Oleuanna-hp | Source = WinMgmt | ID = 10
Description =

[ Hewlett-Packard Events ]
Error - 5/18/2012 4:42:51 AM | Computer Name = Oleuanna-hp | Source = HPSF.exe | ID = 4000
Description =

Error - 5/18/2012 4:42:59 AM | Computer Name = Oleuanna-hp | Source = HPSF.exe | ID = 4000
Description =

Error - 5/18/2012 4:43:09 AM | Computer Name = Oleuanna-hp | Source = HPSF.exe | ID = 4000
Description =

Error - 5/24/2012 12:09:30 AM | Computer Name = Oleuanna-hp | Source = HPSFMsgr.exe | ID = 2000
Description = HP Error ID: -2147467259 at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
startInfo) at System.Diagnostics.Process.Start(ProcessStartInfo startInfo)
at HPSA_Messenger.Utilities.TaskScheduler.DeleteTask(ScheduleTask task) Message:
Illegal operation attempted on a registry key that has been marked for deletion StackTrace:
at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo startInfo)

at System.Diagnostics.Process.Start(ProcessStartInfo startInfo) at HPSA_Messenger.Utilities.TaskScheduler.DeleteTask(ScheduleTask
task) Source: System Name: HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files
(x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe
Format:
en-US RAM: 3893 Ram Utilization: 40 TargetSite: Boolean StartWithShellExecuteEx(System.Diagnostics.ProcessStartInfo)


Error - 5/24/2012 12:09:38 AM | Computer Name = Oleuanna-hp | Source = HPSFMsgr.exe | ID = 2000
Description = HP Error ID: -2147467259HPSFMsgr.exe at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo
startInfo) at System.Diagnostics.Process.Start(ProcessStartInfo startInfo)
at HPSA_Messenger.Utilities.TaskScheduler.DeleteTask(ScheduleTask task) Message:
Illegal operation attempted on a registry key that has been marked for deletion StackTrace:
at System.Diagnostics.Process.StartWithShellExecuteEx(ProcessStartInfo startInfo)

at System.Diagnostics.Process.Start(ProcessStartInfo startInfo) at HPSA_Messenger.Utilities.TaskScheduler.DeleteTask(ScheduleTask
task) Source: System Name: HPSFMsgr.exe Version: 01.00.00.00 Path: C:\Program Files
(x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe
Format:
en-US RAM: 3893 Ram Utilization: 40 TargetSite: Boolean StartWithShellExecuteEx(System.Diagnostics.ProcessStartInfo)


Error - 6/1/2012 4:43:40 AM | Computer Name = Oleuanna-hp | Source = HPSF.exe | ID = 4000
Description =

Error - 6/1/2012 4:45:10 AM | Computer Name = Oleuanna-hp | Source = HPSF.exe | ID = 4000
Description =

Error - 6/1/2012 4:46:00 AM | Computer Name = Oleuanna-hp | Source = HPSF.exe | ID = 4000
Description =

Error - 6/1/2012 4:46:54 AM | Computer Name = Oleuanna-hp | Source = HPSF.exe | ID = 4000
Description =

Error - 6/1/2012 4:47:41 AM | Computer Name = Oleuanna-hp | Source = HPSF.exe | ID = 4000
Description =

[ HP Connection Manager Events ]
Error - 7/8/2012 12:37:44 AM | Computer Name = Oleuanna-hp | Source = hpCMSrv | ID = 5
Description = 2012/07/08 05:37:44.000|00001574|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 7/8/2012 12:37:45 AM | Computer Name = Oleuanna-hp | Source = hpCMSrv | ID = 5
Description = 2012/07/08 05:37:45.996|00001574|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 7/8/2012 12:37:55 AM | Computer Name = Oleuanna-hp | Source = hpCMSrv | ID = 5
Description = 2012/07/08 05:37:55.996|00001574|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 7/8/2012 12:37:57 AM | Computer Name = Oleuanna-hp | Source = hpCMSrv | ID = 5
Description = 2012/07/08 05:37:57.993|00001574|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 7/8/2012 12:38:01 AM | Computer Name = Oleuanna-hp | Source = hpCMSrv | ID = 5
Description = 2012/07/08 05:38:01.986|00001574|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 7/8/2012 12:38:03 AM | Computer Name = Oleuanna-hp | Source = hpCMSrv | ID = 5
Description = 2012/07/08 05:38:03.999|00001574|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 7/8/2012 12:38:05 AM | Computer Name = Oleuanna-hp | Source = hpCMSrv | ID = 5
Description = 2012/07/08 05:38:05.996|00001574|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 7/8/2012 12:38:09 AM | Computer Name = Oleuanna-hp | Source = hpCMSrv | ID = 5
Description = 2012/07/08 05:38:09.989|00001574|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

Error - 7/8/2012 11:04:50 AM | Computer Name = Oleuanna-hp | Source = hpMobile | ID = 5
Description = 2012/07/08 16:04:50.361|00000A04|Error |[HP.Mobile]Wwan::<InternalIPAddressChangedEx>b__21{void()}|

Error - 7/8/2012 11:07:09 AM | Computer Name = Oleuanna-hp | Source = hpCMSrv | ID = 5
Description = 2012/07/08 16:07:09.164|00001774|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

[ System Events ]
Error - 7/6/2012 8:30:10 PM | Computer Name = Oleuanna-hp | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Avgrkx64

Error - 7/7/2012 12:32:01 AM | Computer Name = Oleuanna-hp | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Avgrkx64

Error - 7/7/2012 8:01:05 AM | Computer Name = Oleuanna-hp | Source = DCOM | ID = 10010
Description =

Error - 7/7/2012 11:10:44 AM | Computer Name = Oleuanna-hp | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Wlansvc service.

Error - 7/7/2012 11:54:46 AM | Computer Name = Oleuanna-hp | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Avgrkx64

Error - 7/7/2012 8:12:24 PM | Computer Name = Oleuanna-hp | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Avgrkx64

Error - 7/8/2012 12:40:04 AM | Computer Name = Oleuanna-hp | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Avgrkx64

Error - 7/8/2012 11:04:40 AM | Computer Name = Oleuanna-hp | Source = DCOM | ID = 10010
Description =

Error - 7/8/2012 11:04:54 AM | Computer Name = Oleuanna-hp | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{26791476-3B6B-4D07-8470-FC7F2BC2C906}
because another computer on the network has the same name. The server could not
start.

Error - 7/8/2012 11:09:59 AM | Computer Name = Oleuanna-hp | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Avgrkx64


< End of report >

#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,764 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:54 PM

Posted 08 July 2012 - 01:40 PM

Noting suspect in that OTL log.

Try this.

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 3 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.

rkill.exe
rkill.com
rkill.scr

It is possible that the infection you are trying to remove will not allow you to download files on the infected computer. If this is the case, then you will need to download the files requested on another computer and then transfer them to the desktop of the infected computer. You can transfer the files via a CD/DVD, external drive, or USB flash drive.

When completed it will create a log. Please post the content on your next reply.
===

DO NOT RESTART THE COMPUTER.

Disable your security software.

Run ComboFix and post the log if you get one.

#11 Oleuanna

Oleuanna
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:05:54 PM

Posted 08 July 2012 - 09:43 PM

Not sure how inhibiting my actions were but I had to do your above instructions in safe mode as Combofix just won't run otherwise. Anyway below are the results.


This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 09/07/2012 at 2:52:12.
Operating System: Windows 7 Home Premium


Processes terminated by Rkill or while it was running:

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Users\Oleuanna\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Oleuanna\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Oleuanna\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Oleuanna\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Oleuanna\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Oleuanna\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Oleuanna\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Oleuanna\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Oleuanna\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Oleuanna\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Oleuanna\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Oleuanna\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Oleuanna\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Oleuanna\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Oleuanna\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Oleuanna\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Oleuanna\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Oleuanna\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Oleuanna\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Oleuanna\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe


Rkill completed on 09/07/2012 at 2:52:30.

ComboFix 12-07-06.02 - Oleuanna 09/07/2012 3:00.11.4 - x64 MINIMAL
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3894.2615 [GMT 1:00]
Running from: c:\users\Oleuanna\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Outdated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: ZoneAlarm Antivirus *Enabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
FW: ZoneAlarm Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Outdated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ZoneAlarm Anti-Spyware *Enabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-06-09 to 2012-07-09 )))))))))))))))))))))))))))))))
.
.
2012-07-09 02:20 . 2012-07-09 02:20 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-07-09 02:20 . 2012-07-09 02:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-06 10:06 . 2012-07-06 10:22 -------- d-----w- c:\program files (x86)\Common Files\DivX Shared
2012-07-06 01:41 . 2012-07-06 01:41 -------- d-----w- C:\wp-admin
2012-07-06 00:30 . 2012-07-06 00:30 -------- d-----w- c:\program files (x86)\FileZilla FTP Client
2012-07-03 04:03 . 2012-07-03 04:03 -------- d-----w- c:\program files (x86)\FreeAlarmClock
2012-07-03 00:03 . 2012-07-07 04:25 -------- d-----w- c:\program files (x86)\Windows Live
2012-07-03 00:02 . 2012-07-03 00:02 -------- d-----w- c:\windows\PCHEALTH
2012-07-03 00:00 . 2012-07-03 12:05 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-07-02 04:50 . 2012-07-02 04:50 -------- d-----w- c:\program files (x86)\Tweet Adder 3
2012-06-30 14:18 . 2012-06-30 14:18 -------- d-----w- c:\program files (x86)\AVG Secure Search
2012-06-29 22:45 . 2012-06-30 14:18 -------- d-----w- c:\programdata\AVG Secure Search
2012-06-29 20:06 . 2012-06-29 20:06 -------- d-----w- c:\programdata\McAfee
2012-06-29 17:14 . 2012-06-29 17:14 -------- d-----w- c:\programdata\Sophos
2012-06-29 16:05 . 2012-06-29 16:05 -------- d-----w- c:\program files (x86)\Trend Micro
2012-06-29 14:57 . 2012-06-30 14:57 -------- d-----w- c:\users\Oleuanna\Pavark
2012-06-29 14:47 . 2012-06-29 14:47 -------- d-s---w- c:\windows\SysWow64\Microsoft
2012-06-29 01:52 . 2012-06-29 20:52 -------- d-----w- c:\users\Oleuanna\AppData\Roaming\AVG2012
2012-06-29 01:52 . 2012-06-29 01:52 -------- d-----w- c:\users\Oleuanna\AppData\Local\AVG Secure Search
2012-06-29 01:50 . 2012-06-29 20:51 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-06-29 01:50 . 2012-07-08 17:32 -------- d-----w- c:\windows\system32\drivers\AVG
2012-06-29 01:50 . 2012-06-29 01:50 -------- d-----w- C:\$AVG
2012-06-28 16:23 . 2012-06-28 16:23 -------- d-----w- c:\users\Oleuanna\AppData\Local\twitter
2012-06-23 14:06 . 2012-06-23 14:06 -------- d-----w- c:\users\Oleuanna\AppData\Roaming\com.socialbro.air
2012-06-22 11:37 . 2012-06-22 11:37 -------- d-----w- c:\users\Oleuanna\AppData\Local\IsolatedStorage
2012-06-22 11:37 . 2012-06-22 11:37 -------- d-----w- c:\programdata\IsolatedStorage
2012-06-22 11:37 . 2012-06-29 20:52 -------- d-----w- c:\users\Oleuanna\AppData\Local\Palo_Alto_Software
2012-06-22 11:37 . 2012-07-02 02:00 -------- d-----w- c:\users\Oleuanna\AppData\Roaming\bppenu11
2012-06-22 11:32 . 2012-06-22 11:32 -------- d-----w- c:\program files (x86)\Business Plan Pro
2012-06-22 11:28 . 2012-06-22 11:28 -------- d-----w- c:\users\Oleuanna\AppData\Local\Downloaded Installations
2012-06-22 03:15 . 2012-06-22 03:15 -------- d-----w- c:\windows\maxdrive
2012-06-22 02:43 . 2012-07-03 16:21 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-06-22 02:43 . 2012-07-06 10:34 -------- d-----w- c:\programdata\AVAST Software
2012-06-22 02:43 . 2012-07-05 23:06 -------- d-----w- c:\program files\AVAST Software
2012-06-22 02:02 . 2010-01-10 17:40 118784 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL
2012-06-21 15:38 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 15:38 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 15:38 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 15:38 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 15:38 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 15:38 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 15:38 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 15:38 . 2012-06-02 14:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 15:38 . 2012-06-02 14:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-16 19:21 . 2012-06-16 19:21 -------- d-----w- c:\users\Oleuanna\AppData\Local\Macromedia
2012-06-12 00:11 . 2012-06-12 00:11 -------- d-----w- c:\windows\Sun
2012-06-11 23:44 . 2012-06-19 22:09 -------- d-----w- c:\users\Oleuanna\AppData\Local\CRE
2012-06-10 08:53 . 2012-07-01 04:34 -------- d-----w- c:\program files (x86)\Amazon
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-03 00:02 . 2011-03-28 17:36 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-06-29 20:06 . 2012-03-29 10:26 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-29 20:06 . 2011-10-19 19:31 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-22 03:15 . 2012-05-19 11:20 45 ----a-w- c:\windows\look.bat
2012-05-31 20:35 . 2012-05-31 20:36 955848 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-05-31 20:35 . 2011-05-14 20:07 839112 ----a-w- c:\windows\system32\deployJava1.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2012-06-18_10.44.49 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2012-07-09 02:23 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-06-18 10:44 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-06-18 10:44 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-09 02:23 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-09 02:23 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-18 10:44 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-21 03:09 . 2012-07-09 02:25 84648 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-09 02:25 49938 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-10-19 16:19 . 2012-07-09 02:25 16616 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-725012988-2077640657-2150448371-1000_UserData.bin
+ 2011-12-23 12:32 . 2011-12-23 12:32 47696 c:\windows\system32\drivers\avgmfx64.sys
+ 2011-12-23 12:32 . 2011-12-23 12:32 29776 c:\windows\system32\drivers\avgidsfiltera.sys
+ 2011-10-19 15:41 . 2012-07-06 10:09 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-10-19 15:41 . 2012-06-15 09:02 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-10-19 15:40 . 2012-06-15 09:02 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-10-19 15:40 . 2012-07-06 10:09 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-15 09:02 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-06 10:09 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:46 . 2012-06-15 20:43 96856 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2009-07-14 04:46 . 2012-07-07 20:40 96856 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-07-03 00:03 . 2012-07-03 00:03 29184 c:\windows\Installer\b9a227.msp
+ 2012-07-03 00:03 . 2012-07-03 00:03 67072 c:\windows\Installer\b9a221.msi
+ 2012-07-02 23:59 . 2012-07-02 23:59 26112 c:\windows\Installer\b9a188.msi
+ 2010-03-31 22:41 . 2010-03-31 22:41 41984 c:\windows\Installer\b9a175.msi
+ 2012-07-03 00:06 . 2012-07-03 00:06 80395 c:\windows\Installer\{E5B21F11-6933-4E0B-A25C-7963E3C07D11}\MsblIco.Exe
- 2012-05-19 15:57 . 2012-05-19 15:57 80395 c:\windows\Installer\{E5B21F11-6933-4E0B-A25C-7963E3C07D11}\MsblIco.Exe
+ 2012-07-03 00:01 . 2012-07-03 11:50 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2012-06-22 11:33 . 2012-06-22 11:33 66880 c:\windows\Installer\{3E9E68FB-49FA-410A-8787-424F2A506E0F}\NewShortcut9_05DFDB8B145B4060AA93CDD54992ECBA.exe
+ 2012-06-22 11:33 . 2012-06-22 11:33 70976 c:\windows\Installer\{3E9E68FB-49FA-410A-8787-424F2A506E0F}\NewShortcut8_4C9AAC6F32A441D9BD60685903602015.exe
+ 2012-06-22 11:33 . 2012-06-22 11:33 54592 c:\windows\Installer\{3E9E68FB-49FA-410A-8787-424F2A506E0F}\NewShortcut7_35F98781CC60487A85E5BB1DC5AD435D.exe
+ 2012-06-22 11:33 . 2012-06-22 11:33 70976 c:\windows\Installer\{3E9E68FB-49FA-410A-8787-424F2A506E0F}\NewShortcut6_EA09DAE3880D41D197CE6C7BCDD3FC50.exe
+ 2012-06-22 11:33 . 2012-06-22 11:33 58688 c:\windows\Installer\{3E9E68FB-49FA-410A-8787-424F2A506E0F}\NewShortcut10_51020CB0E81B4CEBBCA47E8F1B152DB0.exe
+ 2012-06-22 11:33 . 2012-06-22 11:33 70976 c:\windows\Installer\{3E9E68FB-49FA-410A-8787-424F2A506E0F}\ARPPRODUCTICON.exe
- 2010-09-23 07:17 . 2010-09-23 07:17 86376 c:\windows\Installer\$PatchCache$\Managed\F132F0B0A6ECD384AA32773B467F9571\15.4.3502\startuplang.dll
+ 2010-09-22 23:17 . 2010-09-22 23:17 86376 c:\windows\Installer\$PatchCache$\Managed\F132F0B0A6ECD384AA32773B467F9571\15.4.3502\startuplang.dll
- 2010-09-23 07:32 . 2010-09-23 07:32 93552 c:\windows\Installer\$PatchCache$\Managed\B6ACDB9A3563B764CA384963D73AFB3E\15.4.3502\WLXImageTranscode.dll
+ 2010-09-22 23:32 . 2010-09-22 23:32 93552 c:\windows\Installer\$PatchCache$\Managed\B6ACDB9A3563B764CA384963D73AFB3E\15.4.3502\WLXImageTranscode.dll
- 2010-09-23 07:32 . 2010-09-23 07:32 56176 c:\windows\Installer\$PatchCache$\Managed\B6ACDB9A3563B764CA384963D73AFB3E\15.4.3502\WindowsLivePhotoViewer.exe
+ 2010-09-22 23:32 . 2010-09-22 23:32 56176 c:\windows\Installer\$PatchCache$\Managed\B6ACDB9A3563B764CA384963D73AFB3E\15.4.3502\WindowsLivePhotoViewer.exe
+ 2010-09-22 23:37 . 2010-09-22 23:37 12144 c:\windows\Installer\$PatchCache$\Managed\B6ACDB9A3563B764CA384963D73AFB3E\15.4.3502\Microsoft.WindowsLive.SubscribePlugins.dll
- 2010-09-23 07:37 . 2010-09-23 07:37 12144 c:\windows\Installer\$PatchCache$\Managed\B6ACDB9A3563B764CA384963D73AFB3E\15.4.3502\Microsoft.WindowsLive.SubscribePlugins.dll
+ 2010-09-22 23:37 . 2010-09-22 23:37 11632 c:\windows\Installer\$PatchCache$\Managed\B6ACDB9A3563B764CA384963D73AFB3E\15.4.3502\Microsoft.WindowsLive.PublishPlugins.dll
- 2010-09-23 07:37 . 2010-09-23 07:37 11632 c:\windows\Installer\$PatchCache$\Managed\B6ACDB9A3563B764CA384963D73AFB3E\15.4.3502\Microsoft.WindowsLive.PublishPlugins.dll
+ 2011-11-03 16:02 . 2012-07-06 10:21 5672 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2012-07-09 02:23 . 2012-07-09 02:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-18 10:43 . 2012-06-18 10:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-18 10:43 . 2012-06-18 10:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-09 02:23 . 2012-07-09 02:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-09-23 07:17 . 2010-09-23 07:17 9576 c:\windows\Installer\$PatchCache$\Managed\F132F0B0A6ECD384AA32773B467F9571\15.4.3502\wlsettingslang.dll
+ 2010-09-22 23:17 . 2010-09-22 23:17 9576 c:\windows\Installer\$PatchCache$\Managed\F132F0B0A6ECD384AA32773B467F9571\15.4.3502\wlsettingslang.dll
+ 2010-09-22 23:17 . 2010-09-22 23:17 9064 c:\windows\Installer\$PatchCache$\Managed\F132F0B0A6ECD384AA32773B467F9571\15.4.3502\LangSelectorLang.dll
- 2010-09-23 07:17 . 2010-09-23 07:17 9064 c:\windows\Installer\$PatchCache$\Managed\F132F0B0A6ECD384AA32773B467F9571\15.4.3502\LangSelectorLang.dll
+ 2012-06-29 20:06 . 2012-06-29 20:06 686280 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_262_Plugin.exe
+ 2012-06-29 20:06 . 2012-06-29 20:06 250056 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2012-06-29 14:47 . 2012-06-29 14:47 262144 c:\windows\SysWOW64\config\TxR\NTUSER.DAT
+ 2012-06-29 14:47 . 2012-06-29 14:47 262144 c:\windows\SysWOW64\config\RegBack\NTUSER.DAT
+ 2012-06-29 14:47 . 2012-06-29 14:47 262144 c:\windows\SysWOW64\config\Journal\NTUSER.DAT
+ 2011-12-08 20:29 . 2012-06-19 03:33 150134 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2011-10-21 22:09 . 2012-07-08 13:51 263662 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2012-06-13 09:29 616008 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-06-27 02:03 616008 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-06-27 02:03 106388 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-06-13 09:29 106388 c:\windows\system32\perfc009.dat
+ 2010-11-21 03:27 . 2012-01-31 12:44 279656 c:\windows\system32\MpSigStub.exe
+ 2012-06-29 20:06 . 2012-06-29 20:06 417992 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_262_Plugin.exe
+ 2012-02-22 04:25 . 2012-02-22 04:25 289872 c:\windows\system32\drivers\avgldx64.sys
+ 2011-12-23 12:31 . 2011-12-23 12:31 124496 c:\windows\system32\drivers\avgidsdrivera.sys
+ 2009-07-14 05:01 . 2012-07-08 15:07 470420 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-07-03 00:04 . 2012-07-03 00:04 468480 c:\windows\Installer\b9a242.msp
+ 2012-07-03 00:03 . 2012-07-03 00:03 625664 c:\windows\Installer\b9a234.msp
+ 2012-07-03 00:01 . 2012-07-03 00:01 715264 c:\windows\Installer\b9a1e4.msp
+ 2012-07-03 00:01 . 2012-07-03 00:01 136704 c:\windows\Installer\b9a1c8.msp
+ 2012-07-03 00:01 . 2012-07-03 00:01 429056 c:\windows\Installer\b9a1c3.msi
+ 2012-07-03 00:00 . 2012-07-03 00:00 147968 c:\windows\Installer\b9a1bf.msi
+ 2012-07-02 04:46 . 2012-07-02 04:46 487424 c:\windows\Installer\2d26db2.msi
+ 2012-07-02 04:50 . 2012-07-02 04:50 292878 c:\windows\Installer\{B51D1A7C-7620-4899-BF63-F5E0192D615A}\controlPanelIcon.exe
- 2012-05-09 01:09 . 2012-05-09 01:09 292878 c:\windows\Installer\{B51D1A7C-7620-4899-BF63-F5E0192D615A}\controlPanelIcon.exe
+ 2012-06-27 02:02 . 2012-06-27 02:02 109563 c:\windows\Installer\{8F710A99-E578-4744-8F82-5F0AB4C8871B}\SCEP.exe
+ 2012-06-27 02:02 . 2012-06-27 02:02 123352 c:\windows\Installer\{8F710A99-E578-4744-8F82-5F0AB4C8871B}\MSE.exe
+ 2012-06-27 02:02 . 2012-06-27 02:02 109563 c:\windows\Installer\{8F710A99-E578-4744-8F82-5F0AB4C8871B}\INTUNE.exe
+ 2012-06-27 02:02 . 2012-06-27 02:02 109563 c:\windows\Installer\{8F710A99-E578-4744-8F82-5F0AB4C8871B}\FEP.exe
+ 2012-06-27 02:02 . 2012-06-27 02:02 109563 c:\windows\Installer\{8F710A99-E578-4744-8F82-5F0AB4C8871B}\EPP.exe
+ 2012-06-22 02:09 . 2012-06-22 02:09 109563 c:\windows\Installer\{842E9CF4-3B07-47CC-8BAA-FEED10E13FB2}\SCEP.exe
+ 2012-06-22 02:09 . 2012-06-22 02:09 123352 c:\windows\Installer\{842E9CF4-3B07-47CC-8BAA-FEED10E13FB2}\MSEPrerelease.exe
+ 2012-06-22 02:09 . 2012-06-22 02:09 123352 c:\windows\Installer\{842E9CF4-3B07-47CC-8BAA-FEED10E13FB2}\MSE.exe
+ 2012-06-22 02:09 . 2012-06-22 02:09 109563 c:\windows\Installer\{842E9CF4-3B07-47CC-8BAA-FEED10E13FB2}\INTUNE.exe
+ 2012-06-22 02:09 . 2012-06-22 02:09 109563 c:\windows\Installer\{842E9CF4-3B07-47CC-8BAA-FEED10E13FB2}\FEP.exe
+ 2012-06-22 02:09 . 2012-06-22 02:09 109563 c:\windows\Installer\{842E9CF4-3B07-47CC-8BAA-FEED10E13FB2}\EPP.exe
+ 2010-09-22 23:17 . 2010-09-22 23:17 827240 c:\windows\Installer\$PatchCache$\Managed\F132F0B0A6ECD384AA32773B467F9571\15.4.3502\wlupdate.dll
- 2010-09-23 07:17 . 2010-09-23 07:17 827240 c:\windows\Installer\$PatchCache$\Managed\F132F0B0A6ECD384AA32773B467F9571\15.4.3502\wlupdate.dll
- 2010-09-23 07:17 . 2010-09-23 07:17 618856 c:\windows\Installer\$PatchCache$\Managed\F132F0B0A6ECD384AA32773B467F9571\15.4.3502\wlstartup.exe
+ 2010-09-22 23:17 . 2010-09-22 23:17 618856 c:\windows\Installer\$PatchCache$\Managed\F132F0B0A6ECD384AA32773B467F9571\15.4.3502\wlstartup.exe
- 2010-09-23 07:17 . 2010-09-23 07:17 138600 c:\windows\Installer\$PatchCache$\Managed\F132F0B0A6ECD384AA32773B467F9571\15.4.3502\wlsres.dll
+ 2010-09-22 23:17 . 2010-09-22 23:17 138600 c:\windows\Installer\$PatchCache$\Managed\F132F0B0A6ECD384AA32773B467F9571\15.4.3502\wlsres.dll
+ 2010-09-22 23:17 . 2010-09-22 23:17 552296 c:\windows\Installer\$PatchCache$\Managed\F132F0B0A6ECD384AA32773B467F9571\15.4.3502\wlshim.dll
- 2010-09-23 07:17 . 2010-09-23 07:17 552296 c:\windows\Installer\$PatchCache$\Managed\F132F0B0A6ECD384AA32773B467F9571\15.4.3502\wlshim.dll
+ 2010-09-22 23:17 . 2010-09-22 23:17 265576 c:\windows\Installer\$PatchCache$\Managed\F132F0B0A6ECD384AA32773B467F9571\15.4.3502\wlsettingsres.dll
- 2010-09-23 07:17 . 2010-09-23 07:17 265576 c:\windows\Installer\$PatchCache$\Managed\F132F0B0A6ECD384AA32773B467F9571\15.4.3502\wlsettingsres.dll
+ 2010-09-22 23:17 . 2010-09-22 23:17 493928 c:\windows\Installer\$PatchCache$\Managed\F132F0B0A6ECD384AA32773B467F9571\15.4.3502\wlsettings.exe
- 2010-09-23 07:17 . 2010-09-23 07:17 493928 c:\windows\Installer\$PatchCache$\Managed\F132F0B0A6ECD384AA32773B467F9571\15.4.3502\wlsettings.exe
+ 2010-09-22 23:17 . 2010-09-22 23:17 166248 c:\windows\Installer\$PatchCache$\Managed\F132F0B0A6ECD384AA32773B467F9571\15.4.3502\wlbici.dll
- 2010-09-23 07:17 . 2010-09-23 07:17 166248 c:\windows\Installer\$PatchCache$\Managed\F132F0B0A6ECD384AA32773B467F9571\15.4.3502\wlbici.dll
- 2010-09-23 07:17 . 2010-09-23 07:17 476008 c:\windows\Installer\$PatchCache$\Managed\F132F0B0A6ECD384AA32773B467F9571\15.4.3502\LangSelectorRes.dll
+ 2010-09-22 23:17 . 2010-09-22 23:17 476008 c:\windows\Installer\$PatchCache$\Managed\F132F0B0A6ECD384AA32773B467F9571\15.4.3502\LangSelectorRes.dll
+ 2010-09-22 23:17 . 2010-09-22 23:17 345960 c:\windows\Installer\$PatchCache$\Managed\F132F0B0A6ECD384AA32773B467F9571\15.4.3502\LangSelector.exe
- 2010-09-23 07:17 . 2010-09-23 07:17 345960 c:\windows\Installer\$PatchCache$\Managed\F132F0B0A6ECD384AA32773B467F9571\15.4.3502\LangSelector.exe
- 2010-09-23 07:32 . 2010-09-23 07:32 822128 c:\windows\Installer\$PatchCache$\Managed\B6ACDB9A3563B764CA384963D73AFB3E\15.4.3502\WindowsLivePhotoViewerCore.dll
+ 2010-09-22 23:32 . 2010-09-22 23:32 822128 c:\windows\Installer\$PatchCache$\Managed\B6ACDB9A3563B764CA384963D73AFB3E\15.4.3502\WindowsLivePhotoViewerCore.dll
- 2010-09-23 07:37 . 2010-09-23 07:37 104304 c:\windows\Installer\$PatchCache$\Managed\B6ACDB9A3563B764CA384963D73AFB3E\15.4.3502\SubscribePluginsInterop.dll
+ 2010-09-22 23:37 . 2010-09-22 23:37 104304 c:\windows\Installer\$PatchCache$\Managed\B6ACDB9A3563B764CA384963D73AFB3E\15.4.3502\SubscribePluginsInterop.dll
+ 2010-09-22 23:37 . 2010-09-22 23:37 103792 c:\windows\Installer\$PatchCache$\Managed\B6ACDB9A3563B764CA384963D73AFB3E\15.4.3502\PublishPluginsInterop.dll
- 2010-09-23 07:37 . 2010-09-23 07:37 103792 c:\windows\Installer\$PatchCache$\Managed\B6ACDB9A3563B764CA384963D73AFB3E\15.4.3502\PublishPluginsInterop.dll
+ 2012-06-29 20:06 . 2012-06-29 20:06 9459912 c:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
+ 2012-06-29 20:06 . 2012-06-29 20:06 1535176 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
+ 2009-07-14 04:45 . 2012-07-01 05:02 4971640 c:\windows\system32\FNTCACHE.DAT
- 2009-07-14 04:45 . 2012-06-13 09:40 7204521 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2012-07-03 02:01 7204521 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2011-12-30 09:07 . 2012-07-06 08:50 2338416 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-10-19 16:25 . 2012-07-06 10:22 9111588 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-725012988-2077640657-2150448371-1000-12288.dat
+ 2012-06-29 01:49 . 2012-06-29 01:49 2871808 c:\windows\Installer\c4800.msi
+ 2012-06-29 01:45 . 2012-06-29 01:45 8449024 c:\windows\Installer\c21a3.msi
+ 2012-07-03 00:05 . 2012-07-03 00:05 5124096 c:\windows\Installer\b9a251.msp
+ 2012-07-03 00:04 . 2012-07-03 00:04 6661632 c:\windows\Installer\b9a247.msi
+ 2012-07-03 00:04 . 2012-07-03 00:04 1070592 c:\windows\Installer\b9a238.msi
+ 2012-07-03 00:03 . 2012-07-03 00:03 1492992 c:\windows\Installer\b9a22b.msi
+ 2012-07-03 00:03 . 2012-07-03 00:03 5535744 c:\windows\Installer\b9a21c.msp
+ 2012-07-03 00:02 . 2012-07-03 00:02 3312128 c:\windows\Installer\b9a204.msp
+ 2012-07-03 00:02 . 2012-07-03 00:02 8332288 c:\windows\Installer\b9a1e8.msi
+ 2012-07-03 00:01 . 2012-07-03 00:01 2310656 c:\windows\Installer\b9a1dc.msi
+ 2012-07-03 00:01 . 2012-07-03 00:01 1139712 c:\windows\Installer\b9a1d8.msp
+ 2012-07-03 00:01 . 2012-07-03 00:01 4004864 c:\windows\Installer\b9a1cc.msi
+ 2012-07-03 00:00 . 2012-07-03 00:00 2343936 c:\windows\Installer\b9a1bb.msi
+ 2012-07-03 00:00 . 2012-07-03 00:00 4680704 c:\windows\Installer\b9a1b7.msi
+ 2012-07-03 00:00 . 2012-07-03 00:00 2932224 c:\windows\Installer\b9a1b3.msp
+ 2012-07-03 00:00 . 2012-07-03 00:00 7710720 c:\windows\Installer\b9a19f.msi
+ 2012-07-02 23:59 . 2012-07-02 23:59 4426240 c:\windows\Installer\b9a19b.msp
+ 2012-07-02 23:59 . 2012-07-02 23:59 9433088 c:\windows\Installer\b9a18c.msi
+ 2011-05-14 20:00 . 2011-05-14 20:00 2081792 c:\windows\Installer\b9a184.msi
+ 2012-07-02 23:59 . 2012-07-02 23:59 8822784 c:\windows\Installer\b9a180.msi
+ 2010-09-22 23:17 . 2010-09-22 23:17 2668392 c:\windows\Installer\$PatchCache$\Managed\F132F0B0A6ECD384AA32773B467F9571\15.4.3502\startupres.dll
- 2010-09-23 07:17 . 2010-09-23 07:17 2668392 c:\windows\Installer\$PatchCache$\Managed\F132F0B0A6ECD384AA32773B467F9571\15.4.3502\startupres.dll
- 2010-09-23 07:32 . 2010-09-23 07:32 1378160 c:\windows\Installer\$PatchCache$\Managed\B6ACDB9A3563B764CA384963D73AFB3E\15.4.3502\WLXMediaPublishSubscribe.dll
+ 2010-09-22 23:32 . 2010-09-22 23:32 1378160 c:\windows\Installer\$PatchCache$\Managed\B6ACDB9A3563B764CA384963D73AFB3E\15.4.3502\WLXMediaPublishSubscribe.dll
+ 2010-09-22 22:28 . 2010-09-22 22:28 1043312 c:\windows\Installer\$PatchCache$\Managed\3D04254D3B6B9FF42B3445CE3E1E0066\15.4.3502\LivePlatform.dll
- 2010-09-23 06:28 . 2010-09-23 06:28 1043312 c:\windows\Installer\$PatchCache$\Managed\3D04254D3B6B9FF42B3445CE3E1E0066\15.4.3502\LivePlatform.dll
+ 2010-09-22 23:17 . 2010-09-22 23:17 1204584 c:\windows\Installer\$PatchCache$\Managed\032440EF5AC97F34B985A55C2AA8F133\15.4.3502\wlarp.exe
- 2010-09-23 07:17 . 2010-09-23 07:17 1204584 c:\windows\Installer\$PatchCache$\Managed\032440EF5AC97F34B985A55C2AA8F133\15.4.3502\wlarp.exe
+ 2009-07-14 02:34 . 2012-06-21 15:51 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34 . 2012-06-13 09:34 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2012-06-29 20:06 . 2012-06-29 20:06 12310216 c:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll
+ 2011-10-19 16:25 . 2012-07-08 15:07 56676673 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-725012988-2077640657-2150448371-1000-8192.dat
+ 2012-07-03 00:03 . 2012-07-03 00:03 22647296 c:\windows\Installer\b9a209.msi
+ 2012-07-03 00:00 . 2012-07-03 00:00 20240896 c:\windows\Installer\b9a17c.msp
+ 2012-05-16 06:28 . 2012-05-16 06:28 73078272 c:\windows\Installer\7adc0.msi
+ 2012-06-22 11:28 . 2012-06-22 11:28 38413824 c:\windows\Installer\483f64.msi
+ 2012-07-03 11:50 . 2012-07-03 11:50 20343808 c:\windows\Installer\1953229.msp
+ 2012-07-01 05:16 . 2012-07-01 05:21 48940544 c:\windows\Downloaded Installations\{90F42154-37BA-4079-85A2-7B2DB7EA6A01}\Movie Magic Screenwriter 6.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-06-30 14:18 2074208 ----a-w- c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-06-30 2074208]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Oleuanna\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Oleuanna\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Oleuanna\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Oleuanna\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FreeAC"="c:\program files (x86)\FreeAlarmClock\FreeAlarmClock.exe" [2012-04-25 1328976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-01-13 283160]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-01-27 318520]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-06-14 103992]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-06-30 1107552]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableLockWorkstation"= 1 (0x1)
"DisableChangePassword"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
R0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R3 hpCMSrv;HP Connection Manager 4 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-06-14 1098296]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-02-15 335464]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 SystemExplorerHelpService;System Explorer Help Service;c:\program files (x86)\System Explorer\SystemExplorerService64.exe [2011-09-22 712520]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-20 1255736]
R4 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [x]
R4 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-11-30 271424]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2012-01-09 11864]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-04-30 5106744]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-07-05 227384]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-13 13336]
S2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2012-04-30 33672]
S2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2012-04-30 827520]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-07-23 2320920]
S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-06-29 935008]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2011-05-03 158976]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-05-03 317440]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2011-07-19 1492992]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-725012988-2077640657-2150448371-1000Core.job
- c:\users\Oleuanna\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-17 17:35]
.
2012-07-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-725012988-2077640657-2150448371-1000UA.job
- c:\users\Oleuanna\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-17 17:35]
.
2012-07-03 c:\windows\Tasks\HPCeeScheduleForOleuanna.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Oleuanna\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Oleuanna\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Oleuanna\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Oleuanna\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-25 525312]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-31 392472]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,
91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27
"{91DA5E8A-3318-4F8C-B67E-5964DE3AB546}"=hex:51,66,7a,6c,4c,1d,38,12,e4,5d,c9,
95,2a,7d,e2,0a,c9,68,1a,24,db,64,f1,52
"{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}"=hex:51,66,7a,6c,4c,1d,38,12,8b,c7,39,
ea,82,fe,a8,0b,f7,bf,ff,e1,a6,74,f5,13
"{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}"=hex:51,66,7a,6c,4c,1d,38,12,4a,94,5d,
df,2a,bb,93,08,e3,6a,3b,f5,24,5d,8e,ad
"{EEE6C35B-6118-11DC-9C72-001320C79847}"=hex:51,66,7a,6c,4c,1d,38,12,35,c0,f5,
ea,2a,2f,b2,54,e3,64,43,53,25,99,dc,53
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d,
36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
"{64182481-4F71-486B-A045-B233BD0DA8FC}"=hex:51,66,7a,6c,4c,1d,38,12,ef,27,0b,
60,43,01,05,0d,df,53,f1,73,b8,53,ec,e8
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}"=hex:51,66,7a,6c,4c,1d,38,12,ac,35,59,
8e,07,4b,42,08,c2,2b,0a,2c,b2,b0,92,f7
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{A876E312-7D08-401A-B7A6-FAFC5DC2F292}"=hex:51,66,7a,6c,4c,1d,38,12,7c,e0,65,
ac,3a,33,74,05,c8,b0,b9,bc,58,9c,b6,86
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{D41289F2-69C6-417B-897E-C653D677CBAF}"=hex:51,66,7a,6c,4c,1d,38,12,9c,8a,01,
d0,f4,27,15,04,f6,68,85,13,d3,29,8f,bb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{EEE6C35C-6118-11DC-9C72-001320C79847}"=hex:51,66,7a,6c,4c,1d,38,12,32,c0,f5,
ea,2a,2f,b2,54,e3,64,43,53,25,99,dc,53
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:da,b2,7f,06,ec,ab,cc,01
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\ezSharedSvcHost.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
.
**************************************************************************
.
Completion time: 2012-07-09 03:32:27 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-09 02:32
ComboFix2.txt 2012-06-18 11:28
ComboFix3.txt 2012-05-29 13:21
.
Pre-Run: 393,435,951,104 bytes free
Post-Run: 394,455,572,480 bytes free
.
- - End Of File - - 4E1E56095E491D85B05AA2DC08CFE628

#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,764 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:54 PM

Posted 09 July 2012 - 09:39 AM

Lets check further.

Download this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a flash drive.

Plug the flash drive into the infected PC.

Restart your computer and tap F8 to bring up the Advanced Menu, then click Repair your computer

Follow the prompt to enter keyboard input method, and then the prompt to enter a password. If the machine does not have a password, simply click Enter.

In the next menu, use the arrow keys on the keyboard to highlight Command Prompt and press Enter.
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst64.exe and press Enter. Or FRST.exe if 32 bit system.

    Note: Replace letter e with the drive letter of your flash drive.

  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.


#13 Oleuanna

Oleuanna
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:05:54 PM

Posted 09 July 2012 - 05:00 PM

Scan result of Farbar Recovery Scan Tool Version: 09-07-2012
Ran by SYSTEM at 09-07-2012 22:53:46
Running from H:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-13] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-25] (IDT, Inc.)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [392472 2011-08-31] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-12] (Intel Corporation)
HKLM-x32\...\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [586296 2010-11-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [318520 2011-01-27] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [103992 2011-06-14] (Hewlett-Packard Development Company L.P.)
HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [1107552 2012-06-30] ()
HKU\Oleuanna\...\Run: [FreeAC] C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe -autorun [1328976 2012-04-25] (Comfort Software Group)
HKU\Oleuanna\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)
HKU\Oleuanna\...\Policies\system: [DisableLockWorkstation] 1
HKU\Oleuanna\...\Policies\system: [DisableChangePassword] 1
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Startup: C:\Users\Oleuanna\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)

==================== Services (Whitelisted) ======

2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [140672 2011-08-11] (SUPERAntiSpyware.com)
2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe" [5106744 2012-04-30] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" [193288 2012-02-13] (AVG Technologies CZ, s.r.o.)
3 hpCMSrv; "C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe" [1098296 2011-06-14] (Hewlett-Packard Development Company L.P.)
2 IswSvc; "C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe" [827520 2012-04-30] (Check Point Software Technologies)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [654408 2012-04-04] (Malwarebytes Corporation)
3 SystemExplorerHelpService; C:\Program Files (x86)\System Explorer\SystemExplorerService64.exe [712520 2011-09-22] (Mister Group)
2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2320920 2010-07-23] (Intel Corporation)
2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe -service [2446872 2012-05-03] (Check Point Software Technologies LTD)
2 vToolbarUpdater11.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [935008 2012-06-28] ()

========================== Drivers (Whitelisted) =============

3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [124496 2011-12-23] (AVG Technologies CZ, s.r.o. )
3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [289872 2012-02-21] (AVG Technologies CZ, s.r.o.)
1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [271424 2011-11-29] (DT Soft Ltd)
2 ISWKL; \??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [33672 2012-04-30] (Check Point Software Technologies)
0 KL1; C:\Windows\System32\Drivers\KL1.sys [460888 2012-01-09] (Kaspersky Lab ZAO)
1 kl2; C:\Windows\System32\Drivers\kl2.sys [11864 2012-01-09] (Kaspersky Lab ZAO)
1 KLIF; C:\Windows\System32\Drivers\KLIF.sys [485680 2012-01-09] (Kaspersky Lab)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-04-04] (Malwarebytes Corporation)
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 Vsdatant; C:\Windows\System32\Drivers\Vsdatant.sys [454232 2011-05-07] (Check Point Software Technologies LTD)
4 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [x]
0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [x]
4 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-09 13:40 - 2012-07-09 13:40 - 01434401 ____A (Farbar) C:\Users\Oleuanna\Downloads\FRST64.exe
2012-07-09 10:31 - 2012-07-09 10:31 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\{DAD3246C-B476-4365-92D7-CBBAAE5773C9}
2012-07-09 10:31 - 2012-07-09 10:31 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\{1B44D752-BDCE-4A46-9D9C-C547EB44CF51}
2012-07-08 18:32 - 2012-07-08 18:32 - 00046671 ____A C:\ComboFix.txt
2012-07-08 17:59 - 2012-07-08 18:32 - 00000000 ____D C:\ComboFix
2012-07-08 17:52 - 2012-07-08 17:52 - 00001945 ____A C:\rkill.log
2012-07-08 17:50 - 2012-07-08 17:50 - 01012656 ____A C:\Users\Oleuanna\Downloads\rkill.exe
2012-07-08 08:42 - 2012-07-08 08:42 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\{6757118A-C8B4-4237-BD75-47085368E053}
2012-07-08 08:41 - 2012-07-08 08:41 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\{C191B119-8F3F-443B-A6E7-CABEBB1A04E3}
2012-07-08 08:22 - 2012-07-08 08:22 - 00077970 ____A C:\Users\Oleuanna\Downloads\Extras.Txt
2012-07-08 08:19 - 2012-07-08 08:19 - 00366494 ____A C:\Users\Oleuanna\Downloads\OTL.Txt
2012-07-08 07:14 - 2012-07-08 07:14 - 00595968 ____A (OldTimer Tools) C:\Users\Oleuanna\Downloads\OTL.exe
2012-07-07 22:25 - 2012-07-07 22:25 - 00031252 ____A C:\Users\Oleuanna\Downloads\logaster_No_17_small_size_70x84_pixels_(PNG).zip
2012-07-07 20:41 - 2012-07-07 20:41 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\{B834AFCA-C000-4287-8837-6E41131EE234}
2012-07-07 20:41 - 2012-07-07 20:41 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\{5BBD2827-4122-417B-BE81-66D44E40E3E2}
2012-07-07 20:24 - 2012-07-07 20:24 - 00000053 ____A C:\Users\Oleuanna\Downloads\google7f3126a2d221cfd6 (1).html
2012-07-07 19:48 - 2012-07-07 19:48 - 00000053 ____A C:\Users\Oleuanna\Downloads\google72267d83769ee92f (2).html
2012-07-07 19:22 - 2012-07-07 19:22 - 00000053 ____A C:\Users\Oleuanna\Downloads\google7f3126a2d221cfd6.html
2012-07-07 18:25 - 2012-07-07 18:25 - 00000053 ____A C:\Users\Oleuanna\Downloads\google72267d83769ee92f.html
2012-07-07 18:25 - 2012-07-07 18:25 - 00000053 ____A C:\Users\Oleuanna\Downloads\google72267d83769ee92f (1).html
2012-07-07 08:16 - 2012-07-07 08:16 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\{F3B2ADD9-E251-493D-ACAE-8B69013C5274}
2012-07-07 08:16 - 2012-07-07 08:16 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\{D70B6BA5-10D5-4A48-B00A-48524EE12EFA}
2012-07-06 20:16 - 2012-07-06 20:16 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\{1230C1CF-13CD-4014-9C96-E61C2054D8DE}
2012-07-06 20:15 - 2012-07-06 20:16 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\{02FF8083-2D6B-43F4-928B-122BA5E3F572}
2012-07-06 20:06 - 2012-07-06 20:06 - 01287528 ____A (Microsoft Corporation) C:\Users\Oleuanna\Downloads\wlsetup-web.exe
2012-07-06 20:05 - 2012-07-06 20:05 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\{E902E235-17D3-4564-8795-33EBA3CCBA12}
2012-07-06 16:23 - 2012-07-06 16:23 - 04573044 ____R (Swearware) C:\Users\Oleuanna\Downloads\ComboFix.exe
2012-07-06 07:23 - 2012-07-06 07:24 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\{58848610-2539-4DCA-AE4A-B65B1E13F6EB}
2012-07-06 07:23 - 2012-07-06 07:23 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\{3A931959-9E55-4D15-9358-1051B200F4B6}
2012-07-06 02:18 - 2012-07-06 02:18 - 00283440 ____A (Premium) C:\Users\Oleuanna\Downloads\Codec-V (1).exe
2012-07-06 02:17 - 2012-07-06 02:17 - 00283440 ____A (Premium) C:\Users\Oleuanna\Downloads\Codec-V.exe
2012-07-06 02:00 - 2012-07-06 02:00 - 00933256 ____A (DivX, LLC) C:\Users\Oleuanna\Downloads\DivXWebPlayerInstaller.exe
2012-07-05 19:23 - 2012-07-05 19:23 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\{40E425F7-896D-4F1E-8A62-3F8039C9FD23}
2012-07-05 19:23 - 2012-07-05 19:23 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\{38238FEB-8878-4756-89F2-6737D3B444F9}
2012-07-05 19:11 - 2012-07-05 19:47 - 00000000 ____D C:\Users\Oleuanna\Downloads\themeforest-2485338-haze-beautiful-wordpress-theme
2012-07-05 17:41 - 2012-07-05 17:41 - 00000000 ____D C:\wp-admin
2012-07-05 17:22 - 2012-07-05 17:22 - 00000000 ____D C:\Users\Oleuanna\Downloads\wordpress-3.4.1
2012-07-05 16:30 - 2012-07-05 16:30 - 00000000 ____D C:\Program Files (x86)\FileZilla FTP Client
2012-07-05 15:37 - 2012-07-05 15:37 - 00270416 ____A C:\Windows\Minidump\070612-42385-01.dmp
2012-07-05 14:49 - 2012-07-05 14:49 - 04731392 ____A (AVAST Software) C:\Users\Oleuanna\Downloads\aswMBR.exe
2012-07-05 04:18 - 2012-07-05 04:18 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\{EA49DBEE-6297-4E87-A9A8-B61CCCD2F7CB}
2012-07-05 04:18 - 2012-07-05 04:18 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\{44958D3D-40BB-4DB9-8B4A-BA56DE01639E}
2012-07-04 16:11 - 2012-07-04 16:11 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\{99B9AD4B-0A62-4D34-9A96-6A935FFC9E1B}
2012-07-04 16:11 - 2012-07-04 16:11 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\{95D58BA9-B0D0-4AD3-8DD8-49D358B5B644}
2012-07-04 04:11 - 2012-07-04 04:11 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\{D4D390A5-27D1-4E82-9EBF-B9F997A23764}
2012-07-04 04:11 - 2012-07-04 04:11 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\{B7656B65-A18D-4588-A915-64EF0F4FABDE}
2012-07-03 16:10 - 2012-07-03 16:10 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\{82DE521F-B1EA-4487-B742-AF1BA22BE48D}
2012-07-03 16:10 - 2012-07-03 16:10 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\{75AE0831-AEAB-4CA0-A8E3-8630C3AB74B9}
2012-07-03 04:09 - 2012-07-03 04:09 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\{BF94D2EF-4546-43A2-8D73-68A87DD50D4D}
2012-07-03 04:09 - 2012-07-03 04:09 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\{4BCA5D74-015A-40F1-AA1F-9367573DEF37}
2012-07-02 20:03 - 2012-07-02 20:03 - 00000000 ____D C:\Program Files (x86)\FreeAlarmClock
2012-07-02 16:56 - 2012-07-05 19:11 - 00000000 ____D C:\Users\Oleuanna\Downloads\Haze-WP-V1.2
2012-07-02 16:08 - 2012-07-02 16:08 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\{EE91BB45-BA12-4954-B841-DA5A3685D754}
2012-07-02 16:08 - 2012-07-02 16:08 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\{D182B9D5-A931-4BC0-82F5-6E506E725C2B}
2012-07-02 16:03 - 2012-07-06 20:25 - 00000000 ____D C:\Program Files (x86)\Windows Live
2012-07-02 16:02 - 2012-07-02 16:02 - 00000000 ____D C:\Windows\PCHEALTH
2012-07-02 16:00 - 2012-07-03 04:05 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-07-01 20:50 - 2012-07-01 20:50 - 00000000 ____D C:\Program Files (x86)\Tweet Adder 3
2012-07-01 13:23 - 2012-07-01 18:06 - 00223141 ____A C:\Users\Oleuanna\Desktop\en-soi pour-soi arts .bpdx
2012-06-30 15:38 - 2012-06-30 15:38 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\{E80F49DE-B037-4B35-A877-F98D6A191BBC}
2012-06-30 15:37 - 2012-06-30 15:38 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\{25D11404-FB25-4988-AA3C-25090EE6F424}
2012-06-30 14:41 - 2012-06-30 14:41 - 00033758 ____A C:\Users\Oleuanna\AppData\Local\dt.dat
2012-06-30 06:18 - 2012-06-30 06:18 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
2012-06-30 03:37 - 2012-06-30 03:37 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\{B9EC7B0D-01CB-41E5-BFA3-9D0C7FC27865}
2012-06-30 03:37 - 2012-06-30 03:37 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\{B78A69B1-63DB-4F6D-BC01-9643386943B7}
2012-06-29 15:36 - 2012-06-29 15:36 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\{57AE7C52-D763-435B-B74E-3BF7CE2CC3FB}
2012-06-29 15:36 - 2012-06-29 15:36 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\{0AA9DB33-553C-4D1B-8C66-2B2460E72F12}
2012-06-29 14:45 - 2012-06-30 06:18 - 00000000 ____D C:\Users\All Users\AVG Secure Search
2012-06-29 12:06 - 2012-06-29 12:06 - 00000000 ____D C:\Users\All Users\McAfee
2012-06-29 09:14 - 2012-06-29 09:14 - 00000000 ____D C:\Users\All Users\Sophos
2012-06-29 08:05 - 2012-06-29 08:05 - 00000000 ____D C:\Program Files (x86)\Trend Micro
2012-06-29 06:57 - 2012-06-30 06:57 - 00000000 ____D C:\Users\Oleuanna\Pavark
2012-06-29 06:56 - 2012-06-30 21:20 - 00000000 ____D C:\Users\Oleuanna\Downloads\kavremover
2012-06-29 06:53 - 2012-06-29 06:53 - 00328064 ____A (AVAST Software) C:\Users\Oleuanna\Downloads\aswclear.exe
2012-06-29 03:35 - 2012-06-29 03:35 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\{19375CB8-314E-46D9-84FC-2D2E6D044006}
2012-06-29 03:34 - 2012-06-29 03:35 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\{AD76740E-E6C1-4879-AC9D-B7C4CB60BDC6}
2012-06-28 17:52 - 2012-06-29 12:52 - 00000000 ____D C:\Users\Oleuanna\AppData\Roaming\AVG2012
2012-06-28 17:52 - 2012-06-28 17:52 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\AVG Secure Search
2012-06-28 17:50 - 2012-07-08 09:32 - 00000000 ____D C:\Windows\System32\Drivers\AVG
2012-06-28 17:50 - 2012-06-29 12:51 - 00000000 ____D C:\Windows\SysWOW64\Drivers\AVG
2012-06-28 17:50 - 2012-06-28 17:50 - 00000000 ____D C:\$AVG
2012-06-28 15:34 - 2012-06-28 15:34 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\{9DF7B4B3-0C02-402C-81B1-CD555F4CE838}
2012-06-28 15:34 - 2012-06-28 15:34 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\{5040D58E-D577-4AA5-8566-CD16D67E3FA0}
2012-06-28 08:23 - 2012-06-28 08:23 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\twitter
2012-06-28 03:33 - 2012-06-28 03:33 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\{B690F2A8-B437-49DC-A3A9-C7A69F5FD83D}
2012-06-28 03:33 - 2012-06-28 03:33 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\{B257D94F-4282-48A1-8380-0D9EE70195CF}
2012-06-27 15:32 - 2012-06-27 15:32 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\{CE324388-5732-40BF-9A4E-42E1654E0946}
2012-06-27 15:32 - 2012-06-27 15:32 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\{5ACF76C6-25EB-46A6-951B-15DA10B7F0F5}
2012-06-27 03:31 - 2012-06-27 03:31 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\{FFA14FCB-B322-4C71-8901-28CB8F29CEA9}
2012-06-27 03:31 - 2012-06-27 03:31 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\{A9944F07-1479-4565-A6F3-D13548E60D84}
2012-06-26 15:31 - 2012-06-26 15:31 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\{F8B867B4-8731-49FD-9175-656978B34C15}
2012-06-26 15:30 - 2012-06-26 15:30 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\{F8038C58-8DCE-497B-A6AF-A26409FCF155}
2012-06-26 03:30 - 2012-06-26 03:30 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\{FF5CB7F5-F6E6-453E-8222-C218D025110B}
2012-06-26 03:30 - 2012-06-26 03:30 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\{2A6CEC65-833C-460C-9728-0F77DCF315EE}
2012-06-25 15:29 - 2012-06-25 15:29 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\{90C44044-CB9D-4DEA-9E37-5A6B4465ED8C}
2012-06-25 15:29 - 2012-06-25 15:29 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\{8495AA19-F33A-45D9-BB57-44AE5D84AFB9}
2012-06-25 03:29 - 2012-06-25 03:29 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\{533C929B-D31D-4587-BCCA-C88AAF3C1213}
2012-06-25 03:28 - 2012-06-25 03:29 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\{F15CA54C-86B6-4A4A-8CD4-8CF16F149872}
2012-06-24 15:22 - 2012-06-24 15:22 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\{FAF819BC-7529-4A5C-80DC-88FBFBBB1C7E}
2012-06-24 15:21 - 2012-06-24 15:21 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\{8DD64FF2-C6DD-425D-8B4D-A7CC63D9CAE1}
2012-06-24 03:21 - 2012-06-24 03:21 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\{ED7495A8-F14E-438D-90AE-454306070520}
2012-06-24 03:21 - 2012-06-24 03:21 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\{65AE6C2D-3FA7-4F2E-8DCA-A3D7B72B9E55}
2012-06-23 14:00 - 2012-06-23 14:00 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\{64251426-BA19-475B-B1BE-D4CE32836EC9}
2012-06-23 13:59 - 2012-06-23 14:00 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\{FDAEA217-C9CA-48AA-8CFA-D89BDE929F68}
2012-06-23 06:06 - 2012-06-23 06:06 - 00000000 ____D C:\Users\Oleuanna\AppData\Roaming\com.socialbro.air
2012-06-23 01:59 - 2012-06-23 01:59 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\{D27B58BD-4751-4BB0-A4D7-0AD0D88BD8B3}
2012-06-23 01:59 - 2012-06-23 01:59 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\{C925C5FB-BC4A-4B9F-933A-D398DF6C737E}
2012-06-22 13:58 - 2012-06-22 13:58 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\{FF21DF84-A2BB-4AF7-A760-581F0D9EFDDE}
2012-06-22 13:58 - 2012-06-22 13:58 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\{B9C5F738-9244-4C37-B04A-1C5E691EB3C7}
2012-06-22 03:37 - 2012-07-01 18:00 - 00000000 ____D C:\Users\Oleuanna\AppData\Roaming\bppenu11
2012-06-22 03:37 - 2012-06-29 12:52 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\Palo_Alto_Software
2012-06-22 03:37 - 2012-06-22 03:37 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\IsolatedStorage
2012-06-22 03:37 - 2012-06-22 03:37 - 00000000 ____D C:\Users\All Users\IsolatedStorage
2012-06-22 03:32 - 2012-06-22 03:32 - 00000000 ____D C:\Program Files (x86)\Business Plan Pro
2012-06-22 03:28 - 2012-06-22 03:28 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\Downloaded Installations
2012-06-22 01:58 - 2012-06-22 01:58 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\{35E45383-25D8-4EAC-B775-BEB72CD965E8}
2012-06-22 01:57 - 2012-06-22 01:58 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\{CC2CB5DF-450A-4205-A4B7-222F666A9577}
2012-06-21 19:15 - 2012-06-21 19:15 - 00000000 ____D C:\Windows\maxdrive
2012-06-21 18:43 - 2012-07-06 02:34 - 00000000 ____D C:\Users\All Users\AVAST Software
2012-06-21 18:43 - 2012-07-05 15:07 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2012-06-21 18:43 - 2012-07-05 15:06 - 00000000 ____D C:\Program Files\AVAST Software
2012-06-21 18:43 - 2012-07-03 08:21 - 00285328 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-06-21 18:09 - 2012-06-21 18:09 - 00735230 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-06-21 18:03 - 2012-06-29 16:02 - 00001945 ____A C:\Windows\epplauncher.mif
2012-06-21 18:02 - 2010-01-10 09:40 - 00118784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSSTDFMT.DLL
2012-06-21 13:56 - 2012-06-21 13:56 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\{800161C7-E0F4-48C3-B76E-7C1AD6686704}
2012-06-21 13:56 - 2012-06-21 13:56 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\{210DCFA4-2482-4468-B621-1F0056B395EB}
2012-06-21 07:38 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-21 07:38 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-21 07:38 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-21 07:38 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-21 07:38 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-21 07:38 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-21 07:38 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-21 07:38 - 2012-06-02 06:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-21 07:38 - 2012-06-02 06:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-21 01:56 - 2012-06-21 01:56 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\{4A7CF41F-976A-4CC6-A219-A5F3B7371874}
2012-06-21 01:55 - 2012-06-21 01:56 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\{5B336976-9427-4004-8EB4-E03BAE2AC69D}
2012-06-20 13:55 - 2012-06-20 13:55 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\{F17C00A7-3DD8-4D9B-8111-9121B0D26758}
2012-06-20 13:55 - 2012-06-20 13:55 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\{DC788A52-734E-4C92-8822-2F7A9ED1ECE7}
2012-06-20 08:08 - 2012-06-20 08:08 - 00270416 ____A C:\Windows\Minidump\062012-23353-01.dmp
2012-06-20 05:26 - 2012-06-20 05:26 - 00270416 ____A C:\Windows\Minidump\062012-22713-01.dmp
2012-06-20 01:54 - 2012-06-20 01:54 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\{8A89F59E-5EA1-4CF1-B6B3-A7F46FA8FA17}
2012-06-20 01:54 - 2012-06-20 01:54 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\{5946EB90-5CFB-4426-8C1C-0EDB06FD23BF}
2012-06-19 13:53 - 2012-06-19 13:53 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\{67C3E97D-A3C5-44D6-B848-C22D07D5DDC9}
2012-06-19 13:53 - 2012-06-19 13:53 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\{0A03802B-E13E-44C2-B901-3BE2F1E39ECD}
2012-06-19 01:53 - 2012-06-19 01:53 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\{DF9322D6-0895-415E-BB96-34EFCC8C9E89}
2012-06-19 01:52 - 2012-06-19 01:52 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\{98C126CE-7A47-4F04-8000-7BA4776D202B}
2012-06-18 13:52 - 2012-06-18 13:52 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\{46B95188-193B-403C-8D30-8E3FF1D96234}
2012-06-18 13:52 - 2012-06-18 13:52 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\{08E7DC82-3FAB-4C22-9087-9C4C292C1F9F}
2012-06-18 01:50 - 2012-06-18 01:50 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\{E82FB348-8D12-41F5-8454-EC76D94BB413}
2012-06-18 01:42 - 2012-06-18 01:42 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\{7D55CE83-0D40-4474-BBE3-30DDB7F798D7}
2012-06-18 01:31 - 2012-06-18 01:31 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\{A379D163-5772-4F9D-AA01-4423806A98E7}
2012-06-17 13:19 - 2012-06-17 13:19 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\{EB0BE9E7-183D-4D6C-A358-6A2690CFB6E4}
2012-06-17 01:19 - 2012-06-17 01:19 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\{ABCC2F1A-35BA-4979-B4A7-45F8D2D6AD2A}
2012-06-16 13:12 - 2012-06-16 13:12 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\{4F950D7D-0DCB-4CB3-893B-A30FCA56BC27}
2012-06-16 11:21 - 2012-06-16 11:21 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\Macromedia
2012-06-16 01:12 - 2012-06-16 01:12 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\{90F7D333-590D-4CF1-9364-FC46DD88A1CC}
2012-06-16 01:12 - 2012-06-16 01:12 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\{725C027D-D083-46AC-B8FC-74AE3A874C11}
2012-06-15 13:11 - 2012-06-15 13:11 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\{94FDD377-9AF3-4152-B8E8-ACC8F9FF0802}
2012-06-15 01:11 - 2012-06-15 01:11 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\{2CF6673B-4D15-407A-A188-07804CD1FCD8}
2012-06-14 13:10 - 2012-06-14 13:10 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\{FFEA02A6-5BFD-4E44-B6F0-0F3B98B52883}
2012-06-14 13:10 - 2012-06-14 13:10 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\{8A3FEAB6-B524-4AE9-A929-21569524FDF3}
2012-06-14 01:09 - 2012-06-14 01:10 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\{BF56131A-C3BD-4BDA-A46E-7CE0C40263C7}
2012-06-14 01:09 - 2012-06-14 01:09 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\{02546AD2-CA2A-4F5F-B142-90F33B39D915}
2012-06-13 13:09 - 2012-06-13 13:09 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\{E4AC81DC-ED18-44BD-9876-A407BAC59EA8}
2012-06-13 13:08 - 2012-06-13 13:09 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\{EA977961-6920-44CE-A7A5-E98B8D7B3574}
2012-06-13 01:18 - 2012-05-17 18:47 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-13 01:18 - 2012-05-17 18:16 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-13 01:18 - 2012-05-17 18:06 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-13 01:18 - 2012-05-17 17:59 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-13 01:18 - 2012-05-17 17:59 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-13 01:18 - 2012-05-17 17:58 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-13 01:18 - 2012-05-17 17:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-13 01:18 - 2012-05-17 17:56 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-13 01:18 - 2012-05-17 17:55 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-13 01:18 - 2012-05-17 17:55 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-13 01:18 - 2012-05-17 17:54 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-13 01:18 - 2012-05-17 17:51 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-13 01:18 - 2012-05-17 17:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-13 01:18 - 2012-05-17 17:47 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-13 01:18 - 2012-05-17 15:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-13 01:18 - 2012-05-17 14:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-13 01:18 - 2012-05-17 14:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-13 01:18 - 2012-05-17 14:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-13 01:18 - 2012-05-17 14:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-13 01:18 - 2012-05-17 14:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-13 01:18 - 2012-05-17 14:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-13 01:18 - 2012-05-17 14:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-13 01:18 - 2012-05-17 14:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-13 01:18 - 2012-05-17 14:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-13 01:18 - 2012-05-17 14:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-13 01:18 - 2012-05-17 14:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-13 01:18 - 2012-05-17 14:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-13 01:18 - 2012-05-17 14:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-13 01:08 - 2012-06-13 01:08 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\{3A9056E1-4978-44AC-AC55-E534BC19BE4D}
2012-06-13 01:08 - 2012-06-13 01:08 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\{012BC0F1-5093-4B02-A321-AA16BFF16CBF}
2012-06-13 00:00 - 2012-05-14 17:32 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-13 00:00 - 2012-05-04 03:06 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-06-13 00:00 - 2012-05-04 02:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-06-13 00:00 - 2012-05-04 02:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-06-13 00:00 - 2012-04-30 21:40 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-06-13 00:00 - 2012-04-27 19:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-13 00:00 - 2012-04-25 21:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-06-13 00:00 - 2012-04-25 21:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-06-13 00:00 - 2012-04-25 21:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-06-13 00:00 - 2012-04-23 21:37 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-06-13 00:00 - 2012-04-23 21:37 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-06-13 00:00 - 2012-04-23 21:37 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-06-13 00:00 - 2012-04-23 20:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-06-13 00:00 - 2012-04-23 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-06-13 00:00 - 2012-04-23 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-06-13 00:00 - 2012-04-07 04:31 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-06-13 00:00 - 2012-04-07 03:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2012-06-12 13:07 - 2012-06-12 13:07 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\{E2DFC629-28E5-4153-A5AC-11AB8472886E}
2012-06-12 13:07 - 2012-06-12 13:07 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\{B1E8DFCC-461E-4C86-957C-575F43D184D3}
2012-06-12 13:07 - 2012-06-12 13:07 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\{024FBFE1-3023-4401-8EC4-AFFF80E6C566}
2012-06-12 13:06 - 2012-06-12 13:07 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\{0FD2C386-483A-4DBA-B310-3768D019D21A}
2012-06-12 01:06 - 2012-06-12 01:06 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\{A8621A8C-77E0-44D4-AA5A-339F23686FA8}
2012-06-12 01:06 - 2012-06-12 01:06 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\{33EF063A-91E5-4A46-B14D-FF8EFFF17AD5}
2012-06-11 16:11 - 2012-06-11 16:11 - 00000000 ____D C:\Windows\Sun
2012-06-11 15:44 - 2012-06-19 14:09 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\CRE
2012-06-11 11:21 - 2012-06-11 11:21 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\{EB266CD4-8705-4C41-84A6-09CC1AC9BDCB}
2012-06-11 11:21 - 2012-06-11 11:21 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\{AE8B5176-24A3-48B0-9309-7B90090B9341}
2012-06-10 23:20 - 2012-06-10 23:21 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\{0156FA2D-AE16-496F-8FD8-4D6FEA70994C}
2012-06-10 23:20 - 2012-06-10 23:20 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\{63C51A33-B5C9-4681-8EEA-A7CD60587A59}
2012-06-10 23:20 - 2012-06-10 23:20 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\{16D7E3BE-F296-4B24-8C84-BD98011B68A0}
2012-06-10 11:19 - 2012-06-10 23:20 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\{AB0A4980-A744-47DB-939F-532D7F836E1A}
2012-06-10 11:19 - 2012-06-10 11:19 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\{E59E723E-DB1A-43C2-88A6-87643110C761}
2012-06-10 00:53 - 2012-06-30 20:34 - 00000000 ____D C:\Program Files (x86)\Amazon
2012-06-09 23:19 - 2012-06-09 23:19 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\{A8E6E5A1-1713-4B89-8052-B5ECA802093E}
2012-06-09 23:18 - 2012-06-09 23:19 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\{07BB1206-24F2-47C5-9E62-DA506B82A4D2}
2012-06-09 11:18 - 2012-06-09 11:18 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\{D60A9B32-AB74-454E-A056-19613F95868C}
2012-06-09 11:18 - 2012-06-09 11:18 - 00000000 ____D C:\Users\Oleuanna\AppData\Local\{3F078562-49CC-4D9A-A343-DEE2A3B9BB9B}

============ 3 Months Modified Files ========================

2012-07-09 13:48 - 2012-03-17 09:35 - 00000920 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-725012988-2077640657-2150448371-1000UA.job
2012-07-09 13:47 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-09 13:46 - 2009-07-13 20:51 - 00088291 ____A C:\Windows\setupact.log
2012-07-09 13:43 - 2011-12-30 00:46 - 02032620 ____A C:\Windows\WindowsUpdate.log
2012-07-09 13:40 - 2012-07-09 13:40 - 01434401 ____A (Farbar) C:\Users\Oleuanna\Downloads\FRST64.exe
2012-07-09 08:48 - 2012-03-17 09:35 - 00000868 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-725012988-2077640657-2150448371-1000Core.job
2012-07-09 03:22 - 2009-07-13 20:45 - 00032064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-09 03:22 - 2009-07-13 20:45 - 00032064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-08 18:32 - 2012-07-08 18:32 - 00046671 ____A C:\ComboFix.txt
2012-07-08 18:24 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2012-07-08 18:22 - 2010-11-20 19:47 - 00338340 ____A C:\Windows\PFRO.log
2012-07-08 17:52 - 2012-07-08 17:52 - 00001945 ____A C:\rkill.log
2012-07-08 17:50 - 2012-07-08 17:50 - 01012656 ____A C:\Users\Oleuanna\Downloads\rkill.exe
2012-07-08 08:22 - 2012-07-08 08:22 - 00077970 ____A C:\Users\Oleuanna\Downloads\Extras.Txt
2012-07-08 08:19 - 2012-07-08 08:19 - 00366494 ____A C:\Users\Oleuanna\Downloads\OTL.Txt
2012-07-08 07:14 - 2012-07-08 07:14 - 00595968 ____A (OldTimer Tools) C:\Users\Oleuanna\Downloads\OTL.exe
2012-07-07 22:25 - 2012-07-07 22:25 - 00031252 ____A C:\Users\Oleuanna\Downloads\logaster_No_17_small_size_70x84_pixels_(PNG).zip
2012-07-07 20:24 - 2012-07-07 20:24 - 00000053 ____A C:\Users\Oleuanna\Downloads\google7f3126a2d221cfd6 (1).html
2012-07-07 19:48 - 2012-07-07 19:48 - 00000053 ____A C:\Users\Oleuanna\Downloads\google72267d83769ee92f (2).html
2012-07-07 19:22 - 2012-07-07 19:22 - 00000053 ____A C:\Users\Oleuanna\Downloads\google7f3126a2d221cfd6.html
2012-07-07 18:25 - 2012-07-07 18:25 - 00000053 ____A C:\Users\Oleuanna\Downloads\google72267d83769ee92f.html
2012-07-07 18:25 - 2012-07-07 18:25 - 00000053 ____A C:\Users\Oleuanna\Downloads\google72267d83769ee92f (1).html
2012-07-06 20:06 - 2012-07-06 20:06 - 01287528 ____A (Microsoft Corporation) C:\Users\Oleuanna\Downloads\wlsetup-web.exe
2012-07-06 16:23 - 2012-07-06 16:23 - 04573044 ____R (Swearware) C:\Users\Oleuanna\Downloads\ComboFix.exe
2012-07-06 02:18 - 2012-07-06 02:18 - 00283440 ____A (Premium) C:\Users\Oleuanna\Downloads\Codec-V (1).exe
2012-07-06 02:17 - 2012-07-06 02:17 - 00283440 ____A (Premium) C:\Users\Oleuanna\Downloads\Codec-V.exe
2012-07-06 02:00 - 2012-07-06 02:00 - 00933256 ____A (DivX, LLC) C:\Users\Oleuanna\Downloads\DivXWebPlayerInstaller.exe
2012-07-05 15:37 - 2012-07-05 15:37 - 00270416 ____A C:\Windows\Minidump\070612-42385-01.dmp
2012-07-05 15:37 - 2011-11-26 19:14 - 657832687 ____A C:\Windows\MEMORY.DMP
2012-07-05 15:07 - 2012-06-21 18:43 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2012-07-05 14:49 - 2012-07-05 14:49 - 04731392 ____A (AVAST Software) C:\Users\Oleuanna\Downloads\aswMBR.exe
2012-07-03 08:21 - 2012-06-21 18:43 - 00285328 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-07-03 04:06 - 2012-01-28 14:48 - 00000344 ____A C:\Windows\Tasks\HPCeeScheduleForOleuanna.job
2012-07-01 18:06 - 2012-07-01 13:23 - 00223141 ____A C:\Users\Oleuanna\Desktop\en-soi pour-soi arts .bpdx
2012-06-30 21:23 - 2011-10-19 07:46 - 00109744 ____A C:\Users\Oleuanna\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-30 21:02 - 2009-07-13 20:45 - 04971640 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-30 14:41 - 2012-06-30 14:41 - 00033758 ____A C:\Users\Oleuanna\AppData\Local\dt.dat
2012-06-29 16:02 - 2012-06-21 18:03 - 00001945 ____A C:\Windows\epplauncher.mif
2012-06-29 12:06 - 2012-03-29 02:26 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-06-29 12:06 - 2011-10-19 11:31 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-06-29 10:54 - 2012-05-18 10:30 - 00095796 ____A C:\Windows\System32\avgrep.txt
2012-06-29 06:53 - 2012-06-29 06:53 - 00328064 ____A (AVAST Software) C:\Users\Oleuanna\Downloads\aswclear.exe
2012-06-26 17:21 - 2009-07-13 21:08 - 00032620 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-06-23 01:05 - 2012-05-18 09:37 - 00871040 ____A C:\Users\Oleuanna\AppData\Local\census.cache
2012-06-23 01:05 - 2012-05-18 09:34 - 00123406 ____A C:\Users\Oleuanna\AppData\Local\ars.cache
2012-06-21 19:15 - 2012-05-19 03:20 - 00000045 ____A C:\Windows\look.bat
2012-06-21 18:09 - 2012-06-21 18:09 - 00735230 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-06-20 08:08 - 2012-06-20 08:08 - 00270416 ____A C:\Windows\Minidump\062012-23353-01.dmp
2012-06-20 05:26 - 2012-06-20 05:26 - 00270416 ____A C:\Windows\Minidump\062012-22713-01.dmp
2012-06-13 01:29 - 2009-07-13 21:13 - 00732070 ____A C:\Windows\System32\PerfStringBackup.INI
2012-06-13 01:25 - 2011-10-21 09:22 - 58957832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-02 14:19 - 2012-06-21 07:38 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-21 07:38 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-21 07:38 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-21 07:38 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-21 07:38 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-21 07:38 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-21 07:38 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 06:19 - 2012-06-21 07:38 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 06:15 - 2012-06-21 07:38 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-05-31 12:35 - 2012-05-31 12:36 - 00955848 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2012-05-31 12:35 - 2011-05-14 12:07 - 00839112 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2012-05-31 01:24 - 2012-05-31 01:24 - 00270416 ____A C:\Windows\Minidump\053112-23384-01.dmp
2012-05-30 05:39 - 2012-05-30 05:39 - 01730394 ____A C:\Users\Oleuanna\Documents\bookmarks-2012-05-30.json
2012-05-30 05:39 - 2012-05-30 05:39 - 00887078 ____A C:\Users\Oleuanna\Documents\bookmarks (2).html
2012-05-24 07:30 - 2012-05-24 07:30 - 00270416 ____A C:\Windows\Minidump\052412-41636-01.dmp
2012-05-24 03:28 - 2012-05-24 03:28 - 00000000 ____A C:\Users\Oleuanna\defogger_reenable
2012-05-22 17:13 - 2012-05-22 17:13 - 00476664 ____A C:\Windows\Minidump\052312-44070-01.dmp
2012-05-19 12:23 - 2012-05-19 12:23 - 00842757 ____A C:\Users\Oleuanna\Documents\bookmarks.html
2012-05-19 07:55 - 2011-05-14 12:00 - 00002114 ____A C:\Windows\DirectX.log
2012-05-19 06:06 - 2012-05-19 06:06 - 00006866 ____A C:\Users\Oleuanna\tempfile.txt
2012-05-18 08:45 - 2012-05-18 08:45 - 00000036 ____A C:\Users\Oleuanna\AppData\Local\housecall.guid.cache
2012-05-17 18:47 - 2012-06-13 01:18 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-05-17 18:16 - 2012-06-13 01:18 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-05-17 18:06 - 2012-06-13 01:18 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-05-17 17:59 - 2012-06-13 01:18 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-17 17:59 - 2012-06-13 01:18 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-05-17 17:58 - 2012-06-13 01:18 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-05-17 17:58 - 2012-06-13 01:18 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-05-17 17:56 - 2012-06-13 01:18 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-17 17:55 - 2012-06-13 01:18 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-05-17 17:55 - 2012-06-13 01:18 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-05-17 17:54 - 2012-06-13 01:18 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-05-17 17:51 - 2012-06-13 01:18 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-05-17 17:51 - 2012-06-13 01:18 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-05-17 17:47 - 2012-06-13 01:18 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-05-17 15:11 - 2012-06-13 01:18 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-05-17 14:48 - 2012-06-13 01:18 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-05-17 14:45 - 2012-06-13 01:18 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-05-17 14:36 - 2012-06-13 01:18 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-05-17 14:35 - 2012-06-13 01:18 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-05-17 14:35 - 2012-06-13 01:18 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-17 14:33 - 2012-06-13 01:18 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-05-17 14:31 - 2012-06-13 01:18 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-05-17 14:29 - 2012-06-13 01:18 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-05-17 14:29 - 2012-06-13 01:18 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-05-17 14:27 - 2012-06-13 01:18 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-05-17 14:25 - 2012-06-13 01:18 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-05-17 14:24 - 2012-06-13 01:18 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-05-17 14:20 - 2012-06-13 01:18 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-05-15 21:13 - 2012-05-15 21:13 - 00270416 ____A C:\Windows\Minidump\051612-32214-01.dmp
2012-05-14 17:32 - 2012-06-13 00:00 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-06 12:43 - 2012-05-06 12:42 - 00498232 ____A C:\Windows\Minidump\050612-33181-01.dmp
2012-05-06 04:38 - 2011-11-12 05:13 - 00415915 ____A C:\Windows\System32\Drivers\vsconfig.xml
2012-05-06 04:30 - 2011-12-15 01:40 - 00000362 ____A C:\user.js
2012-05-05 20:37 - 2012-05-05 20:37 - 00616362 ____A C:\Users\Oleuanna\Documents\bookmarks-2012-05-06.json
2012-05-04 03:06 - 2012-06-13 00:00 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 02:03 - 2012-06-13 00:00 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 02:03 - 2012-06-13 00:00 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-04-30 21:40 - 2012-06-13 00:00 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-27 19:55 - 2012-06-13 00:00 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-25 21:41 - 2012-06-13 00:00 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 21:41 - 2012-06-13 00:00 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 21:34 - 2012-06-13 00:00 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-23 21:37 - 2012-06-13 00:00 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-23 21:37 - 2012-06-13 00:00 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 21:37 - 2012-06-13 00:00 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-23 20:36 - 2012-06-13 00:00 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-04-23 20:36 - 2012-06-13 00:00 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-04-23 20:36 - 2012-06-13 00:00 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-04-19 04:33 - 2012-04-19 04:33 - 00262144 ____A C:\Windows\Minidump\041912-42744-01.dmp
2012-04-12 12:15 - 2009-07-13 18:34 - 00000478 ____A C:\Windows\win.ini


========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 18%
Total physical RAM: 3893.86 MB
Available physical RAM: 3167.33 MB
Total Pagefile: 3892.01 MB
Available Pagefile: 3161.59 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:684.72 GB) (Free:366.62 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive e: (RECOVERY) (Fixed) (Total:13.62 GB) (Free:1.52 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
5 Drive h: () (Removable) (Total:7.45 GB) (Free:3.28 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.25 GB) (Free:0.25 GB) NTFS
7 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 698 GB 0 B
Disk 1 Online 7633 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 199 MB 1024 KB
Partition 2 Primary 684 GB 200 MB
Partition 3 Primary 13 GB 684 GB
Partition 4 Primary 102 MB 698 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 684 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E RECOVERY NTFS Partition 13 GB Healthy

==================================================================================

Disk: 0
Partition 4
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F HP_TOOLS FAT32 Partition 102 MB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7633 MB 16 KB

==================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H FAT32 Removable 7633 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-06-30 02:21

======================= End Of Log ==========================

#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,764 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:54 PM

Posted 10 July 2012 - 07:44 AM

The log is clean.

Please try this.

How To Start Windows 7 Using Last Known Good Configuration
http://pcsupport.about.com/od/windows7/ss/last-known-good-configuration-windows-7.htm

Does you computer start in normal mode?

#15 Oleuanna

Oleuanna
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Local time:05:54 PM

Posted 10 July 2012 - 04:10 PM

It starts fine in normal mode it just doesn't allow certain programs to work on it like anti viruses. I shall use your suggestion.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users