Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

windows 7 very slow, even in safe mode


  • This topic is locked This topic is locked
19 replies to this topic

#1 beernpasty

beernpasty

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:37 PM

Posted 15 October 2012 - 03:53 PM

Hi,


I'm not sure if I'm posting this in the right place, but as this is a fairly new pc and isn't running any heavy applications, I have a sneaky suspicion there might be a virus or something else on this pc.

I'm currently running in safe mode (plus networking) and everything is ridiculously slow. For example, right-hand mouse clicking on my computer and selecting Properties takes about 5 minutes.

I've ran DDS and attached the file "attach.txt" (possibly multiple times as the webpage doesn't seem to refresh properly and I can't see the list of attached files).When DDS runs, it doesn't seem able to create the file DDS as that process seems to take forever. I've been waiting for half an hour and the DOS window is still visible and is indicating it's still running.
So, I'm afraid at this point I can't attach it.


The pc is a Compaq CQ1110UK, AMD E-450 APU 1.65 GHz, installed RAM 2.00 GB, 64 bit.
Again, I hope I've posted this in the right place.
Please let me know if I need to provide anything else.

Thanks in advance

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,541 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:37 PM

Posted 16 October 2012 - 10:21 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

  • Download OTL to your Desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    %systemroot%\system32\drivers\*.sys /90
    %systemroot%\*. /mp /s
    c:\$recycle.bin\*.* /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    explorer.exe
    svchost.exe
    userinit.exe
    qmgr.dll
    proquota.exe
    kernel32.dll
    ndis.sys
    autochk.exe
    spoolsv.exe
    xmlprov.dll
    ntmssvc.dll
    mswsock.dll
    Beep.SYS
    ntfs.sys
    termsrv.dll
    sfcfiles.dll
    st3shark.sys
    ahcix86.sys
    srsvc.dll
    /md5stop
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
===

Wait for further instructions.

#3 beernpasty

beernpasty
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:37 PM

Posted 17 October 2012 - 07:18 AM

Hi nasdaq,

Thanks for helping me.
Well, I eventually downloaded OTL but I had to go into safe mode as the browser was just not responding in normal mode.
But I presumed I had to run OTL in normal mode, so I started that at 10pm last night.
At 23:15 it was still going and left it running. The info at the bottom of the window where it showed what it was doing,
was changing from time to time so it seemed it was actually doing something.

This morning, it was still running, again the info was telling me it was doing something else.
However, just before I left for work I checked again and the screen suddenly showed a DOS like screen telling me
something had gone wrong and it was going into system recovery.
The system booted up again, and I decided to start OTL again.
I won't be home for another 5 hours but I'll post any results if there are any.

Also, I went into the machine's start-up menu (not windows, but by pressing Esc as soon as the machine boots up).
In this menu, there was an option to do a system diagnostic check which I did.
It passed most of the checks but I did get something like "S.M.A.R.T test failed, error 303" (or something similar as
this is from memory). I did google this and all I could find is that there might be an issue with the hard drive.
However, I also found a lot of articles that S.M.A.R.T is not realy that reliable.
Not sure what to make of it, but I thought it's better to mention it to you.

I hope OTL will have finished by the time I get home and I can report back the results.
I'll keep you posted.

#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,541 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:37 PM

Posted 17 October 2012 - 09:41 AM

Sure looks to me as a Hard Driver issue.

http://h30434.www3.hp.com/t5/Notebook-Lockups-Freezes-Hangs/SMART-Hard-Disk-Error-301-303/td-p/479905
===

If OTL is still running stop the Process.
CTRL+ALT+DEL > Taskmanager < stop the process.

===

Restart in Safe mode and run OTL from there.
It should not take more than one hour to complete.

#5 beernpasty

beernpasty
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:37 PM

Posted 20 October 2012 - 03:34 AM

Hi nasdaq,

my apologies for the delay, bnut i couldn't get into safe mode for a few days, so hyad to run it in normal mode. but it did eventually finish.
here's the contents of Extras.txt:

OTL Extras logfile created on: 10/17/2012 9:01:10 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Liane\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.60 Gb Total Physical Memory | 0.49 Gb Available Physical Memory | 30.38% Memory free
3.20 Gb Paging File | 1.95 Gb Available in Paging File | 60.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454.66 Gb Total Space | 404.64 Gb Free Space | 89.00% Space Free | Partition Type: NTFS
Drive D: | 11.00 Gb Total Space | 1.35 Gb Free Space | 12.23% Space Free | Partition Type: NTFS

Computer Name: LIANE-HP | User Name: Liane | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{137B0E51-8531-4826-8CF8-69BDBA5198C8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{15C2A65B-C377-464C-9A95-85CF3F6B8D42}" = lport=9333 | protocol=6 | dir=in | name=ekdiscovery |
"{16B4E680-E4BA-427A-BC5B-9C716F890506}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{23A86DE9-C61F-4EA3-9ECA-BFDF20122A0E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{2423743F-8964-4C43-A96A-6E78441B9D67}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{24DA6F46-BB07-4C8C-A244-FCE87EE02B13}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |
"{2E4CDCE2-C144-44B7-B172-6F96096F2371}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3C04DB14-5037-4CDA-8827-EB98C7B4E3D0}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{3E903674-6F24-443D-B161-0DE337FDE5E5}" = lport=138 | protocol=17 | dir=in | app=system |
"{3FE3BCA8-CDB6-4541-A794-A220EAF36B60}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{5359C01B-FED4-41CE-B91C-E4D348D3D7FC}" = rport=445 | protocol=6 | dir=out | app=system |
"{5366A1D7-F45F-4996-A63A-C63249E791DD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{539AFFB9-5FCE-45CA-AD06-A50AD3191578}" = lport=139 | protocol=6 | dir=in | app=system |
"{5525BA37-1FCD-4612-BA59-5681514B02ED}" = rport=139 | protocol=6 | dir=out | app=system |
"{5772C44E-7AD9-4408-AE16-444D9A990B2A}" = rport=137 | protocol=17 | dir=out | app=system |
"{5C767AEF-AD4C-4204-AB4B-13E26629D4EB}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |
"{5C9F70E5-ED5E-4A0A-A6E4-B08213FFEFB1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6227D228-97F3-44DB-A4A4-803B6AB683FF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{851D8D65-BD6A-4652-8B08-A1527805A069}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{897C9206-D424-4DDF-B84A-E37FF5E567F8}" = lport=137 | protocol=17 | dir=in | app=system |
"{8BD11521-E6DF-4008-8CB6-A641E74D6E4D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8CFE05B1-D3AF-4C10-AF75-1B4E1E7253B5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8D091764-B4D3-496E-8912-3FD322EAEC56}" = rport=10243 | protocol=6 | dir=out | app=system |
"{9572BBE5-FCD5-408C-A901-FE0DE1B2A8EF}" = lport=445 | protocol=6 | dir=in | app=system |
"{970E414E-5B32-4BEC-B05A-474E5B6C2963}" = rport=138 | protocol=17 | dir=out | app=system |
"{9D3B77DC-E5C2-4A48-960E-A6DB7A9526CB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AC16F23E-F69E-47B5-AF3F-CC6167EF4089}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AD79E80F-09E3-45AD-B664-0DD012A6B226}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{B26885E2-8068-46F4-98A1-58D8284DB225}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B3285455-7F0F-4710-89A2-0485D7C14B80}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{BE4460BA-53C1-45CF-9BF4-ECC83B93680B}" = lport=9333 | protocol=6 | dir=in | name=addiscovery |
"{C348C2EF-F0BC-45B9-A61E-153CD97B5E4A}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{D9957E3B-C157-4D11-B54C-1A1CF9033289}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E625E8C1-AC31-46D0-8970-49350C5F8F3D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{EB4A9265-1806-4791-AC5F-8B2AFD0F3837}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{ED6A7752-3CE0-4411-8839-695686177167}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EFBC9887-34AF-4A21-9244-C1EE7CA4E11E}" = lport=10243 | protocol=6 | dir=in | app=system |
"{FD9FE0BC-DA09-4350-956A-9B5F78F5A0E1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00208829-7D27-45B2-8799-2754831CE383}" = protocol=17 | dir=in | app=c:\program files (x86)\advent\aio\firmware\adventaioupdater.exe |
"{00525B87-56A9-4060-90A6-963EC33B371A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{081BA741-7991-4599-B5D0-EA5B9F9E4C88}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\comodo\geekbuddyrsp.exe |
"{1F76C2A2-D2AF-4754-8026-54F1C37F2716}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{26962DE4-E9E7-4C29-B6FD-6B2ADFBCDDE8}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\comodo\geekbuddyrsp.exe |
"{2B2FE889-2B23-4EF3-BEA2-F25AD1B85638}" = dir=in | app=c:\program files (x86)\easybits for kids\ezdesktop.exe |
"{2EBCE643-DE88-4AE3-8B5C-64B12470E09C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3972FBE5-6DD9-411C-9AE9-D80973052913}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3A58CF38-5E67-4C7E-94B8-F495C9D674DE}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{3BCE5A6C-984D-4925-98B9-BFBF7976B5FE}" = protocol=6 | dir=in | app=c:\programdata\advent\installer\setup.exe |
"{4759AB83-0D58-4929-BE17-2902E1E90BA5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{58FBCA76-99EF-4303-AD1A-FBE07A10972B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5C3B1FCB-FB0C-4450-9A27-9CDDA24CC8DE}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{5F6F6760-9447-4C8C-B11D-4FC6EEDD5066}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{61AE79E1-6DCF-4681-A368-A11C3EDB2655}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\comodo\tvnserver.exe |
"{69F4146E-45A2-4530-8BCD-A1060796C103}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6B8AE2B9-9210-48F9-9B82-F6EC8D5D7856}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{6F5B2029-D72C-473B-A65A-F5AA749C1327}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{789A6FC0-D5FB-4A1A-9B7D-048FE6EE0DC8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7F13FB18-17CA-4187-9311-3EF676F81E65}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8CCADCFC-B947-4445-9406-47FDCED87243}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{90C9259A-655A-4324-A83F-5C285DEA948D}" = protocol=6 | dir=in | app=c:\program files (x86)\advent\aio\center\advent.statistics.exe |
"{91ADCE29-C859-4C5A-B927-859A2FEB3CDB}" = protocol=17 | dir=in | app=c:\program files (x86)\advent\aio\center\adnetworkprinterdiscovery.exe |
"{974A2BC5-281A-4A3F-B89F-CBB29A0D7F76}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{974BBC92-FAA6-48A3-92F5-81DA4BF5C2E0}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\comodo\tvnserver.exe |
"{9C57A265-490D-413E-A22A-21F86B63AD95}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{A5B54454-D2FB-4997-A53D-B603DCDE5942}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A9EA2787-F440-4EB4-981C-E72B2942B7E9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{B20EE58B-BC1E-4079-A675-208C9633A415}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{BB3FED19-103F-4D22-8B66-9EF0FB51EAC3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BCDDE196-64BF-4E0A-928F-4D8ACD6A64EA}" = protocol=6 | dir=in | app=c:\program files (x86)\advent\aio\center\adnetworkprinterdiscovery.exe |
"{C20D92FE-A11A-4D6B-A172-383B6D5CB81D}" = protocol=17 | dir=in | app=c:\program files (x86)\advent\aio\center\advent.statistics.exe |
"{C2D856EE-B3C1-4683-985F-6EC65F8679A5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C4B190EE-7982-41CF-A746-7AD0D03F9839}" = protocol=17 | dir=in | app=c:\programdata\advent\installer\setup.exe |
"{C7EAAE98-36AF-4458-8AEB-F8BC14B9B900}" = protocol=6 | dir=in | app=c:\program files (x86)\advent\aio\firmware\adventaioupdater.exe |
"{CCCE6B6D-82E7-4EE1-BCC2-18C4BC93EC40}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CD18D42C-B973-43D0-9213-AA42C97DB69C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D4C41517-9938-4F7E-91D0-92D5F9CFF97D}" = dir=in | app=c:\users\liane\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{DD287921-6924-4F86-889B-A51E14180998}" = protocol=6 | dir=out | app=system |
"{DD68EBDE-3CB8-4769-838D-07DB5E4868AB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DFCCF09E-25E8-4049-B7A9-65CC589A039D}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{E3106A65-3974-41A1-B031-429123BA09A7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E311001E-C63B-48CF-B563-CE21C122D5EA}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{E65CE895-D613-4E65-9C82-FBED089450A1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8341EE6-EA70-415D-8C1A-77BC0A6DDCF5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EE1E58F2-7808-4F29-8FB3-99345D5810E9}" = dir=in | app=c:\windows\system32\ezsharedsvchost.exe |
"{F811874C-8101-483C-B5B7-E33079DDBF2C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FC807947-B6ED-4F8F-894D-A8E68630A307}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"TCP Query User{8DF53A90-F6D6-41C6-ABE1-D0F78F1BB82F}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"TCP Query User{C97195DC-EA13-45C5-8D9B-7DA902BEA474}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"UDP Query User{B9A354DB-B1CE-4770-A6F3-7BDCB4BA3FD9}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"UDP Query User{D8697723-DBA8-424C-94A3-A170AB1E5C14}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1CA75E08-616B-4F3C-A8E6-5E4BDC04E398}" = ADVENT AIO Printer
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A32081FF-1C9F-2D6C-28A5-F074789EED23}" = ATI Catalyst Install Manager
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{BECBE158-A972-4803-5737-5D8D92BB1824}" = ccc-utility64
"{C47DC7DE-B551-0CF0-25B3-29B738C145DA}" = AMD Media Foundation Decoders
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D6AB1F5B-FED6-49A9-9747-327BD28FB3C7}" = COMODO Internet Security
"{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0414F6AB-EAE7-44F8-8A32-5AD9629BC8EE}" = GeekBuddy
"{043547FD-5AC7-37EA-AF21-C30B9F180DAA}" = CCC Help Chinese Standard
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B531584-9628-E94E-51D6-2DCC231095A9}" = CCC Help French
"{0CEAA572-2B02-16F4-2BE3-23DF7CDAFE37}" = CCC Help German
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{136BB0FD-7E70-40F5-B17E-5FB91F229463}" = AdC4USelfUpdater
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar
"{1BAE8AB6-4533-4CB1-94D6-A5F401ED468C}" = aioscnnr
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25733E98-8EBC-0EDC-87F5-D26E9727F7C1}" = CCC Help English
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java™ 7 Update 4
"{27B5D9DE-D57D-48ee-A4F1-DC3D9DA0DF57}" = Advent AIO Software
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{28DE5C41-6225-4201-A4E4-DB31BAB1419A}" = ocr
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A540F1C-B41E-64C0-BD28-E3DAFDDCDBE3}" = CCC Help Korean
"{2C03D883-70B9-7EB3-302E-22ABF68051A0}" = CCC Help Swedish
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{365A1BAF-68D4-9807-FEAD-D29350BB3F1D}" = CCC Help Czech
"{3A0D4D4C-A2C7-5EC6-E688-49A5BABCDDC4}" = CCC Help Finnish
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{421CFC38-D886-BBEB-3D0E-007479EF3F5F}" = Catalyst Control Center Localization All
"{42A311E6-524A-6BDE-92AD-30C80D5A6512}" = CCC Help Portuguese
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{48F7A88C-516F-67F6-165A-592B66861889}" = CCC Help Dutch
"{4973FC3B-FF66-4610-B9ED-2DDEFBF4D2D7}" = PreReq
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{6023CC4E-402B-DCD0-390F-1EAF53CB2461}" = CCC Help Polish
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61381690-7DDA-44F6-B3F0-6529FB8B6E5D}" = Advent Essentials
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.2.0
"{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}" = HP Support Assistant
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BD1217B-C2D3-29B5-D0D2-CBAD0CCACB5A}" = CCC Help Spanish
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7F2A11F4-EAE8-4325-83EC-E3E99F85169E}" = HP Support Information
"{7FB00B6B-6843-97EC-EED6-78BD6D35370A}" = Zinio Reader 4
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{896AD8E0-786D-4FF9-69EA-ACDC076EF746}" = Catalyst Control Center InstallProxy
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0062-0409-0000-0000000FF1CE}" = Microsoft Office Home and Business 2010 - English
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{907DA5C6-E97A-AF4E-ED91-9323061E6E1B}" = CCC Help Norwegian
"{912CED74-88D3-4C5B-ACB0-132318649765}" = PressReader
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-0081-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E3E3D64-5A2A-4CEF-A500-EB71188DBA90}" = OpenOffice.org 3.4.1
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2BE22D4-0F66-455E-9783-1D7113CC6F00}" = Catalyst Control Center - Branding
"{A56A3979-EA31-AB62-7033-78FE64609BD3}" = CCC Help Hungarian
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = Compaq Setup Manager
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B91E1F62-0923-C342-6ADE-5A215C168EB8}" = AMD VISION Engine Control Center
"{BA2D2D58-1A78-8474-43EC-77F4E06AB44C}" = Catalyst Control Center Graphics Previews Common
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CAEF7665-2A8B-DCF7-6AFD-BA0EFA7325F7}" = CCC Help Turkish
"{CBF33DFC-DE18-12E1-73A5-8F1618DD86D9}" = CCC Help Thai
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D0DB48D4-EA2B-4586-092F-9D2A4ECD52ED}" = CCC Help Italian
"{D35B72B6-F0E4-462B-BDEB-E08032B3B681}" = HP Setup
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D57A8C30-6026-BB92-C7A3-7EA914093223}" = CCC Help Japanese
"{DB503A85-52F2-2FB6-C6BC-E4732CFC7FC4}" = CCC Help Chinese Traditional
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2A7C33E-32AD-298D-8034-DF08CD2B4A42}" = CCC Help Russian
"{E6B43401-E818-4961-AFED-118DD8E87642}" = RAF
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB790A41-E75C-56E0-D0E4-D9C7596AEFAE}" = CCC Help Greek
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FCED06E7-5058-5982-DC0D-AE2A9025CE74}" = CCC Help Danish
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"avast" = avast! Free Antivirus
"Comodo Dragon" = Comodo Dragon
"Disney Pirates of the Caribbean Online" = Disney Pirates of the Caribbean Online
"EasyBits Magic Desktop" = Magic Desktop
"FinePix Genie_is1" = FUJIFILM MyFinePix Studio 2.0
"Google Chrome" = Google Chrome
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"Kobo" = Kobo
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"PDF Complete" = PDF Complete Special Edition
"PunkBusterSvc" = PunkBuster Services
"RealPlayer 15.0" = RealPlayer
"Registry Mechanic_is1" = PC Tools Registry Mechanic 11.0
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WTA-112b6d8a-d374-4f94-8c33-ec3d248bba37" = Agatha Christie - Peril at End House
"WTA-16aca814-92af-415d-a4cb-73725b1d8304" = Cradle of Rome 2
"WTA-1d135782-8ec3-4321-b638-c0ce4b427729" = Slingo Deluxe
"WTA-227842d6-d741-4af2-9dc4-8bb1651ce19f" = Jewel Quest Solitaire
"WTA-29165efd-29cf-42e4-aa68-1284ac18c036" = Polar Bowler
"WTA-2defdb88-0ba5-42ae-8558-8fe1876a99a6" = Zuma Deluxe
"WTA-31ea001a-192f-40dd-bb12-6267d1fa5a2e" = Bounce Symphony
"WTA-530b3f95-41a6-4fb5-aaae-6467ef9004fc" = Cake Mania
"WTA-53985a7c-4ecb-46c3-bb03-b13d45b56c27" = Bejeweled 3
"WTA-6e275ffa-6ec5-4913-ad34-9b0f3358cd7e" = Namco All-Stars: PAC-MAN
"WTA-76cba0ec-3971-4bbc-b8d7-a0a2f1effa10" = Mystery of Mortlake Mansion
"WTA-7c91fd92-311a-4d6a-98c4-a4f296e66a41" = Chuzzle Deluxe
"WTA-889db377-ace6-49c7-9749-64e60a140333" = Farm Frenzy
"WTA-9b1ccb10-95c4-4144-842b-142330078e2e" = Vacation Quest - The Hawaiian Islands
"WTA-a148ceda-b340-42ff-a8b1-bb9a0ba767ab" = Plants vs. Zombies - Game of the Year
"WTA-abb07cca-1caf-479a-a4ac-c02b371bc577" = Penguins!
"WTA-ad2df7d1-25d0-4e19-82fe-0bcddecbee0b" = Mah Jong Medley
"WTA-c608f414-143f-416f-8ac4-fd96beb2cabb" = FATE
"WTA-c98452c0-d32c-40ac-978e-b9ecfca6a9b8" = Jewel Quest: The Sleepless Star - Collector's Edition
"WTA-d5a0a3d0-3601-4fd7-9748-ddf7b898c28e" = Blasterball 3
"WTA-e2b126dd-bcbb-4995-814d-181a1d160e82" = Chronicles of Albian
"WTA-ed2547eb-9f54-4f33-93de-34da7f260e34" = Governor of Poker 2 Premium Edition
"WTA-f3860628-990e-4ca2-9773-a5971f781951" = Virtual Villagers - The Secret City
"ZinioReader4" = Zinio Reader 4

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 9/17/2012 2:41:15 PM | Computer Name = Liane-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 12278

Error - 9/17/2012 2:41:15 PM | Computer Name = Liane-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 12278

Error - 9/17/2012 3:15:06 PM | Computer Name = Liane-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 9/17/2012 3:15:06 PM | Computer Name = Liane-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 11170

Error - 9/17/2012 3:15:06 PM | Computer Name = Liane-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 11170

Error - 9/18/2012 3:06:55 AM | Computer Name = Liane-HP | Source = CVHSVC | ID = 100
Description = Information only. (Patch task for {90140011-0062-0409-0000-0000000FF1CE}):
DownloadLatest Failed: The connection with the server was terminated abnormally


Error - 9/18/2012 3:06:55 AM | Computer Name = Liane-HP | Source = CVHSVC | ID = 100
Description = Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}):
DownloadLatest Failed: The connection with the server was terminated abnormally


Error - 9/18/2012 8:26:25 AM | Computer Name = Liane-HP | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 9/18/2012 9:59:38 AM | Computer Name = Liane-HP | Source = Application Virtualization Client | ID = 6001
Description = {tid=740:usr=Liane} Unable to CreateProcess (rc 1B401F2C-00000005)

Error - 9/18/2012 9:59:38 AM | Computer Name = Liane-HP | Source = Application Virtualization Client | ID = 3079
Description = {hap=29:app=Microsoft Word Starter 2010 9014006604090000:tid=740:usr=Liane}
The
client could not launch Q:\140066.enu\Office14\WINWORDC.EXE (rc 1B401F2C-00000005,
last error 87).

[ Hewlett-Packard Events ]
Error - 5/17/2012 9:36:48 AM | Computer Name = Liane-HP | Source = hpsa_service.exe | ID = 2000
Description =

Error - 5/18/2012 8:21:44 AM | Computer Name = Liane-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 5/31/2012 11:24:25 AM | Computer Name = Liane-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: Failed to perform update. StackTrace: at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateDetail(String
category) at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetectCore()

at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager InnerException.Message:
Object '/9f586dfc_3319_4b64_8737_48caff0a336e/hwjop_3cvsrkynf56xtlohnu_5.rem' has
been disconnected or does not exist at the server. Name: hpsa_service.exe Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 1636 Ram Utilization: 60 TargetSite: Void UpdateDetail(System.String)

Error - 5/31/2012 11:25:15 AM | Computer Name = Liane-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262 at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 1636 Ram Utilization: 70 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

Error - 5/31/2012 11:25:18 AM | Computer Name = Liane-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262HPSF.exe at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 1636 Ram Utilization: 60 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

Error - 6/7/2012 8:08:52 AM | Computer Name = Liane-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262 at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 1636 Ram Utilization: 50 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

Error - 6/7/2012 8:08:54 AM | Computer Name = Liane-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467262HPSF.exe at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Message: Unable to cast object
of type 'System.DBNull' to type 'System.String'. StackTrace: at HP.SupportAssistant.Common.CustomerExperience.HPSFReporting.SaveSessionInfo(DataRow
dr, Boolean bOnlyDetected, HPSASession SFSession) Source: HP.SupportAssistant.Common

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 1636 Ram Utilization: 50 TargetSite: Void SaveSessionInfo(System.Data.DataRow,
Boolean, HP.SupportAssistant.Common.CustomerExperience.HPSASession)

Error - 7/18/2012 12:12:31 PM | Computer Name = Liane-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 7/18/2012 12:12:40 PM | Computer Name = Liane-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 8/9/2012 10:52:07 AM | Computer Name = Liane-HP | Source = HPSF.exe | ID = 4000
Description =

[ System Events ]
Error - 10/17/2012 8:15:30 PM | Computer Name = Liane-HP | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Volume
Shadow Copy service to connect.

Error - 10/17/2012 8:15:30 PM | Computer Name = Liane-HP | Source = Service Control Manager | ID = 7000
Description = The Volume Shadow Copy service failed to start due to the following
error: %%1053

Error - 10/17/2012 8:16:03 PM | Computer Name = Liane-HP | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Volume
Shadow Copy service to connect.

Error - 10/17/2012 8:16:03 PM | Computer Name = Liane-HP | Source = Service Control Manager | ID = 7000
Description = The Volume Shadow Copy service failed to start due to the following
error: %%1053

Error - 10/17/2012 8:16:54 PM | Computer Name = Liane-HP | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Microsoft
Software Shadow Copy Provider service to connect.

Error - 10/17/2012 8:16:54 PM | Computer Name = Liane-HP | Source = Service Control Manager | ID = 7000
Description = The Microsoft Software Shadow Copy Provider service failed to start
due to the following error: %%1053

Error - 10/17/2012 8:16:54 PM | Computer Name = Liane-HP | Source = DCOM | ID = 10005
Description =

Error - 10/18/2012 3:09:05 AM | Computer Name = Liane-HP | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the eventlog service.

Error - 10/18/2012 10:39:03 AM | Computer Name = Liane-HP | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
Presentation Foundation Font Cache 3.0.0.0 service to connect.

Error - 10/18/2012 10:39:03 AM | Computer Name = Liane-HP | Source = Service Control Manager | ID = 7000
Description = The Windows Presentation Foundation Font Cache 3.0.0.0 service failed
to start due to the following error: %%1053


< End of report >

#6 beernpasty

beernpasty
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:37 PM

Posted 20 October 2012 - 03:36 AM

and here's the contents of OTL.txt:

OTL logfile created on: 10/17/2012 9:01:09 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Liane\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.60 Gb Total Physical Memory | 0.49 Gb Available Physical Memory | 30.38% Memory free
3.20 Gb Paging File | 1.95 Gb Available in Paging File | 60.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454.66 Gb Total Space | 404.64 Gb Free Space | 89.00% Space Free | Partition Type: NTFS
Drive D: | 11.00 Gb Total Space | 1.35 Gb Free Space | 12.23% Space Free | Partition Type: NTFS

Computer Name: LIANE-HP | User Name: Liane | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found
PRC - C:\Users\Liane\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe (Comodo Security Solutions, Inc.)
PRC - C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe (Comodo Security Solutions, Inc.)
PRC - C:\Program Files (x86)\Common Files\Comodo\launcher_service.exe (Comodo Security Solutions Inc.)
PRC - C:\Program Files (x86)\Common Files\Comodo\GeekBuddyRSP.exe (Comodo Security Solutions, Inc.)
PRC - C:\Program Files\AVAST Software\Avast\Setup\avast.setup (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\FUJIFILM\MyFinePix Studio\dd.exe ()
PRC - C:\Program Files (x86)\Advent\AIO\Center\ADAIOHostService.exe (Advent)
PRC - C:\Program Files (x86)\Advent\AIO\StatusMonitor\ADPrinterSDK.exe (DSGi)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE (Microsoft Corporation.)
PRC - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE (Microsoft Corporation.)
PRC - C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe (PC Tools)
PRC - C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
PRC - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe (CyberLink)
PRC - C:\Program Files (x86)\PDF Complete\pdfsvc.exe (PDF Complete Inc)
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS)
PRC - C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE ()
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files (x86)\FUJIFILM\MyFinePix Studio\dd.exe ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\Recovery\Language\Enu\DRRC.dll ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE ()


========== Services (SafeList) ==========

SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (cmdAgent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\sysnative\atiesrxx.exe (AMD)
SRV:64bit: - (HPClientSvc) -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (CLPSLauncher) -- C:\Program Files (x86)\Common Files\Comodo\launcher_service.exe (Comodo Security Solutions Inc.)
SRV - (GeekBuddyRSP) -- C:\Program Files (x86)\Common Files\Comodo\GeekBuddyRSP.exe (Comodo Security Solutions, Inc.)
SRV - (Advent AiO Network Discovery Service) -- C:\Program Files (x86)\Advent\AIO\Center\ADAIOHostService.exe (Advent)
SRV - (ADVENT AIO Status Monitor Service) -- C:\Program Files (x86)\Advent\AIO\StatusMonitor\ADPrinterSDK.exe (DSGi)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE (Microsoft Corporation.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE (Microsoft Corporation.)
SRV - (PCToolsSSDMonitorSvc) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe (PC Tools)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (pdfcDispatcher) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe (PDF Complete Inc)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (NOBU) -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (GEARAspiWDM) -- C:\Windows\sysnative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\sysnative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\sysnative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\sysnative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\sysnative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (Sftvol) -- C:\Windows\sysnative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\sysnative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\sysnative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\sysnative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\sysnative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\sysnative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\sysnative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amd_xata) -- C:\Windows\sysnative\drivers\amd_xata.sys (Advanced Micro Devices)
DRV:64bit: - (amd_sata) -- C:\Windows\sysnative\drivers\amd_sata.sys (Advanced Micro Devices)
DRV:64bit: - (usbfilter) -- C:\Windows\sysnative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (RTL8167) -- C:\Windows\sysnative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (TsUsbFlt) -- C:\Windows\sysnative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\sysnative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\sysnative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\sysnative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\sysnative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\sysnative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\sysnative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\sysnative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\sysnative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\sysnative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\sysnative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\sysnative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (RimUsb) -- C:\Windows\sysnative\drivers\RimUsb_AMD64.sys (Research In Motion Limited)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/CQDSK/2
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/CQDSK/2
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CPDTDF&pc=CPDTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=CPDTDF
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPDTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/710-111095-2958-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/CQDSK/2
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/CQDSK/2
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CPDTDF&pc=CPDTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=CPDTDF
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPDTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/710-111095-2958-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/CQDSK/2
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?PC=BNSR
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CPDTDF&pc=CPDTDF&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/web?q={searchterms}&l=dis&o=CPDTDF
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPDTDF
IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/710-111095-2958-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Liane\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/01/10 19:53:42 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\gcswf32.dll
CHR - plugin: Norton Confidential (Enabled) = C:\Users\Liane\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.0.140_0\npcoplgn.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Liane\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Liane\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Users\Liane\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Liane\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Norton Identity Protection = C:\Users\Liane\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.5.11_0\
CHR - Extension: Gmail = C:\Users\Liane\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\sysnative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [tvncontrol] C:\Program Files (x86)\Common Files\Comodo\GeekBuddyRSP.exe (Comodo Security Solutions, Inc.)
O4 - HKCU..\Run: [Device Detection] C:\Program Files (x86)\FUJIFILM\MyFinePix Studio\dd.exe ()
O4 - HKCU..\Run: [Facebook Update] C:\Users\Liane\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - Startup: C:\Users\Liane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} http://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.145.0.cab (Battlefield Heroes Updater)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2DDBBC75-5048-4187-AE80-CCD5B01B80AF}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\sysnative\guard64.dll (COMODO)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\sysnative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{dbd1f440-2864-11e1-8887-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{dbd1f440-2864-11e1-8887-806e6f6e6963}\Shell\AutoRun\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{fb2b383b-7828-11e1-adcd-2c4138aa1363}\Shell - "" = AutoRun
O33 - MountPoints2\{fb2b383b-7828-11e1-adcd-2c4138aa1363}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


========== Files/Folders - Created Within 30 Days ==========

[2012/10/16 22:31:50 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Liane\Desktop\OTL.exe
[2012/10/15 21:39:18 | 000,706,431 | R--- | C] (Swearware) -- C:\Users\Liane\Desktop\dds.com
[2012/10/15 19:22:47 | 000,000,000 | -HSD | C] -- C:\found.000
[2012/10/10 21:04:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Comodo
[2012/10/10 12:46:25 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/10/10 12:46:21 | 003,914,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/10/10 12:46:20 | 003,968,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/10/10 12:45:53 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012/10/10 12:45:53 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012/10/10 12:45:53 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012/10/10 12:45:53 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012/10/10 12:45:51 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012/10/10 12:45:50 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012/10/10 12:45:50 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012/10/10 12:45:50 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012/10/10 12:45:50 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012/10/10 12:45:49 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012/10/10 12:45:49 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012/10/10 12:45:49 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012/10/10 12:45:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012/10/10 12:45:48 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012/10/10 12:45:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/10/10 12:45:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/10/10 12:45:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012/10/10 12:45:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012/10/10 12:45:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012/10/10 12:45:47 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012/10/10 12:45:47 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012/10/10 12:45:47 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012/10/10 12:45:47 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012/10/10 12:45:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/10/10 12:45:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012/10/10 12:45:46 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012/10/10 12:45:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012/10/10 12:45:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012/10/10 12:45:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012/10/10 12:45:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012/10/10 12:45:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/10/10 12:45:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/10/10 12:45:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/10/10 12:45:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/10/10 12:45:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/10/10 12:45:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012/10/10 12:45:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012/10/10 12:45:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012/10/10 12:45:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/10 12:45:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/10 12:45:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012/10/10 12:45:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012/10/10 12:45:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012/10/10 12:45:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012/10/10 12:45:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012/10/10 12:45:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012/10/10 12:45:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012/10/10 12:45:42 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012/10/10 12:45:42 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012/10/10 12:45:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012/10/10 12:45:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012/10/10 12:45:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/10/10 12:45:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/10/10 12:45:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012/10/10 12:45:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012/10/10 12:45:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012/10/10 12:45:40 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012/10/10 12:45:40 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012/10/10 12:45:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012/10/10 12:45:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012/10/10 12:45:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012/10/10 12:45:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012/10/10 12:45:39 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012/10/10 12:45:39 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012/10/10 12:45:39 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012/10/10 12:45:39 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012/10/10 12:45:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012/10/10 12:45:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012/10/10 12:45:37 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012/10/10 12:44:52 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/10/10 12:42:35 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/10/10 12:42:32 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012/10/05 18:40:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/10/05 18:40:23 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2012/10/05 18:39:16 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/10/05 18:39:14 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/10/05 18:39:14 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012/10/05 18:30:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/10/05 18:30:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2012/09/26 12:58:29 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe
[2012/09/23 16:21:14 | 000,000,000 | ---D | C] -- C:\Users\Liane\AppData\Roaming\OpenOffice.org
[2012/09/23 16:13:19 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1
[2012/09/23 16:11:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3
[2012/09/23 16:07:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice
[2012/09/23 16:04:20 | 000,000,000 | ---D | C] -- C:\Users\Liane\AppData\Roaming\mozilla
[2012/09/22 11:15:54 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/09/22 11:15:54 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/09/22 11:15:51 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/09/22 11:15:50 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/09/22 11:15:50 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/09/22 11:15:50 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/09/22 11:15:49 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/09/22 11:15:49 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/09/22 11:15:47 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/09/22 11:15:46 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/09/22 11:15:46 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/09/22 11:15:45 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/09/22 11:15:40 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/09/22 11:15:40 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/09/22 11:15:39 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/18 08:46:14 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/18 08:27:11 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/18 06:52:29 | 000,000,926 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3049913258-1908016960-3075088137-1001UA.job
[2012/10/18 00:59:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/17 21:49:17 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3049913258-1908016960-3075088137-1001Core.job
[2012/10/17 20:57:30 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/17 20:57:29 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/17 20:47:10 | 000,000,284 | ---- | M] () -- C:\Windows\tasks\RMAutoUpdate.job
[2012/10/17 20:46:56 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/17 20:41:53 | 1287,286,784 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/16 22:31:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Liane\Desktop\OTL.exe
[2012/10/16 19:05:58 | 000,000,286 | ---- | M] () -- C:\Windows\tasks\RMSchedule.job
[2012/10/15 20:53:20 | 000,706,431 | R--- | M] (Swearware) -- C:\Users\Liane\Desktop\dds.com
[2012/10/15 20:48:05 | 000,000,000 | ---- | M] () -- C:\Users\Liane\defogger_reenable
[2012/10/11 09:44:53 | 000,001,392 | ---- | M] () -- C:\Windows\SysWow64\logFile.xml
[2012/10/10 21:04:22 | 000,002,049 | ---- | M] () -- C:\Users\Public\Desktop\AntiError.lnk
[2012/10/10 21:04:22 | 000,002,045 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk
[2012/10/10 21:04:22 | 000,002,045 | ---- | M] () -- C:\Users\Public\Desktop\GeekBuddy.lnk
[2012/10/10 17:54:22 | 000,002,380 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/10/09 18:45:25 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/10/09 18:45:25 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/10/05 18:40:28 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/10/05 18:30:59 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/09/26 11:34:14 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1309000.009\isolate.ini
[2012/09/24 07:46:16 | 000,292,632 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/09/23 16:21:57 | 000,001,241 | ---- | M] () -- C:\Users\Liane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2012/09/23 16:13:24 | 000,001,168 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk
[2012/09/22 00:53:11 | 000,000,017 | ---- | M] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2012/09/20 19:43:40 | 000,779,724 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/09/20 19:43:40 | 000,664,772 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/09/20 19:43:40 | 000,125,250 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/09/19 08:18:04 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForLiane.job
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/17 19:16:08 | 000,003,224 | ---- | C] () -- C:\bootsqm.dat
[2012/10/15 20:48:05 | 000,000,000 | ---- | C] () -- C:\Users\Liane\defogger_reenable
[2012/10/11 09:44:16 | 000,001,392 | ---- | C] () -- C:\Windows\SysWow64\logFile.xml
[2012/10/10 21:04:22 | 000,002,049 | ---- | C] () -- C:\Users\Public\Desktop\AntiError.lnk
[2012/10/10 21:04:22 | 000,002,045 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk
[2012/10/10 21:04:21 | 000,002,045 | ---- | C] () -- C:\Users\Public\Desktop\GeekBuddy.lnk
[2012/10/05 18:40:27 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/10/05 18:30:59 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/09/23 16:21:57 | 000,001,241 | ---- | C] () -- C:\Users\Liane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2012/09/23 16:13:24 | 000,001,168 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk
[2012/09/22 00:53:11 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2012/06/23 18:02:50 | 000,270,240 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/06/23 18:02:41 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/02/14 10:48:39 | 000,000,632 | RHS- | C] () -- C:\Users\Liane\ntuser.pol
[2011/12/29 01:14:04 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/12/17 03:13:10 | 000,000,196 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2011/12/17 02:56:01 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/12/17 02:52:01 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/06/21 09:07:00 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
[2011/06/03 07:03:12 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/02/11 18:15:43 | 000,765,192 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== ZeroAccess Check ==========

[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\sysnative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\sysnative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\sysnative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/06/02 19:53:37 | 000,000,000 | ---D | M] -- C:\Users\Liane\AppData\Roaming\.minecraft
[2012/09/23 16:21:14 | 000,000,000 | ---D | M] -- C:\Users\Liane\AppData\Roaming\OpenOffice.org
[2012/09/07 19:09:00 | 000,000,000 | ---D | M] -- C:\Users\Liane\AppData\Roaming\Registry Mechanic
[2012/10/17 20:29:16 | 000,000,000 | ---D | M] -- C:\Users\Liane\AppData\Roaming\SoftGrid Client
[2012/01/26 18:34:25 | 000,000,000 | ---D | M] -- C:\Users\Liane\AppData\Roaming\Temp
[2012/01/22 14:27:48 | 000,000,000 | ---D | M] -- C:\Users\Liane\AppData\Roaming\TP
[2012/04/25 17:44:10 | 000,000,000 | ---D | M] -- C:\Users\Liane\AppData\Roaming\wargaming.net
[2012/01/12 10:38:00 | 000,000,000 | ---D | M] -- C:\Users\Liane\AppData\Roaming\WinBatch

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< %systemroot%\system32\drivers\*.sys /90 >

< %systemroot%\*. /mp /s >

< c:\$recycle.bin\*.* /s >
[2012/02/14 00:12:24 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1001\$IG4YOJH.url
[2012/02/14 00:12:27 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1001\$IO6C5S3.url
[2011/12/28 16:23:19 | 000,000,129 | -HS- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1001\desktop.ini
[2012/01/10 20:43:34 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1003\$I0BH72E.m4a
[2012/01/10 21:12:19 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1003\$I0KV9B2.m4a
[2012/01/10 21:16:33 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1003\$I2JY7G6.m4a
[2012/01/10 20:23:36 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1003\$I3NRO30.m4a
[2012/01/10 21:16:28 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1003\$I53GHY4.m4a
[2012/10/02 18:14:11 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1003\$I5408CF.url
[2012/02/05 13:58:24 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1003\$I5YTG0W.url
[2012/01/04 17:06:21 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1003\$I6AAG19.url
[2012/07/21 12:55:45 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1003\$I6R47MF.url
[2012/01/10 21:12:41 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1003\$I94QZMB.m4a
[2012/01/10 20:58:23 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1003\$IBJZ4A5.m4a
[2012/02/12 14:50:11 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1003\$IBVPB0R.url
[2012/02/05 16:26:03 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1003\$ICHCLSC.url
[2012/01/10 21:12:31 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1003\$IDK08LZ.m4a
[2012/01/10 21:12:03 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1003\$IECUVT9.m4a
[2012/01/10 21:12:25 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1003\$IFU2OMB.m4a
[2012/02/05 13:59:01 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1003\$IFYIK0F.url
[2012/01/10 21:11:54 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1003\$IG1OYDY.m4a
[2012/01/10 21:16:49 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1003\$IG8Z6C5.m4a
[2012/01/10 21:16:14 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1003\$IGMIA2U.m4a
[2012/02/14 00:25:05 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1003\$IHGQ0YQ.lnk
[2012/01/04 17:06:19 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1003\$IJ6PXZK.url
[2012/01/10 21:16:44 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1003\$IJF0STO.m4a
[2012/01/10 21:12:36 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1003\$IK6QE7E.m4a
[2012/01/04 20:47:14 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1003\$IKFP4BI.jpg
[2012/01/10 21:16:19 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1003\$IL4I3LA.m4a
[2012/01/10 21:12:14 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1003\$ILF6A53.m4a
[2012/01/10 21:16:23 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1003\$IMHA3SY.m4a
[2012/02/12 14:50:10 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1003\$INFFTRL.url
[2012/01/04 18:03:10 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1003\$IR0K79D.url
[2012/02/05 13:58:35 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1003\$IRMXS74.url
[2012/01/22 15:51:09 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1003\$IRZABOD.url
[2012/01/10 21:12:08 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1003\$ISKCYWS.m4a
[2012/02/05 16:26:07 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1003\$ISP6OWC.url
[2012/01/10 21:11:59 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1003\$ISQTMRQ.m4a
[2012/08/03 13:08:43 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1003\$IT1YZW3.url
[2012/02/12 14:50:09 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1003\$IUPCRNZ.url
[2012/01/10 21:16:54 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1003\$IV3Q8OB.m4a
[2012/07/21 12:55:39 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1003\$IV6Y02X.url
[2012/09/13 18:34:33 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1003\$IVK237K.url
[2012/01/10 20:58:16 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1003\$IVS7832.m4a
[2012/07/21 12:55:32 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1003\$IWVOZ86.url
[2012/09/22 07:48:32 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1003\$IWY0XB9.url
[2012/01/10 21:16:08 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1003\$IX6SFWG.m4a
[2012/01/10 21:16:39 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1003\$IXR6W82.m4a
[2012/09/22 07:48:41 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1003\$IYCOKLF.url
[2012/01/10 20:00:15 | 009,726,214 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1003\$R0BH72E.m4a
[2012/01/10 20:00:14 | 007,201,566 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1003\$R0KV9B2.m4a
[2012/01/10 20:00:02 | 007,977,319 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1003\$R2JY7G6.m4a
[2012/01/10 19:58:25 | 006,804,621 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1003\$R3NRO30.m4a
[2012/01/10 20:00:02 | 006,056,579 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1003\$R53GHY4.m4a
[2012/09/13 18:35:39 | 000,000,603 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1003\$R5408CF.url
[2012/01/07 17:40:36 | 000,000,231 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1003\$R5YTG0W.url
[2012/01/04 17:04:58 | 000,000,167 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1003\$R6AAG19.url
[2012/06/21 19:43:03 | 000,000,870 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1003\$R6R47MF.url
[2012/01/10 19:59:54 | 010,778,188 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1003\$R94QZMB.m4a
[2012/01/10 20:16:26 | 003,771,209 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1003\$RBJZ4A5.m4a
[2012/01/13 18:09:18 | 000,000,226 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1003\$RBVPB0R.url
[2011/12/28 16:58:56 | 000,000,232 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1003\$RCHCLSC.url
[2012/01/10 20:00:13 | 006,211,489 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1003\$RDK08LZ.m4a
[2012/01/10 20:00:14 | 006,355,527 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1003\$RECUVT9.m4a
[2012/01/10 20:00:14 | 007,454,163 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1003\$RFU2OMB.m4a
[2012/01/07 17:40:22 | 000,000,928 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1003\$RFYIK0F.url
[2012/01/10 21:11:42 | 007,100,705 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1003\$RG1OYDY.m4a
[2012/01/10 20:00:02 | 006,922,146 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1003\$RG8Z6C5.m4a
[2012/01/10 20:12:30 | 003,763,903 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1003\$RGMIA2U.m4a
[2012/02/14 00:25:02 | 000,001,785 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1003\$RHGQ0YQ.lnk
[2012/01/04 17:03:26 | 000,000,167 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1003\$RJ6PXZK.url
[2012/01/10 20:00:02 | 006,737,219 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1003\$RJF0STO.m4a
[2012/01/10 19:59:54 | 005,696,887 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1003\$RK6QE7E.m4a
[2012/01/04 20:24:40 | 000,755,648 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1003\$RKFP4BI.jpg
[2012/01/10 20:12:10 | 004,244,296 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1003\$RL4I3LA.m4a
[2012/01/10 20:00:14 | 005,782,118 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1003\$RLF6A53.m4a
[2012/01/10 20:11:47 | 004,382,358 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1003\$RMHA3SY.m4a
[2011/12/28 16:58:56 | 000,000,257 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1003\$RNFFTRL.url
[2012/01/04 18:03:06 | 000,000,194 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1003\$RR0K79D.url
[2012/01/01 20:29:05 | 000,000,178 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1003\$RRMXS74.url
[2012/01/05 18:51:29 | 000,003,935 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1003\$RRZABOD.url
[2012/01/10 20:00:14 | 005,390,624 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1003\$RSKCYWS.m4a
[2011/12/28 16:58:56 | 000,000,264 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1003\$RSP6OWC.url
[2012/01/10 20:00:14 | 006,382,181 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1003\$RSQTMRQ.m4a
[2012/08/03 13:08:25 | 000,000,542 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1003\$RT1YZW3.url
[2011/12/28 16:58:56 | 000,000,249 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1003\$RUPCRNZ.url
[2012/01/10 20:00:01 | 013,969,978 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1003\$RV3Q8OB.m4a
[2012/07/21 12:38:55 | 000,000,275 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1003\$RV6Y02X.url
[2012/09/13 18:34:28 | 000,000,542 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1003\$RVK237K.url
[2012/01/10 20:16:47 | 003,577,687 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1003\$RVS7832.m4a
[2012/07/03 16:53:30 | 000,000,323 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1003\$RWVOZ86.url
[2012/07/03 15:50:51 | 000,000,870 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1003\$RWY0XB9.url
[2012/01/10 21:11:42 | 007,359,460 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1003\$RX6SFWG.m4a
[2012/01/10 20:00:02 | 006,760,370 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1003\$RXR6W82.m4a
[2012/07/21 12:38:55 | 000,000,210 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1003\$RYCOKLF.url
[2011/12/28 16:57:32 | 000,000,129 | -HS- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1003\desktop.ini
[2012/05/22 19:45:22 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1004\$I0KVITZ.flv
[2012/05/22 19:44:47 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1004\$I1EMFMS.flv
[2012/05/22 19:44:42 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1004\$I1MIH7Q.flv
[2012/04/19 16:08:46 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1004\$I2Y1QJU.url
[2012/05/22 19:45:15 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1004\$I4PY55V.flv
[2012/02/23 22:24:48 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1004\$I5T5ZYQ.zip
[2012/02/23 20:59:17 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1004\$I61C4YG.zip
[2012/04/19 16:27:13 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1004\$I7JZJ62.url
[2012/04/18 17:42:16 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1004\$I8F5PGS.url
[2012/05/22 19:03:45 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1004\$I8OIGTC.flv
[2012/05/22 19:44:31 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1004\$I8ZAL30.flv
[2012/05/20 22:14:18 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1004\$IA3GNZA.JPG
[2012/05/22 19:44:21 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1004\$IAMSHUF.flv
[2012/04/19 16:27:18 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1004\$IAP7H3Q.url
[2012/05/22 19:45:28 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1004\$IB6F2KC.flv
[2012/05/22 19:44:26 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1004\$IDHL0M4.flv
[2012/05/22 19:43:57 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1004\$IDK18TS.flv
[2012/08/13 19:10:34 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1004\$IFCC9MG.mp3
[2012/05/22 19:43:51 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1004\$IHPXSLC.flv
[2012/06/21 14:36:31 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1004\$II3TWHB.url
[2012/05/22 19:44:16 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1004\$IJC2CJF.flv
[2012/05/22 19:44:36 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1004\$IJP391G.flv
[2012/02/23 20:31:45 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1004\$IJSC71B.zip
[2012/05/22 19:45:40 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1004\$IJZ9HQE.flv
[2012/04/17 22:06:59 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1004\$IKWHKH3.url
[2012/05/22 19:02:53 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1004\$IP6YGCF.mp4
[2012/05/22 19:02:48 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1004\$IQ0UBC5.flv
[2012/06/26 21:22:30 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1004\$ISV455D.url
[2012/05/20 22:14:12 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1004\$IU5WMIE.JPG
[2012/05/22 19:43:45 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1004\$IUQV3C6.flv
[2012/05/22 19:44:03 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1004\$IV35MP7.flv
[2012/05/22 19:45:33 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1004\$IWIFHR3.flv
[2012/05/22 19:45:46 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1004\$IXBC5UB.flv
[2012/05/22 19:44:10 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1004\$IXSAWNN.flv
[2012/04/19 16:27:22 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1004\$IZ6GWU8.url
[2012/05/21 21:32:35 | 021,117,243 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1004\$R0KVITZ.flv
[2012/05/21 21:30:34 | 026,871,011 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1004\$R1EMFMS.flv
[2012/05/21 21:29:11 | 025,607,247 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1004\$R1MIH7Q.flv
[2012/02/14 11:10:38 | 000,000,226 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1004\$R2Y1QJU.url
[2012/05/21 21:31:05 | 018,736,152 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1004\$R4PY55V.flv
[2012/02/23 21:25:38 | 000,009,961 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1004\$R5T5ZYQ.zip
[2012/02/23 20:56:36 | 000,009,961 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1004\$R61C4YG.zip
[2012/02/14 11:10:38 | 000,000,326 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1004\$R7JZJ62.url
[2012/04/17 22:07:05 | 000,000,596 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1004\$R8F5PGS.url
[2012/05/21 20:52:57 | 005,024,798 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1004\$R8OIGTC.flv
[2012/05/21 21:27:51 | 012,569,556 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1004\$R8ZAL30.flv
[2012/05/19 17:42:00 | 003,861,659 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1004\$RA3GNZA.JPG
[2012/05/21 21:27:11 | 013,584,097 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1004\$RAMSHUF.flv
[2012/02/14 11:10:38 | 000,000,316 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1004\$RAP7H3Q.url
[2012/05/21 21:32:58 | 013,119,932 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1004\$RB6F2KC.flv
[2012/05/21 21:27:25 | 021,928,859 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1004\$RDHL0M4.flv
[2012/05/21 20:53:08 | 026,631,319 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1004\$RDK18TS.flv
[2012/08/13 19:08:38 | 003,601,674 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1004\$RFCC9MG.mp3
[2012/05/21 20:52:43 | 018,259,486 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1004\$RHPXSLC.flv
[2012/06/21 14:36:20 | 000,000,116 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1004\$RI3TWHB.url
[2012/05/21 21:26:44 | 015,838,923 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1004\$RJC2CJF.flv
[2012/05/21 21:28:19 | 014,588,889 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1004\$RJP391G.flv
[2012/02/23 20:27:03 | 000,009,961 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1004\$RJSC71B.zip
[2012/05/21 21:34:15 | 020,827,442 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1004\$RJZ9HQE.flv
[2012/04/17 21:36:02 | 000,000,646 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1004\$RKWHKH3.url
[2012/05/21 20:44:41 | 001,448,135 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1004\$RP6YGCF.mp4
[2012/05/21 20:48:19 | 023,580,645 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1004\$RQ0UBC5.flv
[2012/06/24 15:21:42 | 000,000,270 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1004\$RSV455D.url
[2012/05/19 09:13:18 | 003,116,828 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1004\$RU5WMIE.JPG
[2012/05/21 20:52:42 | 016,069,119 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1004\$RUQV3C6.flv
[2012/05/21 20:54:30 | 027,621,879 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1004\$RV35MP7.flv
[2012/05/21 21:33:38 | 025,072,966 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1004\$RWIFHR3.flv
[2012/05/21 21:35:06 | 042,232,529 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1004\$RXBC5UB.flv
[2012/05/21 20:56:42 | 021,968,508 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1004\$RXSAWNN.flv
[2012/02/14 11:10:54 | 000,000,302 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1004\$RZ6GWU8.url
[2012/02/14 11:02:27 | 000,000,129 | -HS- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1004\desktop.ini
[2012/04/02 18:45:47 | 000,000,544 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1005\$I6AG3MU.lnk
[2012/02/29 18:17:04 | 000,002,447 | ---- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1005\$R6AG3MU.lnk
[2012/02/14 10:52:21 | 000,000,129 | -HS- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-1005\desktop.ini
[2011/12/17 05:12:26 | 000,000,129 | -HS- | M] () -- c:\$recycle.bin\S-1-5-21-3049913258-1908016960-3075088137-500\desktop.ini
[2011/12/17 03:32:52 | 000,000,129 | -HS- | M] () -- c:\$recycle.bin\S-1-5-21-3909184305-504873129-641630059-500\desktop.ini
[2009/07/14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009/07/14 06:08:49 | 000,032,620 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/01/10 19:53:36 | 000,000,892 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2012/01/10 19:53:37 | 000,000,896 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2012/04/01 10:39:55 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2012/05/10 18:39:21 | 000,000,904 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3049913258-1908016960-3075088137-1001Core.job
[2012/05/10 18:39:23 | 000,000,926 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3049913258-1908016960-3075088137-1001UA.job
[2012/09/05 19:24:13 | 000,000,286 | ---- | C] () -- C:\Windows\Tasks\RMSchedule.job
[2012/09/07 19:00:04 | 000,000,284 | ---- | C] () -- C:\Windows\Tasks\RMAutoUpdate.job
[2012/10/18 18:05:49 | 000,000,332 | ---- | C] () -- C:\Windows\Tasks\HPCeeScheduleForLiane.job

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< MD5 for: AGP440.SYS >
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\sysnative\drivers\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\sysnative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\sysnative\drivers\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\sysnative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2010/11/21 04:24:27 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\SysNative\autochk.exe
[2010/11/21 04:24:27 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\sysnative\autochk.exe
[2010/11/21 04:24:27 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=3B536A8BEC3B4F23FFDFD78B11A2AB93 -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_4019f2b8d860ad30\autochk.exe
[2010/11/21 04:23:53 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\SysWOW64\autochk.exe
[2010/11/21 04:23:53 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe

< MD5 for: BEEP.SYS >
[2009/07/14 01:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=16A47CE2DECC9B099349A5F840654746 -- C:\Windows\SysNative\drivers\beep.sys
[2009/07/14 01:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=16A47CE2DECC9B099349A5F840654746 -- C:\Windows\sysnative\drivers\beep.sys
[2009/07/14 01:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=16A47CE2DECC9B099349A5F840654746 -- C:\Windows\winsxs\amd64_microsoft-windows-beepsys_31bf3856ad364e35_6.1.7600.16385_none_201592fa214e4f02\beep.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\sysnative\cngaudit.dll
[2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: EXPLORER.EXE >
[2011/12/17 02:50:10 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/12/17 02:50:10 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/12/17 02:50:10 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/12/17 02:50:10 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/21 04:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/12/17 02:50:10 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/12/17 02:50:10 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/21 04:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: IASTORV.SYS >
[2010/11/21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010/11/21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\sysnative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010/11/21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011/12/17 02:51:31 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/12/17 02:51:31 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011/12/17 02:51:31 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\sysnative\drivers\iaStorV.sys
[2011/12/17 02:51:31 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\sysnative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011/12/17 02:51:31 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011/12/17 02:51:31 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys

< MD5 for: KERNEL32.DLL >
[2011/07/16 06:28:00 | 001,163,264 | ---- | M] (Microsoft Corporation) MD5=27AC02D8EE4C02E7648C41CB880151DA -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.21772_none_f22aa945863b24d8\kernel32.dll
[2012/08/20 18:31:14 | 001,114,112 | ---- | M] (Microsoft Corporation) MD5=305681B4B695D4A888B941965FFC2C17 -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22091_none_fc688f63baad32ee\kernel32.dll
[2012/08/20 19:24:09 | 001,163,264 | ---- | M] (Microsoft Corporation) MD5=624B34180C79D67C470C155DB81FFB8E -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22091_none_f213e511864c70f3\kernel32.dll
[2010/11/21 04:24:07 | 001,161,216 | ---- | M] (Microsoft Corporation) MD5=7A6326D96D53048FDEC542DF23D875A0 -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17514_none_f1e3eab06ceb12ef\kernel32.dll
[2011/07/16 05:24:22 | 001,114,112 | ---- | M] (Microsoft Corporation) MD5=99C3F8E9CC59D95666EB8D8A8B4C2BEB -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17651_none_fc0a565aa16ef5d0\kernel32.dll
[2012/08/20 18:37:18 | 001,114,112 | ---- | M] (Microsoft Corporation) MD5=9B98D47916EAD4F69EF51B56B0C2323C -- C:\Windows\SysWOW64\kernel32.dll
[2012/08/20 18:37:18 | 001,114,112 | ---- | M] (Microsoft Corporation) MD5=9B98D47916EAD4F69EF51B56B0C2323C -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17932_none_fc20fc2ea15dceba\kernel32.dll
[2011/07/16 06:37:12 | 001,162,752 | ---- | M] (Microsoft Corporation) MD5=B9B42A302325537D7B9DC52D47F33A73 -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17651_none_f1b5ac086d0e33d5\kernel32.dll
[2011/07/16 05:49:33 | 001,114,112 | ---- | M] (Microsoft Corporation) MD5=D3CB12854171DF61D117D7C2BF22C675 -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.21772_none_fc7f5397ba9be6d3\kernel32.dll
[2010/11/21 04:24:15 | 000,837,632 | ---- | M] (Microsoft Corporation) MD5=E80758CF485DB142FCA1EE03A34EAD05 -- C:\Windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17514_none_fc389502a14bd4ea\kernel32.dll
[2012/08/20 19:48:35 | 001,162,240 | ---- | M] (Microsoft Corporation) MD5=EAF41CFBA5281834CBC383C710AC7965 -- C:\Windows\SysNative\kernel32.dll
[2012/08/20 19:48:35 | 001,162,240 | ---- | M] (Microsoft Corporation) MD5=EAF41CFBA5281834CBC383C710AC7965 -- C:\Windows\sysnative\kernel32.dll
[2012/08/20 19:48:35 | 001,162,240 | ---- | M] (Microsoft Corporation) MD5=EAF41CFBA5281834CBC383C710AC7965 -- C:\Windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17932_none_f1cc51dc6cfd0cbf\kernel32.dll

< MD5 for: MSWSOCK.DLL >
[2010/11/21 04:24:00 | 000,326,144 | ---- | M] (Microsoft Corporation) MD5=1D5185A4C7E6695431AE4B55C3D7D333 -- C:\Windows\SysNative\mswsock.dll
[2010/11/21 04:24:00 | 000,326,144 | ---- | M] (Microsoft Corporation) MD5=1D5185A4C7E6695431AE4B55C3D7D333 -- C:\Windows\sysnative\mswsock.dll
[2010/11/21 04:24:00 | 000,326,144 | ---- | M] (Microsoft Corporation) MD5=1D5185A4C7E6695431AE4B55C3D7D333 -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_16795c7543eb48cf\mswsock.dll
[2010/11/21 04:24:09 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\SysWOW64\mswsock.dll
[2010/11/21 04:24:09 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=8999B8631C7FD9F7F9EC3CAFD953BA24 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_ba5ac0f18b8dd799\mswsock.dll

< MD5 for: NDIS.SYS >
[2012/08/22 19:06:07 | 000,950,128 | ---- | M] (Microsoft Corporation) MD5=5E74508FCB5820B29EEAFE24E6035BCF -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.22097_none_06232d534c0a8d67\ndis.sys
[2012/08/22 19:12:40 | 000,950,128 | ---- | M] (Microsoft Corporation) MD5=760E38053BF56E501D562B70AD796B88 -- C:\Windows\sysnative\drivers\ndis.sys
[2012/08/22 19:12:40 | 000,950,128 | ---- | M] (Microsoft Corporation) MD5=760E38053BF56E501D562B70AD796B88 -- C:\Windows\SysNative\drivers\ndis.sys
[2012/08/22 19:12:40 | 000,950,128 | ---- | M] (Microsoft Corporation) MD5=760E38053BF56E501D562B70AD796B88 -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17939_none_05dc9a6832ba428a\ndis.sys
[2010/11/21 04:23:55 | 000,951,680 | ---- | M] (Microsoft Corporation) MD5=79B47FD40D9A817E932F9D26FAC0A81C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17514_none_05ed313632ae9759\ndis.sys

< MD5 for: NETLOGON.DLL >
[2010/11/21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\sysnative\netlogon.dll
[2010/11/21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010/11/21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010/11/21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll

< MD5 for: NTFS.SYS >
[2010/11/21 04:23:55 | 001,659,776 | ---- | M] (Microsoft Corporation) MD5=05D78AA5CB5F3F5C31160BDB955D0B7C -- C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17514_none_04972f2c338b23d4\ntfs.sys
[2011/12/17 02:51:31 | 001,659,776 | ---- | M] (Microsoft Corporation) MD5=87B104128D4D3BA3C13098BAEBF38082 -- C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.21680_none_04d11b5b4ce521d9\ntfs.sys
[2011/12/17 02:51:31 | 001,659,776 | ---- | M] (Microsoft Corporation) MD5=A2F74975097F52A00745F9637451FDD8 -- C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17577_none_0459508233b9177f\ntfs.sys
[2012/08/31 18:57:17 | 001,687,408 | ---- | M] (Microsoft Corporation) MD5=B2746D84DDF68D09B41B72DF745CCBA6 -- C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.22104_none_052b7b9d4ca0cf8b\ntfs.sys
[2012/08/31 19:19:35 | 001,659,760 | ---- | M] (Microsoft Corporation) MD5=E453ACF4E7D44E5530B5D5F2B9CA8563 -- C:\Windows\SysNative\drivers\ntfs.sys
[2012/08/31 19:19:35 | 001,659,760 | ---- | M] (Microsoft Corporation) MD5=E453ACF4E7D44E5530B5D5F2B9CA8563 -- C:\Windows\sysnative\drivers\ntfs.sys
[2012/08/31 19:19:35 | 001,659,760 | ---- | M] (Microsoft Corporation) MD5=E453ACF4E7D44E5530B5D5F2B9CA8563 -- C:\Windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17945_none_0477c74a33a2859a\ntfs.sys

< MD5 for: NVSTOR.SYS >
[2011/12/17 02:51:31 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/12/17 02:51:31 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\sysnative\drivers\nvstor.sys
[2011/12/17 02:51:31 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011/12/17 02:51:31 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/12/17 02:51:31 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\sysnative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/12/17 02:51:31 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\sysnative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

< MD5 for: PROQUOTA.EXE >
[2010/11/21 04:24:32 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=2E77BAB79F078654782F83F0A0AEFE31 -- C:\Windows\SysWOW64\proquota.exe
[2010/11/21 04:24:32 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=2E77BAB79F078654782F83F0A0AEFE31 -- C:\Windows\winsxs\x86_microsoft-windows-proquota_31bf3856ad364e35_6.1.7601.17514_none_29ce61c2f0a740f4\proquota.exe
[2010/11/21 04:24:16 | 000,031,744 | ---- | M] (Microsoft Corporation) MD5=C6C83C0DF40E11FA1F06625E95E41DE7 -- C:\Windows\SysNative\proquota.exe
[2010/11/21 04:24:16 | 000,031,744 | ---- | M] (Microsoft Corporation) MD5=C6C83C0DF40E11FA1F06625E95E41DE7 -- C:\Windows\sysnative\proquota.exe
[2010/11/21 04:24:16 | 000,031,744 | ---- | M] (Microsoft Corporation) MD5=C6C83C0DF40E11FA1F06625E95E41DE7 -- C:\Windows\winsxs\amd64_microsoft-windows-proquota_31bf3856ad364e35_6.1.7601.17514_none_85ecfd46a904b22a\proquota.exe

< MD5 for: QMGR.DLL >
[2010/11/21 04:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\sysnative\qmgr.dll
[2010/11/21 04:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\SysNative\qmgr.dll
[2010/11/21 04:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_81b6ca5c101195cd\qmgr.dll

< MD5 for: SCECLI.DLL >
[2010/11/21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010/11/21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\sysnative\scecli.dll
[2010/11/21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010/11/21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

< MD5 for: SPOOLSV.EXE >
[2012/02/11 07:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) MD5=85DAA09A98C9286D4EA2BA8D0E644377 -- C:\Windows\sysnative\spoolsv.exe
[2012/02/11 07:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) MD5=85DAA09A98C9286D4EA2BA8D0E644377 -- C:\Windows\SysNative\spoolsv.exe
[2012/02/11 07:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) MD5=85DAA09A98C9286D4EA2BA8D0E644377 -- C:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.17777_none_3433cdb2d8563d50\spoolsv.exe
[2010/11/21 04:24:27 | 000,559,104 | ---- | M] (Microsoft Corporation) MD5=B96C17B5DC1424D56EEA3A99E97428CD -- C:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.17514_none_3471a890d8284f57\spoolsv.exe
[2012/02/11 07:20:28 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=B9D7A4858CF32A6A15D2763F1DE47E0E -- C:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.21921_none_34ed7a43f150b682\spoolsv.exe

< MD5 for: SVCHOST.EXE >
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\sysnative\svchost.exe
[2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: TERMSRV.DLL >
[2010/11/21 04:24:07 | 000,680,960 | ---- | M] (Microsoft Corporation) MD5=2E648163254233755035B46DD7B89123 -- C:\Windows\sysnative\termsrv.dll
[2010/11/21 04:24:07 | 000,680,960 | ---- | M] (Microsoft Corporation) MD5=2E648163254233755035B46DD7B89123 -- C:\Windows\SysNative\termsrv.dll
[2010/11/21 04:24:07 | 000,680,960 | ---- | M] (Microsoft Corporation) MD5=2E648163254233755035B46DD7B89123 -- C:\Windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.17514_none_ecc547376ae3a1a3\termsrv.dll

< MD5 for: USERINIT.EXE >
[2010/11/21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\sysnative\userinit.exe
[2010/11/21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:D1B5B4F1

< End of report >

#7 beernpasty

beernpasty
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:37 PM

Posted 20 October 2012 - 03:38 AM

I hope this will help.
It's actually my sister-in-laws pc and she's thinking about going back to the shop with it, but i'd like to know if there's a virus or malware on it first.

#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,541 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:37 PM

Posted 20 October 2012 - 08:50 AM

Nothing suspicious was found on this computer.

Please run these tools and will decide what further action is necessary.

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html


Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[Rn].txt (n is a number).

Please post the logs for my review.

#9 beernpasty

beernpasty
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:37 PM

Posted 20 October 2012 - 03:23 PM

i'm running in safe mode at the moment as normal mode is just too slow.

when trying to run combofix, a message was shown indicating that combofix only runs on windows 2000 and xp machines. this pc is running windows 7.

here's the results of running scecuritycheck:

Results of screen317's Security Check version 0.99.53
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
JavaFX 2.1.0
Java™ 7 Update 4
Java version out of Date!
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.92
Google Chrome 22.0.1229.94
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````


here's the results of running adwcleaner:

# AdwCleaner v2.005 - Logfile created 10/20/2012 at 21:06:46
# Updated 14/10/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Liane - LIANE-HP
# Boot Mode : Safe mode with networking
# Running from : C:\Users\Liane\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\luka\AppData\LocalLow\PriceGong
Folder Found : C:\Users\The boys\AppData\LocalLow\PriceGong

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : HKLM\Software\Freeze.com
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : HKU\S-1-5-21-3049913258-1908016960-3075088137-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKU\S-1-5-21-3049913258-1908016960-3075088137-1001\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Liane\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\The boys\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\sacha\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\luka\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2200 octets] - [20/10/2012 21:06:46]

########## EOF - C:\AdwCleaner[R1].txt - [2260 octets] ##########

#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,541 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:37 PM

Posted 21 October 2012 - 08:55 AM

Remove the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Everything that was found will be deleted.
  • Follow the prompts to reboot the computer. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[Sn].txt (n is a number)..

===

when trying to run combofix, a message was shown indicating that combofix only runs on windows 2000 and xp machines. this pc is running windows 7.



Maybe because you are in Safe Mode.
Try to run it anyway, post the log if you can.

===

Download this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a flash drive.

Plug the flash drive into the infected PC.

Restart your computer and tap F8 to bring up the Advanced Menu, then click Repair your computer

Follow the prompt to enter keyboard input method, and then the prompt to enter a password. If the machine does not have a password, simply click Enter.

In the next menu, use the arrow keys on the keyboard to highlight Command Prompt and press Enter.
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst64.exe and press Enter. Or FRST.exe if 32 bit system.

    Note: Replace letter e with the drive letter of your flash drive.

  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.


#11 beernpasty

beernpasty
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:37 PM

Posted 22 October 2012 - 04:36 PM

i've tried to run combofix in normal mode, but again i got the message it isn't supported for the machine's OS.

i haven't had time to run farbar yet, maybe i have time for that tomorrow.

However, i did run the delete option in adwcleaner, here are the results:
# AdwCleaner v2.005 - Logfile created 10/22/2012 at 19:53:54
# Updated 14/10/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Liane - LIANE-HP
# Boot Mode : Normal
# Running from : C:\Users\Liane\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\luka\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\The boys\AppData\LocalLow\PriceGong

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Liane\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\The boys\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\sacha\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\luka\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2321 octets] - [20/10/2012 21:06:46]
AdwCleaner[R2].txt - [2362 octets] - [22/10/2012 18:29:30]
AdwCleaner[R3].txt - [2422 octets] - [22/10/2012 19:48:28]
AdwCleaner[S1].txt - [2075 octets] - [22/10/2012 19:53:54]

########## EOF - C:\AdwCleaner[S1].txt - [2135 octets] ##########

#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,541 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:37 PM

Posted 23 October 2012 - 08:45 AM

Check the integrity of your system files.

How to use the System File Checker tool to troubleshoot missing or corrupted system files on Windows Vista or on Windows 7
http://support.microsoft.com/kb/929833

#13 beernpasty

beernpasty
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:37 PM

Posted 23 October 2012 - 10:04 AM

OK, I'll do that as soon as I get home.
Can I do this in safe mode rather than normal mode?

#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,541 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:37 PM

Posted 23 October 2012 - 01:31 PM

Yes try it.

#15 beernpasty

beernpasty
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:37 PM

Posted 24 October 2012 - 03:07 AM

I tried to get the machine into safe mode, but it didn't let me so I had to run it in normal mode.
I started it at 10pm last night and this morning it was on 37%.
I've just let it going and I'll check again when I get home from work.

I just hope the machine won't blue screen on me as I've seen quite a few blue screens over the last few days.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users