Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I HAVE A REMOTE HACKER ON MY HP LAPTOP, CAN SOMEONE PLEASE HELP?


  • Please log in to reply
3 replies to this topic

#1 ennjay1

ennjay1

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 23 November 2013 - 05:55 PM

Hi, I have had my suspicions for the last 2 years, maybe longer, that my personal laptop has & still is being hacked, remotely. I am not computer savvy, in fact I am very much the opposite, just to make you aware that you may have to revert back to basics so I understand & follow instructions.
 
My laptop was brand new when I purchased it from Curry's in Dec 2011 & I 've restored it back to factory settings approx 10 times but this concern hasn't gone away. I have spent hours trawling through unknown files, knowing something wasn't right but unable to find any concrete evidence.
 
Earlier I came across something which I googled and found the following blog....this is the link..
 
http://targetedpatient.blogspot.co.uk/2013/11/evidence-mini-fbi-remote-malware.html
 
This report is alarmingly similar to what I have on my laptop, is there a way of sending you some sort of scan or if you let me know what I can forward on to you then I'd be very grateful...I am very worried, especially if my hacker lives only metres away, I live alone with my daughter.
 
Regards
 
 
Nicola

Edited by Queen-Evie, 23 November 2013 - 07:59 PM.
moved from Windows 7 to the appropriate forum


BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:15 PM

Posted 24 November 2013 - 05:59 PM

Welcome aboard p22002758.gif

 

p22002970.gif Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.

p22002970.gif Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


p22002970.gif Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (do NOT change any settings here)
  • List Users, Partitions and Memory size

Click Go and post the result.

p22002970.gif Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

p22002970.gifDownload Malwarebytes Anti-Rootkit from HERE to your Desktop.
  • Unzip downloaded file.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • DO NOT click on the Cleanup button. Simply exit the program.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt


p22002970.gif Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.


If normal mode still doesn't work, run the tool from safe mode.

When the scan is done Notepad will open with rKill log.
Post it in your next reply.

NOTE. rKill.txt log will also be present on your desktop.

NOTE Do NOT wrap your logs in "quote" or "code" brackets.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 ennjay1

ennjay1
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:15 AM

Posted 26 January 2014 - 12:36 PM

Hi, sorry for taking so long in replying. Here's what I've been able to run, sorry I couldn't download them all but I got an error message saying the version of this file is not compatible with the version im running... :-/

 

Does this help....thanks

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-01-2014 01
Ran by Nicola (administrator) on NICOLA-HP on 26-01-2014 12:38:42
Running from C:\Users\Nicola\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(SonicWALL, Inc.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\MailFrontier\mantispm.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\Monitor.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
(Malwarebytes) C:\Users\Nicola\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DLISS263\startuplite-setup-1.07.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2799912 2011-06-10] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [525312 2010-12-17] (IDT, Inc.)
HKLM\...\Run: [SetDefault] - C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [42808 2011-06-27] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-07-05] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2013-09-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [IObit Malware Fighter] - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [1573184 2013-12-13] (IObit)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4956176 2013-11-07] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [ZoneAlarm] - C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [73832 2013-10-25] (Check Point Software Technologies LTD)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2013-12-12] (Hewlett-Packard)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKCU\...\Run: [Advanced SystemCare 7] - C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe [2283808 2013-11-11] (IObit)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=dnldstr1202&cd=2XzuyEtN2Y1L1Qzu0E0Czy0AyByEyE0AyDzztB0B0CyEyB0BtN0D0Tzu0SyBtCtCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=656244596&ir=
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT/2
HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE11ENUS/MCM_WCP
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=dnldstr1202&cd=2XzuyEtN2Y1L1Qzu0E0Czy0AyByEyE0AyDzztB0B0CyEyB0BtN0D0Tzu0SyBtCtCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=656244596&ir=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=dnldstr1202&cd=2XzuyEtN2Y1L1Qzu0E0Czy0AyByEyE0AyDzztB0B0CyEyB0BtN0D0Tzu0SyBtCtCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=656244596&ir=
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM - {768DB075-CB82-4986-A4B3-F1E55F369177} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://rover.ebay.com/rover/1/710-111095-2958-3/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldstr1202&cd=2XzuyEtN2Y1L1Qzu0E0Czy0AyByEyE0AyDzztB0B0CyEyB0BtN0D0Tzu0SyBtCtCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=656244596&ir=
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 - {768DB075-CB82-4986-A4B3-F1E55F369177} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/710-111095-2958-3/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKCU - DefaultScope {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
SearchScopes: HKCU - 28721A5FCE3443CAA3726D1975B42895 URL = http://rover.ebay.com/rover/1/710-111095-2958-3/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKCU - {768DB075-CB82-4986-A4B3-F1E55F369177} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL =
SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL =
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -  No File
BHO-x32: No Name - {9030D464-4C02-4ABF-8ECC-5164760863C6} -  No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100

FireFox:
========
FF ProfilePath: C:\Users\Nicola\AppData\Roaming\Mozilla\Firefox\Profiles\3qwbpidc.default
FF user.js: detected! => C:\Users\Nicola\AppData\Roaming\Mozilla\Firefox\Profiles\3qwbpidc.default\user.js
FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", "");
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1207148.dll No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Ads Removal - C:\Users\Nicola\AppData\Roaming\Mozilla\Firefox\Profiles\3qwbpidc.default\Extensions\adsremoval@adsremoval.net [2013-12-18]

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (Ads Removal) - C:\Users\Nicola\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkcefkcdkepgkpbgncjchhbjgoanleod [2013-12-18]
CHR HKLM\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\Nicola\AppData\Local\mysearchdial-speeddial.crx [2013-12-18]
CHR HKCU\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\Nicola\AppData\Local\mysearchdial-speeddial.crx [2013-12-18]
CHR HKLM-x32\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\Nicola\AppData\Local\mysearchdial-speeddial.crx [2013-12-18]

==================== Services (Whitelisted) =================

R2 AdvancedSystemCareService7; C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [878368 2013-10-25] (IObit)
S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-07-05] (Advanced Micro Devices, Inc.)
S2 avgfws; C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [1358944 2013-09-24] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3478544 2013-11-11] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [341824 2013-11-11] (IObit)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2151200 2013-10-25] (IObit)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2445816 2013-10-25] (Check Point Software Technologies LTD)
R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [50704 2013-10-15] (Check Point Software Technologies, Ltd.)

==================== Drivers (Whitelisted) ====================

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-05] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [240920 2013-11-04] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [194872 2013-10-24] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.)
R3 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [23048 2013-03-23] (IObit)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [7717984 2013-07-17] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [489568 2013-10-09] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-08] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54104 2012-11-15] (Kaspersky Lab)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [177760 2013-07-17] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34848 2013-11-19] (IObit.com)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
R3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [1514568 2013-12-18] (Realtek Semiconductor Corporation                           )
R3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [23016 2013-11-19] (IObit.com)
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [454168 2013-10-23] (Check Point Software Technologies LTD)
S3 atillk64; \??\C:\Program Files (x86)\AMD\System Monitor\atillk64.sys [x]
S3 clwvd; system32\DRIVERS\clwvd.sys [x]
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [90208 2013-10-09] (Kaspersky Lab ZAO)
S3 RTL8192Ce; system32\DRIVERS\rtl8192Ce.sys [x]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 79059559E89D06E8B80CE2944BE20228
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\amdiox64.sys 6A2EEB0C4133B20773BB3DD0B7B377B4
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atikmdag.sys 79CC9BE187E3144E1B58A54B842475E7
C:\Windows\System32\DRIVERS\atikmpag.sys 07561D3B7FD99F6E186C49C2D0628E38
C:\Windows\System32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\System32\DRIVERS\amd_sata.sys 352476C98EF3952563A14F767491BBA9
C:\Windows\System32\DRIVERS\amd_xata.sys F4805C309FE48D6939147FE5CCDB1AD4
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\drivers\AtihdW76.sys 4BF5BCA6E2608CD8A00BC4A6673A9F47
C:\Windows\System32\DRIVERS\avgdiska.sys 27CA53E91543B800E16129BCEC3247AD
C:\Windows\System32\DRIVERS\avgfwd6a.sys CA10D51653068DB6A0ADEEDDC4946C47
C:\Windows\System32\DRIVERS\avgidsdrivera.sys 57250DDDE2523115D0927DBBA745F9FA
C:\Windows\System32\DRIVERS\avgidsha.sys 19AD820FC44AA71EDD1BC70B6E3F36B0
C:\Windows\System32\DRIVERS\avgldx64.sys 4BE8BB177B4C2BC3564845EF6D1073F1
C:\Windows\System32\DRIVERS\avgloga.sys D3772CC086FB81F76B5A82C85E1C7C8E
C:\Windows\System32\DRIVERS\avgmfx64.sys A0BCE5DC2C1F1EE5C1CA19A33375AC23
C:\Windows\System32\DRIVERS\avgrkx64.sys 12FAAF366975B2BF2E93F1866C0E480D
C:\Windows\System32\DRIVERS\avgtdia.sys 4E364FABBD147F59E5D524C9EA86D772
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bcmwl664.sys 9E84A931DBEE0292E38ED672F6293A99
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\system32\drivers\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706
C:\Windows\System32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 88612F1CE3BF42256913BF6E61C70D52
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys D409D4A4517865131999FAC96D366CBF
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\kbdclass.sys ==> MD5 is legit
C:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kl1.sys 1C6256096A341051509D36AD724830BE
C:\Windows\System32\DRIVERS\klif.sys 7189020B8079F90A4930A8DB94002132
C:\Windows\System32\DRIVERS\klim6.sys 31B69BFF28348503E4BD10C2A4F66D05
C:\Windows\System32\DRIVERS\kltdi.sys 26D563FB5E56332C60032BBDCE4C752F
C:\Windows\System32\DRIVERS\kneps.sys 4954376B8B18F7F8AA479AF9DB3D2921
C:\Windows\System32\Drivers\ksecdd.sys 8F489706472F7E9A06BAAA198703FA64
C:\Windows\System32\Drivers\ksecpkg.sys 868A2CAAB12EFC7A021682BCA0EEC54C
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mbam.sys 0BB97D43299910CBFBA59C461B99B910
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netr7364.sys F3A1D8B7317939813568992D1BFDDE37
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\drivers\nmwcdnsucx64.sys A962BE6433EF016E0DFB52ECA15A5378
C:\Windows\System32\drivers\nmwcdnsux64.sys 9573223E205907247AE6D948E3453770
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys B98F8C6E31CD07B2E6F71F7F648E38C0
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nvm62x64.sys A85B4F2EF3A7304A5399EF0526423040
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\drivers\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34
C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys 5623E2CC4F1F6DE24BE9DB3319E42D23
C:\Windows\System32\Drivers\RimUsb_AMD64.sys 7B04C9843921AB1F695FB395422C5360
C:\Windows\System32\DRIVERS\RtsPStor.sys 1F5E7AF59B390261A85F5BEDB1BB88B3
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Rt64win7.sys FABCD0B9CA0A2DC84805DCC199439046
C:\Windows\System32\DRIVERS\rtwlane.sys F84917461BDB7C51B2ED7FF062B3A64A
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\sdbus.sys 111E0EBC0AD79CB0FA014B907B231CF0
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\VSTAZL6.SYS 0C4540311E11664B245A263E1154CEF8
C:\Windows\System32\DRIVERS\VSTDPV6.SYS 02071D207A9858FBE3A48CBFD59C4A04
C:\Windows\System32\DRIVERS\VSTCNXT6.SYS 18E40C245DBFAF36FD0134A7EF2DF396
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\stwrt64.sys AA3C0336514C239A171F00A6902B59B8
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SynTP.sys C447977ED2A4AE9346FE3A0579A34D7C
C:\Windows\System32\drivers\tcpip.sys 40AF23633D197905F03AB5628C558C51
C:\Windows\System32\DRIVERS\tcpip.sys 40AF23633D197905F03AB5628C558C51
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys 4CE278FC9671BA81A138D70823FCAA09
C:\Windows\System32\drivers\tsusbflt.sys 17C6B51CBCCDED95B3CC14E22791F85E
C:\Windows\system32\drivers\TsUsbGD.sys AD64450A4ABE076F5CB34CC08EEACB07
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys 893A6B67C8AA502648AD946CF50DDFD1
C:\Windows\System32\Drivers\usbaapl64.sys C9E9D59C0099A9FF51697E9306A44240
C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\System32\DRIVERS\usbehci.sys 18A85013A3E0F7E1755365D287443965
C:\Windows\System32\DRIVERS\usbfilter.sys 573D192E268F0C5B486B7E96F661E538
C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA
C:\Windows\System32\DRIVERS\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC
C:\Windows\system32\drivers\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbscan.sys 9661DA76B4531B2DA272ECCE25A8AF24
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3
C:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vsdatant.sys F8C69EB4CC46FD2681B65212CA20DD97
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-26 12:38 - 2014-01-26 12:39 - 00034604 _____ C:\Users\Nicola\Downloads\FRST.txt
2014-01-26 12:38 - 2014-01-26 12:38 - 00000000 ____D C:\FRST
2014-01-26 12:37 - 2014-01-26 12:37 - 02078208 _____ (Farbar) C:\Users\Nicola\Downloads\FRST64.exe
2014-01-26 12:36 - 2014-01-26 12:36 - 00597932 _____ C:\Users\Nicola\Downloads\SecurityCheck(1).exe
2014-01-26 12:35 - 2014-01-26 12:35 - 00622597 _____ C:\Users\Nicola\Downloads\SecurityCheck.exe
2014-01-26 06:23 - 2014-01-26 06:23 - 00346568 _____ (Azureus Software, Inc) C:\Users\Nicola\Downloads\Vuze.lnk
2014-01-26 05:59 - 2014-01-26 05:59 - 00386696 _____ C:\Users\Nicola\CBS.log
2014-01-26 05:59 - 2014-01-25 21:17 - 80754244 _____ C:\Users\Nicola\CbsPersist_20140125215731.log
2014-01-26 05:52 - 2014-01-26 05:52 - 00004998 _____ C:\Users\Nicola\RS_ApplyFix.ps1
2014-01-26 05:04 - 2014-01-26 05:04 - 00000000 ____D C:\Users\Nicola\AppData\Local\{801C0F71-A8BE-4B10-A744-9D4F48BB8D6E}
2014-01-25 20:56 - 2014-01-25 20:56 - 00000000 ____D C:\Windows\PolicyDefinitions
2014-01-25 17:04 - 2014-01-25 17:04 - 00000000 ____D C:\Users\Nicola\AppData\Local\{84C9123A-5ABD-4159-A755-2F6066F55A90}
2014-01-25 16:47 - 2010-01-07 05:40 - 04249320 _____ C:\Users\Nicola\Downloads\NEWPHOTOALBUM.POTX_1033.hh6ua0v (1) (2).partial
2014-01-25 16:47 - 2010-01-07 05:40 - 04249320 _____ C:\Users\Nicola\Downloads\NEWPHOTOALBUM.POTX_1033.hh6ua0v (1) (1).partial
2014-01-25 16:45 - 2014-01-14 03:02 - 00063592 _____ (WinAbility® Software Corporation) C:\Users\Nicola\Downloads\VistaLib32 (1).dll
2014-01-25 16:45 - 2014-01-14 03:02 - 00063592 _____ (WinAbility® Software Corporation) C:\Users\Nicola\Downloads\VistaLib32 (1) (1).dll
2014-01-25 16:44 - 2014-01-14 03:02 - 00063592 _____ (WinAbility® Software Corporation) C:\Users\Nicola\Downloads\VistaLib32.dll
2014-01-25 15:46 - 2010-11-10 09:29 - 01346416 _____ (Microsoft Corporation) C:\Users\Nicola\Downloads\WLXPhotoViewer.dll
2014-01-25 01:53 - 2014-01-26 12:16 - 00001069 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-25 01:52 - 2014-01-26 12:16 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-25 01:52 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-25 01:50 - 2014-01-25 01:50 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Nicola\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-25 01:36 - 2014-01-25 01:36 - 00294226 _____ C:\Users\Nicola\avg.csv
2014-01-24 23:46 - 2014-01-24 15:36 - 00004096 _____ C:\Users\Nicola\WINDOWS_WMPHOTO_CHANNEL.etl
2014-01-24 16:12 - 2014-01-24 16:12 - 00000000 ____D C:\Users\Nicola\AppData\Local\{9D2E5168-34BB-438C-8C75-90CF201B68B8}
2014-01-24 15:36 - 2014-01-25 21:55 - 00000224 _____ C:\Windows\setupact.log
2014-01-24 15:36 - 2014-01-24 15:36 - 00000586 _____ C:\Windows\PFRO.log
2014-01-24 15:36 - 2014-01-24 15:36 - 00000000 _____ C:\Windows\setuperr.log
2014-01-24 01:54 - 2014-01-24 01:54 - 01564069 _____ C:\Users\Nicola\WLIDRES.DLL
2014-01-23 23:50 - 2014-01-23 23:50 - 00000000 ____D C:\Users\Nicola\AppData\Local\{5BB6F7F7-A6A8-446B-BE0B-6097C53F0ED8}
2014-01-23 01:20 - 2014-01-23 18:19 - 01069920 _____ (Solid State Networks) C:\Users\Nicola\Downloads\install_reader11_en_mssd_aaa_aih.exe
2014-01-22 19:05 - 2014-01-22 19:05 - 58082952 _____ (Microsoft Corporation) C:\Users\Nicola\Downloads\EIE11_EN-US_MCM_WIN764(1).EXE
2014-01-22 19:03 - 2014-01-22 19:02 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-01-22 19:02 - 2014-01-22 19:02 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-01-22 19:02 - 2014-01-22 19:02 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-01-22 19:02 - 2014-01-22 19:02 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-01-22 19:00 - 2014-01-22 19:01 - 30796712 _____ (Oracle Corporation) C:\Users\Nicola\Downloads\jre-7u51-windows-x64.exe
2014-01-22 17:45 - 2014-01-22 17:45 - 00000000 ____D C:\Users\Nicola\AppData\Local\{D8566F63-D879-4B41-BA2B-CEA358D45ADF}
2014-01-22 15:09 - 2014-01-22 19:07 - 00000000 ___HD C:\Windows\msdownld.tmp
2014-01-22 15:08 - 2014-01-22 15:08 - 00921000 _____ (Oracle Corporation) C:\Users\Nicola\Downloads\jxpiinstall.exe
2014-01-22 15:06 - 2014-01-22 15:07 - 58082952 _____ (Microsoft Corporation) C:\Users\Nicola\Downloads\EIE11_EN-US_MCM_WIN764.EXE
2014-01-22 05:29 - 2014-01-22 05:29 - 00000000 ____D C:\Users\Nicola\AppData\Local\{8F9C6782-37CC-4807-A7CC-F63A5AED6780}
2014-01-22 04:09 - 2012-07-05 16:42 - 00000674 _____ C:\Users\Nicola\wuredir.xml
2014-01-22 03:33 - 2014-01-22 03:33 - 00000000 ____D C:\Users\Nicola\AppData\Local\{ED13F701-4375-4556-8D1E-592BEAE2EC45}
2014-01-22 03:33 - 2014-01-22 03:33 - 00000000 ____D C:\Users\Nicola\AppData\Local\{63685B22-B2BA-49B4-81F6-E2AB8219B86E}
2014-01-21 19:09 - 2014-01-21 19:09 - 00000000 ____D C:\Users\Nicola\AppData\Local\{08D5FD8D-0B92-4F46-B52B-08E7BA391B3D}
2014-01-20 19:23 - 2010-05-12 17:02 - 00016817 _____ C:\Users\Nicola\_AF72AE44C3A84BF2B9954E9A7FDC6725
2014-01-20 19:12 - 2014-01-20 19:12 - 00000000 ____D C:\Users\Nicola\AppData\Local\{69ED21AB-5871-4984-AECB-1850FC49CA08}
2014-01-20 19:12 - 2014-01-20 19:12 - 00000000 ____D C:\Users\Nicola\AppData\Local\{183B04EE-3E51-47ED-AE5F-C2B69451CF0C}
2014-01-19 23:35 - 2014-01-19 23:35 - 00000000 ____D C:\Users\Nicola\AppData\Local\{FA651ECF-5D35-4E55-9D31-8BC417F33475}
2014-01-18 10:15 - 2014-01-18 10:15 - 04954736 _____ (Microsoft Corporation) C:\Users\Nicola\Downloads\WindowsUpgradeAssistant.exe
2014-01-18 08:02 - 2011-07-15 22:32 - 00605358 _____ C:\Users\Nicola\2011-07-15_22-28_93c-7aiuld3u.log
2014-01-18 04:28 - 2014-01-18 04:28 - 00000000 ____D C:\Users\Nicola\ProcessMonitor (1)
2014-01-17 19:25 - 2014-01-17 19:25 - 00000000 ____D C:\Users\Nicola\AppData\Local\{2B5DAA6B-E93F-4A89-B006-2079A96933B2}
2014-01-17 06:24 - 2010-10-28 01:20 - 02631168 ____R C:\Users\Nicola\WLRemoteActiveX.msi
2014-01-16 19:37 - 2014-01-16 19:38 - 35721216 _____ C:\Users\Nicola\Downloads\FastPictureViewer64.msi
2014-01-16 19:29 - 2014-01-16 19:30 - 25260032 _____ C:\Users\Nicola\Downloads\FastPictureViewerCodecPackTRIAL.msi
2014-01-16 18:51 - 2014-01-16 18:51 - 00000000 ____D C:\Users\Nicola\AppData\Local\{DB054C40-E0EB-40BC-8767-C198FF9F7D1F}
2014-01-16 03:28 - 2014-01-20 15:02 - 00000000 ____D C:\Windows\SysWOW64\Adobe
2014-01-16 02:27 - 2014-01-16 02:27 - 01957661 _____ C:\Users\Nicola\Documents\Microsoft_PowerShell_Commands_Management_dll-Help.xml
2014-01-16 00:58 - 2014-01-16 00:58 - 00000000 ____D C:\Users\Nicola\AppData\Local\{F87600EA-57F1-4480-8D0E-6900EDC7FDC2}
2014-01-16 00:57 - 2014-01-16 00:57 - 00000000 ____D C:\Users\Nicola\AppData\Local\{04BA6334-7614-44AD-AB2C-35122C44E3AC}
2014-01-15 22:47 - 2014-01-15 22:47 - 00000000 ____D C:\Users\Nicola\AppData\Local\{8600E707-64B4-4D97-B64C-CB5A51E6A105}
2014-01-15 22:47 - 2014-01-15 22:47 - 00000000 ____D C:\Users\Nicola\AppData\Local\{357B451F-CDCD-41FA-B4AB-4790CC2BC004}
2014-01-15 15:38 - 2013-11-27 01:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 15:38 - 2013-11-27 01:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 15:38 - 2013-11-27 01:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 15:38 - 2013-11-27 01:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 15:38 - 2013-11-27 01:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 15:38 - 2013-11-27 01:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 15:38 - 2013-11-27 01:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 15:38 - 2013-11-26 11:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 15:38 - 2013-11-26 10:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-15 14:31 - 2014-01-15 14:31 - 00000000 ____D C:\Program Files\Lexmark
2014-01-14 23:07 - 2014-01-15 13:42 - 00000000 ____D C:\Users\Nicola\AppData\Local\Mobogenie
2014-01-14 23:07 - 2014-01-14 23:07 - 00000000 ____D C:\Users\Nicola\AppData\Local\cache
2014-01-14 23:07 - 2014-01-14 23:07 - 00000000 _____ C:\Users\Nicola\daemonprocess.txt
2014-01-14 23:05 - 2014-01-14 23:05 - 00003120 _____ C:\Windows\System32\Tasks\YourFile DownloaderUpdate
2014-01-14 23:05 - 2014-01-14 23:05 - 00000000 ____D C:\Users\Nicola\AppData\Roaming\YourFileDownloader
2014-01-14 17:36 - 2014-01-14 17:36 - 00000000 ____D C:\Users\Nicola\AppData\Local\{64E5A4B3-6B55-4E25-8B42-8CFF4E660073}
2014-01-14 17:18 - 2014-01-14 17:18 - 00000000 ____D C:\Users\Nicola\AppData\Local\{4AE77CFB-DF5B-49D5-8E4F-BA769026E937}
2014-01-14 17:15 - 2014-01-14 17:15 - 00000000 ____D C:\Users\Nicola\AppData\Local\{0552BA0B-FD88-4323-AEF5-B64E8AA39853}
2014-01-14 13:17 - 2014-01-25 03:58 - 00009529 ____H C:\Windows\SysWOW64\BTImages.dat
2014-01-14 04:57 - 2014-01-14 05:00 - 318337992 _____ C:\Users\Nicola\Downloads\Windows6.1-KB968211-x64-RefreshPkg.msu
2014-01-14 04:56 - 2014-01-14 04:56 - 01528184 _____ (Microsoft Corporation) C:\Users\Nicola\Downloads\GenuineCheck(1).exe
2014-01-14 04:52 - 2014-01-14 04:52 - 00000000 ____D C:\ProgramData\Windows Genuine Advantage
2014-01-14 04:51 - 2014-01-14 04:51 - 01528184 _____ (Microsoft Corporation) C:\Users\Nicola\Downloads\GenuineCheck.exe
2014-01-14 03:44 - 2014-01-14 03:47 - 00000000 ____D C:\MyBackup
2014-01-14 03:41 - 2014-01-14 03:41 - 04188120 _____ C:\Users\Nicola\Downloads\PCTuneUpMUISetup.exe
2014-01-14 03:36 - 2014-01-14 03:36 - 00000000 ____D C:\Users\Nicola\AppData\Roaming\MailFrontier
2014-01-14 03:08 - 2013-10-08 05:47 - 00029792 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klim6.sys
2014-01-14 03:08 - 2013-07-17 02:02 - 00177760 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kneps.sys
2014-01-14 03:08 - 2012-11-15 21:06 - 00054104 _____ (Kaspersky Lab) C:\Windows\system32\Drivers\kltdi.sys
2014-01-14 03:07 - 2013-10-09 01:31 - 00489568 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-01-14 03:07 - 2013-10-09 01:31 - 00090208 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2014-01-14 03:07 - 2013-07-17 02:02 - 07717984 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kl1.sys
2014-01-14 03:02 - 2014-01-14 03:02 - 02469088 _____ (Check Point Software Technologies LTD) C:\Users\Nicola\Downloads\ZASPSetupWeb_120_104_000.exe
2014-01-14 02:41 - 2014-01-14 02:41 - 00000000 ____D C:\Users\Nicola\AppData\Local\{FF4F585F-4BA7-4961-95F7-85C215F9B28B}
2014-01-13 23:42 - 2014-01-13 23:42 - 00000000 ____D C:\Users\Nicola\AppData\Local\{D4EC5817-4795-4518-86D0-C502075F0230}
2014-01-13 05:50 - 2014-01-13 05:50 - 00000000 ____D C:\Users\Nicola\AppData\Local\DoNotTrackPlus
2014-01-13 05:42 - 2014-01-14 03:14 - 00418053 _____ C:\Windows\system32\Drivers\vsconfig.xml
2014-01-13 05:41 - 2014-01-14 03:06 - 00000762 _____ C:\Users\Public\Desktop\ZoneAlarm Security.lnk
2014-01-13 05:39 - 2014-01-17 11:44 - 00000000 ____D C:\Users\Nicola\AppData\Roaming\1O1L1I1PtF1F1C1N
2014-01-13 05:39 - 2014-01-13 05:41 - 00000000 ____D C:\Program Files (x86)\CheckPoint
2014-01-13 05:39 - 2014-01-13 05:39 - 00000000 ____D C:\ProgramData\CheckPoint
2014-01-13 05:39 - 2014-01-13 05:38 - 01766784 _____ C:\Users\Nicola\Downloads\WinRARSetup.exe
2014-01-13 05:37 - 2014-01-13 05:37 - 00621088 _____ C:\Users\Nicola\Downloads\WinRARSetup-11550928-vffsb.exe
2014-01-13 05:31 - 2014-01-13 05:31 - 00000000 ____D C:\Users\Nicola\AppData\New folder
2014-01-13 05:26 - 2014-01-13 05:26 - 00000000 ____D C:\Users\Nicola\AppData\Local\{E39AA7DB-67EB-4F04-B1C3-1D9EEB80C2CC}
2014-01-12 17:08 - 2014-01-12 17:05 - 16617352 _____ (Bitberry Software                                           ) C:\Users\Nicola\Downloads\FreeFileViewerSetup [1].exe
2014-01-12 17:04 - 2014-01-12 17:04 - 00686448 _____ C:\Users\Nicola\Downloads\FreeFileViewerSetup.exe
2014-01-12 16:36 - 2014-01-12 16:36 - 00027133 _____ C:\Users\Nicola\BLUETOOTH.txt..txt
2014-01-12 15:18 - 2014-01-20 15:02 - 00000000 ____D C:\Users\Nicola\AppData\Local\Microsoft_Corporation
2014-01-12 11:30 - 2014-01-12 11:30 - 00000000 ____D C:\Users\Nicola\AppData\Local\{057A4415-68FE-4970-BD3F-4A20C4E61AC7}
2014-01-11 19:24 - 2014-01-11 19:24 - 00000000 ____D C:\Users\Nicola\AppData\Local\{C2C46DFC-72B1-428A-9C29-DBCB934E7F17}
2014-01-10 19:50 - 2014-01-10 19:51 - 00000000 ____D C:\Users\Nicola\AppData\Local\{685479DC-71E9-4F27-B14E-E8D1CE99FBD4}
2014-01-10 02:26 - 2010-11-15 21:02 - 00096418 _____ C:\Users\Nicola\ZY______.PFB
2014-01-10 02:26 - 2010-11-15 21:02 - 00073624 _____ (Adobe Systems, Inc) C:\Users\Nicola\wow_helper.exe
2014-01-10 02:26 - 2010-11-15 21:02 - 00002560 _____ C:\Users\Nicola\windowsmedia.sky
2014-01-10 02:25 - 2010-11-15 21:02 - 00284931 _____ C:\Users\Nicola\UCS2_B5pc
2014-01-10 02:25 - 2010-11-15 21:02 - 00218112 _____ (Adobe Systems Incorporated) C:\Users\Nicola\WindowsMedia.mpp
2014-01-10 02:25 - 2010-11-15 21:02 - 00173786 _____ C:\Users\Nicola\usa03.hsp
2014-01-10 02:25 - 2010-11-15 21:02 - 00018944 _____ C:\Users\Nicola\SaveAsRTF.PTB
2014-01-10 02:24 - 2010-11-15 21:02 - 00300032 _____ C:\Users\Nicola\pdfshell.chs
2014-01-10 02:24 - 2010-11-15 21:02 - 00135568 _____ (Adobe Systems Inc.) C:\Users\Nicola\nppdf32.dll_Apollo
2014-01-10 02:24 - 2010-11-15 21:02 - 00079360 _____ C:\Users\Nicola\multimedia.sky
2014-01-10 02:24 - 2010-11-15 21:02 - 00074240 _____ C:\Users\Nicola\makeaccessible.sky
2014-01-10 02:23 - 2010-11-15 21:02 - 00035117 _____ C:\Users\Nicola\faces.pdf15
2014-01-10 02:23 - 2010-11-15 21:02 - 00035117 _____ C:\Users\Nicola\faces.pdf14
2014-01-10 02:23 - 2010-11-15 21:02 - 00024901 _____ C:\Users\Nicola\FARSI.TXT
2014-01-10 02:23 - 2010-11-15 21:02 - 00006656 _____ C:\Users\Nicola\eBook.PTB
2014-01-10 02:22 - 2010-11-15 21:02 - 00006656 _____ C:\Users\Nicola\ebook.sky
2014-01-10 02:12 - 2013-12-09 13:07 - 00043008 _____ (RealNetworks, Inc.) C:\Users\Nicola\Downloads\annabelle.rpv
2014-01-10 02:11 - 2014-01-10 02:11 - 00069632 _____ C:\Users\Nicola\Downloads\nebula.rpv
2014-01-09 21:42 - 2014-01-09 21:42 - 00884952 _____ (Realtek                                            ) C:\Windows\system32\Drivers\Rt64win7.sys
2014-01-09 21:42 - 2014-01-09 21:42 - 00074456 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2014-01-09 21:29 - 2014-01-09 21:29 - 00000000 ____D C:\Users\Nicola\AppData\Local\{161F160F-540C-4BD0-81BE-1D29DE194C40}
2014-01-08 18:45 - 2014-01-08 18:45 - 00000000 ____D C:\Users\Nicola\AppData\Local\{269E4F44-0AC9-4DD0-8CC6-A0386ADE6A18}
2014-01-08 03:09 - 2014-01-08 03:09 - 00173424 _____ C:\Users\Nicola\Documents\_Networkingperfcounters.ini
2014-01-07 19:02 - 2014-01-07 19:02 - 00029216 _____ C:\Users\Nicola\Documents\m.xml
2014-01-07 18:48 - 2014-01-07 18:48 - 00000000 ____D C:\Users\Nicola\AppData\Local\{4028CE6B-2F1E-4088-A6C0-EF8C77FE43DE}
2014-01-07 18:22 - 2010-01-07 05:40 - 04249320 _____ C:\Users\Nicola\Downloads\NEWPHOTOALBUM.POTX_1033.hh6ua0v (2).partial.c0ixujt.partial
2014-01-07 18:06 - 2010-01-07 05:40 - 04249320 _____ C:\Users\Nicola\Downloads\NEWPHOTOALBUM.POTX_1033.hh6ua0v (1).partial
2014-01-07 16:49 - 2014-01-07 16:49 - 00000000 ____D C:\Users\Default\AppData\Roaming\IObit
2014-01-07 16:01 - 2014-01-07 16:01 - 00000000 ____D C:\Users\Nicola\AppData\Local\{F8CBA5C9-38C3-40B1-B145-B49F63DC17D7}
2014-01-07 14:23 - 2014-01-07 14:23 - 00000000 ____D C:\Users\Nicola\AppData\Roaming\IDT
2014-01-06 19:26 - 2014-01-06 19:27 - 00000000 ____D C:\Users\Nicola\AppData\Local\{F2C36D8F-FB9F-4105-98E0-1ADC4CD7E18E}
2014-01-06 05:28 - 2014-01-06 05:28 - 00027133 _____ C:\Users\Nicola\BLUETOOTH.txt.vir
2014-01-05 17:45 - 2014-01-05 17:45 - 00000000 ____D C:\Users\Nicola\AppData\Local\{F7DBB396-D7AB-488F-AE82-28029D86065F}
2014-01-05 17:44 - 2014-01-05 17:44 - 00000000 ____D C:\Users\Nicola\AppData\Local\{2E0C968F-B722-4D15-BAC2-A7B8E0858698}
2014-01-05 07:04 - 2011-06-15 17:57 - 00011090 _____ C:\Users\Nicola\_0AAF47ACF2804A28B3C77E491D7E8BC3
2014-01-05 07:04 - 2011-01-05 15:45 - 00003133 _____ C:\Users\Nicola\_0A12D4B4D7A243A6902BB1F961180D46
2014-01-05 00:18 - 2014-01-05 00:18 - 00000000 ____D C:\Users\Nicola\AppData\Local\{D02B8CBF-3FB0-495B-8B4D-8EA35EC246A3}
2014-01-05 00:18 - 2014-01-05 00:18 - 00000000 ____D C:\Users\Nicola\AppData\Local\{0CB6B998-3DBF-4F03-88DB-53B16EAF8366}
2014-01-04 19:25 - 2014-01-05 20:07 - 00000000 ____D C:\Users\Nicola\AppData\Local\LogMeIn Rescue Applet
2014-01-04 16:16 - 2014-01-04 16:16 - 00000000 ____D C:\Users\Nicola\AppData\Local\{DC5483A8-410D-4285-8850-E72D79834F5C}
2014-01-03 20:56 - 2014-01-03 20:56 - 00000000 ____D C:\Users\Nicola\AppData\Local\{3058C508-DA34-495F-907C-86381F510337}
2014-01-03 20:55 - 2014-01-03 20:55 - 00000000 ____D C:\Users\Nicola\AppData\Local\{46A62F6A-6728-4582-BFD9-321164E61FAD}
2014-01-02 20:41 - 2014-01-02 20:42 - 00000000 ____D C:\Users\Nicola\AppData\Local\{541D456D-2360-4B3D-B14A-E071BDA2B1BC}
2013-12-31 17:19 - 2013-12-31 17:19 - 00000000 ____D C:\Users\Nicola\AppData\Local\{05F54587-4AEC-4B24-8137-AC629F550AED}
2013-12-31 16:30 - 2013-12-31 16:30 - 00000000 ____D C:\Users\Nicola\AppData\Local\{BDE6C2FF-C74D-471C-8D21-D5392CC0E6B3}
2013-12-30 21:11 - 2013-12-30 21:11 - 00000000 ____D C:\Users\Nicola\AppData\Local\{5E13BC8E-7459-4084-A93E-76CD2D92EC97}
2013-12-30 20:40 - 2013-12-30 20:40 - 00000000 ____D C:\Users\Nicola\AppData\Local\{6513C6B1-F9A1-4EB6-B467-D12934642AAA}
2013-12-30 00:25 - 2013-12-30 00:25 - 00000000 ____D C:\Users\Nicola\AppData\Local\{B7D2CC41-7BDA-46C0-9E5B-A9F5EFC76027}
2013-12-30 00:04 - 2013-12-30 00:04 - 00000000 ____D C:\Users\Nicola\AppData\Local\{3D745F3B-1464-4AD6-9FBD-7489C8FA7DD8}
2013-12-30 00:04 - 2013-12-30 00:04 - 00000000 ____D C:\Users\Nicola\AppData\Local\{0436F365-CED8-409E-9014-6B11CCC186E4}
2013-12-29 21:11 - 2013-12-29 21:12 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-28 22:42 - 2013-12-28 21:30 - 12722176 _____ C:\Users\Nicola\Downloads\Pictures.pd6
2013-12-28 22:20 - 2013-12-28 22:02 - 00045338 _____ C:\Users\Nicola\Downloads\E8C9Bd01
2013-12-28 21:30 - 2013-12-28 21:30 - 00000000 ____D C:\Users\Nicola\AppData\Local\{A5114347-D333-4BC0-A543-6E1E013DC5B0}
2013-12-28 21:29 - 2013-12-28 21:29 - 00000000 ____D C:\Users\Nicola\AppData\Local\{F17854CA-7D18-43BD-B535-1BC2ED50395E}
2013-12-27 18:30 - 2013-12-27 18:30 - 00294226 _____ C:\Users\Nicola\Documents\avg.csv

==================== One Month Modified Files and Folders =======

2014-01-26 12:40 - 2013-11-23 13:30 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-26 12:39 - 2014-01-26 12:38 - 00034604 _____ C:\Users\Nicola\Downloads\FRST.txt
2014-01-26 12:38 - 2014-01-26 12:38 - 00000000 ____D C:\FRST
2014-01-26 12:37 - 2014-01-26 12:37 - 02078208 _____ (Farbar) C:\Users\Nicola\Downloads\FRST64.exe
2014-01-26 12:36 - 2014-01-26 12:36 - 00597932 _____ C:\Users\Nicola\Downloads\SecurityCheck(1).exe
2014-01-26 12:35 - 2014-01-26 12:35 - 00622597 _____ C:\Users\Nicola\Downloads\SecurityCheck.exe
2014-01-26 12:22 - 2011-11-25 08:42 - 02064992 _____ C:\Windows\WindowsUpdate.log
2014-01-26 12:16 - 2014-01-25 01:53 - 00001069 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-26 12:16 - 2014-01-25 01:52 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-26 07:04 - 2013-11-17 14:46 - 00000000 ____D C:\Users\Nicola\AppData\Roaming\Azureus
2014-01-26 06:23 - 2014-01-26 06:23 - 00346568 _____ (Azureus Software, Inc) C:\Users\Nicola\Downloads\Vuze.lnk
2014-01-26 05:59 - 2014-01-26 05:59 - 00386696 _____ C:\Users\Nicola\CBS.log
2014-01-26 05:59 - 2013-11-17 14:23 - 00000000 ____D C:\Users\Nicola
2014-01-26 05:52 - 2014-01-26 05:52 - 00004998 _____ C:\Users\Nicola\RS_ApplyFix.ps1
2014-01-26 05:04 - 2014-01-26 05:04 - 00000000 ____D C:\Users\Nicola\AppData\Local\{801C0F71-A8BE-4B10-A744-9D4F48BB8D6E}
2014-01-26 04:05 - 2013-11-18 01:53 - 00000000 ____D C:\Users\Nicola\AppData\Local\CrashDumps
2014-01-26 01:59 - 2013-11-17 14:28 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{8087D3AD-260F-4587-93C7-DB306161E9BB}
2014-01-25 22:03 - 2009-07-14 04:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-25 22:03 - 2009-07-14 04:45 - 00032064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-25 21:55 - 2014-01-24 15:36 - 00000224 _____ C:\Windows\setupact.log
2014-01-25 21:55 - 2009-07-14 05:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-25 21:52 - 2009-07-14 05:08 - 00023992 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-25 21:17 - 2014-01-26 05:59 - 80754244 _____ C:\Users\Nicola\CbsPersist_20140125215731.log
2014-01-25 20:56 - 2014-01-25 20:56 - 00000000 ____D C:\Windows\PolicyDefinitions
2014-01-25 20:56 - 2011-11-25 09:32 - 00000000 ___RD C:\Users\Public\Recorded TV
2014-01-25 20:56 - 2009-07-14 05:32 - 00000000 ____D C:\Program Files\DVD Maker
2014-01-25 20:56 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\system32\spool
2014-01-25 17:04 - 2014-01-25 17:04 - 00000000 ____D C:\Users\Nicola\AppData\Local\{84C9123A-5ABD-4159-A755-2F6066F55A90}
2014-01-25 16:11 - 2013-11-18 19:19 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2014-01-25 03:58 - 2014-01-14 13:17 - 00009529 ____H C:\Windows\SysWOW64\BTImages.dat
2014-01-25 03:50 - 2013-12-18 21:04 - 00000000 ____D C:\ProgramData\ProductData
2014-01-25 03:01 - 2013-12-18 01:04 - 00094208 _____ C:\Users\Nicola\Desktop\WINDOWS_MP4SDECD_CHANNEL.etl
2014-01-25 01:50 - 2014-01-25 01:50 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Nicola\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-25 01:36 - 2014-01-25 01:36 - 00294226 _____ C:\Users\Nicola\avg.csv
2014-01-24 16:12 - 2014-01-24 16:12 - 00000000 ____D C:\Users\Nicola\AppData\Local\{9D2E5168-34BB-438C-8C75-90CF201B68B8}
2014-01-24 15:36 - 2014-01-24 23:46 - 00004096 _____ C:\Users\Nicola\WINDOWS_WMPHOTO_CHANNEL.etl
2014-01-24 15:36 - 2014-01-24 15:36 - 00000586 _____ C:\Windows\PFRO.log
2014-01-24 15:36 - 2014-01-24 15:36 - 00000000 _____ C:\Windows\setuperr.log
2014-01-24 01:54 - 2014-01-24 01:54 - 01564069 _____ C:\Users\Nicola\WLIDRES.DLL
2014-01-23 23:50 - 2014-01-23 23:50 - 00000000 ____D C:\Users\Nicola\AppData\Local\{5BB6F7F7-A6A8-446B-BE0B-6097C53F0ED8}
2014-01-23 18:19 - 2014-01-23 01:20 - 01069920 _____ (Solid State Networks) C:\Users\Nicola\Downloads\install_reader11_en_mssd_aaa_aih.exe
2014-01-23 18:08 - 2013-11-17 14:40 - 00003220 _____ C:\Windows\System32\Tasks\HPCeeScheduleForNICOLA-HP$
2014-01-23 18:08 - 2013-11-17 14:40 - 00000344 _____ C:\Windows\Tasks\HPCeeScheduleForNICOLA-HP$.job
2014-01-23 01:19 - 2013-11-17 22:46 - 00000000 ____D C:\Users\Nicola\AppData\Local\Adobe
2014-01-23 01:07 - 2011-07-16 05:33 - 00000000 ____D C:\ProgramData\Adobe
2014-01-22 19:10 - 2013-12-22 18:10 - 00000336 _____ C:\Windows\Tasks\HPCeeScheduleForNicola.job
2014-01-22 19:07 - 2014-01-22 15:09 - 00000000 ___HD C:\Windows\msdownld.tmp
2014-01-22 19:05 - 2014-01-22 19:05 - 58082952 _____ (Microsoft Corporation) C:\Users\Nicola\Downloads\EIE11_EN-US_MCM_WIN764(1).EXE
2014-01-22 19:02 - 2014-01-22 19:03 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-01-22 19:02 - 2014-01-22 19:02 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-01-22 19:02 - 2014-01-22 19:02 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-01-22 19:02 - 2014-01-22 19:02 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-01-22 19:02 - 2013-11-22 20:24 - 00000000 ____D C:\Program Files\Java
2014-01-22 19:01 - 2014-01-22 19:00 - 30796712 _____ (Oracle Corporation) C:\Users\Nicola\Downloads\jre-7u51-windows-x64.exe
2014-01-22 17:45 - 2014-01-22 17:45 - 00000000 ____D C:\Users\Nicola\AppData\Local\{D8566F63-D879-4B41-BA2B-CEA358D45ADF}
2014-01-22 17:36 - 2013-12-22 18:10 - 00003192 _____ C:\Windows\System32\Tasks\HPCeeScheduleForNicola
2014-01-22 15:08 - 2014-01-22 15:08 - 00921000 _____ (Oracle Corporation) C:\Users\Nicola\Downloads\jxpiinstall.exe
2014-01-22 15:07 - 2014-01-22 15:06 - 58082952 _____ (Microsoft Corporation) C:\Users\Nicola\Downloads\EIE11_EN-US_MCM_WIN764.EXE
2014-01-22 05:42 - 2013-11-24 03:09 - 00050338 _____ C:\Users\Nicola\Desktop\Show-Hidden.txt
2014-01-22 05:29 - 2014-01-22 05:29 - 00000000 ____D C:\Users\Nicola\AppData\Local\{8F9C6782-37CC-4807-A7CC-F63A5AED6780}
2014-01-22 03:33 - 2014-01-22 03:33 - 00000000 ____D C:\Users\Nicola\AppData\Local\{ED13F701-4375-4556-8D1E-592BEAE2EC45}
2014-01-22 03:33 - 2014-01-22 03:33 - 00000000 ____D C:\Users\Nicola\AppData\Local\{63685B22-B2BA-49B4-81F6-E2AB8219B86E}
2014-01-21 19:09 - 2014-01-21 19:09 - 00000000 ____D C:\Users\Nicola\AppData\Local\{08D5FD8D-0B92-4F46-B52B-08E7BA391B3D}
2014-01-21 04:01 - 2009-07-14 05:13 - 00778834 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-20 19:12 - 2014-01-20 19:12 - 00000000 ____D C:\Users\Nicola\AppData\Local\{69ED21AB-5871-4984-AECB-1850FC49CA08}
2014-01-20 19:12 - 2014-01-20 19:12 - 00000000 ____D C:\Users\Nicola\AppData\Local\{183B04EE-3E51-47ED-AE5F-C2B69451CF0C}
2014-01-20 17:46 - 2013-12-18 21:04 - 00002165 _____ C:\Users\Public\Desktop\Advanced SystemCare 7.lnk
2014-01-20 15:02 - 2014-01-16 03:28 - 00000000 ____D C:\Windows\SysWOW64\Adobe
2014-01-20 15:02 - 2014-01-12 15:18 - 00000000 ____D C:\Users\Nicola\AppData\Local\Microsoft_Corporation
2014-01-20 15:02 - 2013-12-20 03:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2014-01-20 15:02 - 2013-12-19 00:53 - 00000000 ____D C:\ProgramData\MFAData
2014-01-20 15:02 - 2013-12-11 19:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2014-01-20 15:02 - 2013-11-26 04:11 - 00000000 ____D C:\Users\Nicola\Desktop\rkill
2014-01-20 15:02 - 2013-11-26 04:09 - 00000000 ____D C:\Users\Nicola\Desktop\mbar
2014-01-20 15:02 - 2013-11-24 03:02 - 00000000 ____D C:\Users\Nicola\Downloads\TCPView
2014-01-20 15:02 - 2013-11-17 23:28 - 00000000 ____D C:\Users\Nicola\AppData\Roaming\IObit
2014-01-20 15:02 - 2013-11-17 23:28 - 00000000 ____D C:\ProgramData\IObit
2014-01-20 15:02 - 2013-11-17 14:46 - 00000000 ____D C:\Users\Nicola\.swt
2014-01-20 15:02 - 2013-11-17 14:28 - 00000000 ___RD C:\Users\Nicola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-20 15:02 - 2013-11-17 14:28 - 00000000 ___RD C:\Users\Nicola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-01-20 15:02 - 2013-11-17 14:27 - 00000000 ____D C:\Users\Nicola\AppData\Local\RemEngine
2014-01-20 15:02 - 2013-11-17 14:24 - 00000000 ____D C:\Users\Nicola\AppData\Local\Hewlett-Packard_Company
2014-01-20 15:02 - 2013-11-17 14:24 - 00000000 ____D C:\Users\Nicola\AppData\Local\Hewlett-Packard
2014-01-20 15:02 - 2013-11-17 14:23 - 00000000 ___RD C:\Users\Nicola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-01-20 15:02 - 2013-11-17 14:23 - 00000000 ___RD C:\Users\Nicola\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-01-20 15:02 - 2011-11-25 08:52 - 00000000 ____D C:\Windows\SysWOW64\sda
2014-01-20 15:02 - 2011-07-16 05:38 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2014-01-20 15:02 - 2011-07-16 05:38 - 00000000 ____D C:\Windows\System32\Tasks\Hewlett-Packard
2014-01-20 15:02 - 2011-07-16 05:27 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2014-01-20 15:02 - 2011-07-16 05:20 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2014-01-20 15:02 - 2010-11-21 07:06 - 00000000 ____D C:\Windows\SysWOW64\winrm
2014-01-20 15:02 - 2010-11-21 07:06 - 00000000 ____D C:\Windows\system32\winrm
2014-01-20 15:02 - 2009-07-14 05:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2014-01-20 15:02 - 2009-07-14 05:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2014-01-20 15:02 - 2009-07-14 05:32 - 00000000 ____D C:\Program Files\Windows Defender
2014-01-20 15:02 - 2009-07-14 05:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2014-01-20 15:02 - 2009-07-14 05:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2014-01-20 15:02 - 2009-07-14 05:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2014-01-20 15:02 - 2009-07-14 03:20 - 00000000 __RSD C:\Windows\Media
2014-01-20 15:02 - 2009-07-14 03:20 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-01-20 15:02 - 2009-07-14 03:20 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-01-20 15:02 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\SysWOW64\sppui
2014-01-20 15:02 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\system32\migwiz
2014-01-20 15:02 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\system32\ias
2014-01-20 15:02 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\servicing
2014-01-20 15:02 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\security
2014-01-20 15:02 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\registration
2014-01-20 15:02 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\L2Schemas
2014-01-20 15:02 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\Branding
2014-01-20 15:02 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\AppCompat
2014-01-20 15:02 - 2009-07-14 03:20 - 00000000 ____D C:\Program Files\Common Files\System
2014-01-20 15:02 - 2009-07-14 03:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2014-01-19 23:35 - 2014-01-19 23:35 - 00000000 ____D C:\Users\Nicola\AppData\Local\{FA651ECF-5D35-4E55-9D31-8BC417F33475}
2014-01-19 00:37 - 2013-11-23 13:30 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-01-19 00:37 - 2013-11-23 13:30 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-01-19 00:37 - 2011-07-16 05:20 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-18 10:53 - 2011-11-25 09:01 - 00000000 ____D C:\ProgramData\Norton
2014-01-18 10:18 - 2013-11-17 14:23 - 00000000 ____D C:\Users\Nicola\AppData\Local\VirtualStore
2014-01-18 10:15 - 2014-01-18 10:15 - 04954736 _____ (Microsoft Corporation) C:\Users\Nicola\Downloads\WindowsUpgradeAssistant.exe
2014-01-18 04:28 - 2014-01-18 04:28 - 00000000 ____D C:\Users\Nicola\ProcessMonitor (1)
2014-01-17 19:25 - 2014-01-17 19:25 - 00000000 ____D C:\Users\Nicola\AppData\Local\{2B5DAA6B-E93F-4A89-B006-2079A96933B2}
2014-01-17 11:47 - 2013-11-17 23:27 - 00000000 ____D C:\Program Files (x86)\IObit
2014-01-17 11:44 - 2014-01-13 05:39 - 00000000 ____D C:\Users\Nicola\AppData\Roaming\1O1L1I1PtF1F1C1N
2014-01-16 19:38 - 2014-01-16 19:37 - 35721216 _____ C:\Users\Nicola\Downloads\FastPictureViewer64.msi
2014-01-16 19:30 - 2014-01-16 19:29 - 25260032 _____ C:\Users\Nicola\Downloads\FastPictureViewerCodecPackTRIAL.msi
2014-01-16 18:51 - 2014-01-16 18:51 - 00000000 ____D C:\Users\Nicola\AppData\Local\{DB054C40-E0EB-40BC-8767-C198FF9F7D1F}
2014-01-16 08:44 - 2009-07-14 04:45 - 00275712 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-16 03:04 - 2013-11-18 03:20 - 00000000 ____D C:\Windows\system32\MRT
2014-01-16 03:01 - 2013-11-19 04:16 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-16 02:40 - 2013-12-21 00:47 - 00005632 _____ C:\Users\Nicola\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-16 02:27 - 2014-01-16 02:27 - 01957661 _____ C:\Users\Nicola\Documents\Microsoft_PowerShell_Commands_Management_dll-Help.xml
2014-01-16 00:58 - 2014-01-16 00:58 - 00000000 ____D C:\Users\Nicola\AppData\Local\{F87600EA-57F1-4480-8D0E-6900EDC7FDC2}
2014-01-16 00:57 - 2014-01-16 00:57 - 00000000 ____D C:\Users\Nicola\AppData\Local\{04BA6334-7614-44AD-AB2C-35122C44E3AC}
2014-01-15 22:47 - 2014-01-15 22:47 - 00000000 ____D C:\Users\Nicola\AppData\Local\{8600E707-64B4-4D97-B64C-CB5A51E6A105}
2014-01-15 22:47 - 2014-01-15 22:47 - 00000000 ____D C:\Users\Nicola\AppData\Local\{357B451F-CDCD-41FA-B4AB-4790CC2BC004}
2014-01-15 14:31 - 2014-01-15 14:31 - 00000000 ____D C:\Program Files\Lexmark
2014-01-15 13:42 - 2014-01-14 23:07 - 00000000 ____D C:\Users\Nicola\AppData\Local\Mobogenie
2014-01-14 23:07 - 2014-01-14 23:07 - 00000000 ____D C:\Users\Nicola\AppData\Local\cache
2014-01-14 23:07 - 2014-01-14 23:07 - 00000000 _____ C:\Users\Nicola\daemonprocess.txt
2014-01-14 23:05 - 2014-01-14 23:05 - 00003120 _____ C:\Windows\System32\Tasks\YourFile DownloaderUpdate
2014-01-14 23:05 - 2014-01-14 23:05 - 00000000 ____D C:\Users\Nicola\AppData\Roaming\YourFileDownloader
2014-01-14 17:36 - 2014-01-14 17:36 - 00000000 ____D C:\Users\Nicola\AppData\Local\{64E5A4B3-6B55-4E25-8B42-8CFF4E660073}
2014-01-14 17:18 - 2014-01-14 17:18 - 00000000 ____D C:\Users\Nicola\AppData\Local\{4AE77CFB-DF5B-49D5-8E4F-BA769026E937}
2014-01-14 17:15 - 2014-01-14 17:15 - 00000000 ____D C:\Users\Nicola\AppData\Local\{0552BA0B-FD88-4323-AEF5-B64E8AA39853}
2014-01-14 05:00 - 2014-01-14 04:57 - 318337992 _____ C:\Users\Nicola\Downloads\Windows6.1-KB968211-x64-RefreshPkg.msu
2014-01-14 04:56 - 2014-01-14 04:56 - 01528184 _____ (Microsoft Corporation) C:\Users\Nicola\Downloads\GenuineCheck(1).exe
2014-01-14 04:52 - 2014-01-14 04:52 - 00000000 ____D C:\ProgramData\Windows Genuine Advantage
2014-01-14 04:51 - 2014-01-14 04:51 - 01528184 _____ (Microsoft Corporation) C:\Users\Nicola\Downloads\GenuineCheck.exe
2014-01-14 03:47 - 2014-01-14 03:44 - 00000000 ____D C:\MyBackup
2014-01-14 03:41 - 2014-01-14 03:41 - 04188120 _____ C:\Users\Nicola\Downloads\PCTuneUpMUISetup.exe
2014-01-14 03:36 - 2014-01-14 03:36 - 00000000 ____D C:\Users\Nicola\AppData\Roaming\MailFrontier
2014-01-14 03:14 - 2014-01-13 05:42 - 00418053 _____ C:\Windows\system32\Drivers\vsconfig.xml
2014-01-14 03:06 - 2014-01-13 05:41 - 00000762 _____ C:\Users\Public\Desktop\ZoneAlarm Security.lnk
2014-01-14 03:02 - 2014-01-25 16:45 - 00063592 _____ (WinAbility® Software Corporation) C:\Users\Nicola\Downloads\VistaLib32 (1).dll
2014-01-14 03:02 - 2014-01-25 16:45 - 00063592 _____ (WinAbility® Software Corporation) C:\Users\Nicola\Downloads\VistaLib32 (1) (1).dll
2014-01-14 03:02 - 2014-01-25 16:44 - 00063592 _____ (WinAbility® Software Corporation) C:\Users\Nicola\Downloads\VistaLib32.dll
2014-01-14 03:02 - 2014-01-14 03:02 - 02469088 _____ (Check Point Software Technologies LTD) C:\Users\Nicola\Downloads\ZASPSetupWeb_120_104_000.exe
2014-01-14 02:41 - 2014-01-14 02:41 - 00000000 ____D C:\Users\Nicola\AppData\Local\{FF4F585F-4BA7-4961-95F7-85C215F9B28B}
2014-01-13 23:42 - 2014-01-13 23:42 - 00000000 ____D C:\Users\Nicola\AppData\Local\{D4EC5817-4795-4518-86D0-C502075F0230}
2014-01-13 05:50 - 2014-01-13 05:50 - 00000000 ____D C:\Users\Nicola\AppData\Local\DoNotTrackPlus
2014-01-13 05:41 - 2014-01-13 05:39 - 00000000 ____D C:\Program Files (x86)\CheckPoint
2014-01-13 05:39 - 2014-01-13 05:39 - 00000000 ____D C:\ProgramData\CheckPoint
2014-01-13 05:38 - 2014-01-13 05:39 - 01766784 _____ C:\Users\Nicola\Downloads\WinRARSetup.exe
2014-01-13 05:37 - 2014-01-13 05:37 - 00621088 _____ C:\Users\Nicola\Downloads\WinRARSetup-11550928-vffsb.exe
2014-01-13 05:31 - 2014-01-13 05:31 - 00000000 ____D C:\Users\Nicola\AppData\New folder
2014-01-13 05:26 - 2014-01-13 05:26 - 00000000 ____D C:\Users\Nicola\AppData\Local\{E39AA7DB-67EB-4F04-B1C3-1D9EEB80C2CC}
2014-01-12 17:05 - 2014-01-12 17:08 - 16617352 _____ (Bitberry Software                                           ) C:\Users\Nicola\Downloads\FreeFileViewerSetup [1].exe
2014-01-12 17:04 - 2014-01-12 17:04 - 00686448 _____ C:\Users\Nicola\Downloads\FreeFileViewerSetup.exe
2014-01-12 16:36 - 2014-01-12 16:36 - 00027133 _____ C:\Users\Nicola\BLUETOOTH.txt..txt
2014-01-12 15:07 - 2013-11-21 02:55 - 00000000 ___DC C:\Users\Nicola\AppData\Local\MigWiz
2014-01-12 11:30 - 2014-01-12 11:30 - 00000000 ____D C:\Users\Nicola\AppData\Local\{057A4415-68FE-4970-BD3F-4A20C4E61AC7}
2014-01-11 19:24 - 2014-01-11 19:24 - 00000000 ____D C:\Users\Nicola\AppData\Local\{C2C46DFC-72B1-428A-9C29-DBCB934E7F17}
2014-01-10 19:51 - 2014-01-10 19:50 - 00000000 ____D C:\Users\Nicola\AppData\Local\{685479DC-71E9-4F27-B14E-E8D1CE99FBD4}
2014-01-10 02:11 - 2014-01-10 02:11 - 00069632 _____ C:\Users\Nicola\Downloads\nebula.rpv
2014-01-09 21:42 - 2014-01-09 21:42 - 00884952 _____ (Realtek                                            ) C:\Windows\system32\Drivers\Rt64win7.sys
2014-01-09 21:42 - 2014-01-09 21:42 - 00074456 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2014-01-09 21:42 - 2011-11-25 08:53 - 00108760 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst64.dll
2014-01-09 21:29 - 2014-01-09 21:29 - 00000000 ____D C:\Users\Nicola\AppData\Local\{161F160F-540C-4BD0-81BE-1D29DE194C40}
2014-01-08 18:45 - 2014-01-08 18:45 - 00000000 ____D C:\Users\Nicola\AppData\Local\{269E4F44-0AC9-4DD0-8CC6-A0386ADE6A18}
2014-01-08 03:09 - 2014-01-08 03:09 - 00173424 _____ C:\Users\Nicola\Documents\_Networkingperfcounters.ini
2014-01-07 19:02 - 2014-01-07 19:02 - 00029216 _____ C:\Users\Nicola\Documents\m.xml
2014-01-07 18:48 - 2014-01-07 18:48 - 00000000 ____D C:\Users\Nicola\AppData\Local\{4028CE6B-2F1E-4088-A6C0-EF8C77FE43DE}
2014-01-07 18:05 - 2013-11-24 02:45 - 00000000 ____D C:\Users\Nicola\Downloads\ProcessMonitor
2014-01-07 16:53 - 2013-12-19 00:58 - 00000000 ____D C:\Users\Nicola\AppData\Roaming\AVG2014
2014-01-07 16:53 - 2013-12-18 19:57 - 00000000 ____D C:\Users\Public\Documents\Downloaded Installers
2014-01-07 16:53 - 2013-12-09 13:11 - 00000000 ____D C:\Users\Nicola\AppData\Roaming\Mozilla
2014-01-07 16:53 - 2013-12-09 13:11 - 00000000 ____D C:\Users\Nicola\AppData\Local\Mozilla
2014-01-07 16:53 - 2013-12-09 13:10 - 00000000 ____D C:\Users\Nicola\AppData\Local\Google
2014-01-07 16:53 - 2013-11-28 06:04 - 00000000 ____D C:\Users\Nicola\Documents\Fax
2014-01-07 16:53 - 2013-11-17 14:41 - 00000000 ____D C:\Users\Nicola\AppData\Roaming\Macromedia
2014-01-07 16:53 - 2013-11-17 14:41 - 00000000 ____D C:\Users\Nicola\AppData\Roaming\Adobe
2014-01-07 16:53 - 2009-07-14 03:20 - 00000000 ___RD C:\Users\Default
2014-01-07 16:52 - 2011-11-25 08:52 - 00000000 ____D C:\Program Files (x86)\Realtek
2014-01-07 16:49 - 2014-01-07 16:49 - 00000000 ____D C:\Users\Default\AppData\Roaming\IObit
2014-01-07 16:01 - 2014-01-07 16:01 - 00000000 ____D C:\Users\Nicola\AppData\Local\{F8CBA5C9-38C3-40B1-B145-B49F63DC17D7}
2014-01-07 14:23 - 2014-01-07 14:23 - 00000000 ____D C:\Users\Nicola\AppData\Roaming\IDT
2014-01-06 19:27 - 2014-01-06 19:26 - 00000000 ____D C:\Users\Nicola\AppData\Local\{F2C36D8F-FB9F-4105-98E0-1ADC4CD7E18E}
2014-01-06 05:28 - 2014-01-06 05:28 - 00027133 _____ C:\Users\Nicola\BLUETOOTH.txt.vir
2014-01-05 20:07 - 2014-01-04 19:25 - 00000000 ____D C:\Users\Nicola\AppData\Local\LogMeIn Rescue Applet
2014-01-05 17:45 - 2014-01-05 17:45 - 00000000 ____D C:\Users\Nicola\AppData\Local\{F7DBB396-D7AB-488F-AE82-28029D86065F}
2014-01-05 17:44 - 2014-01-05 17:44 - 00000000 ____D C:\Users\Nicola\AppData\Local\{2E0C968F-B722-4D15-BAC2-A7B8E0858698}
2014-01-05 00:18 - 2014-01-05 00:18 - 00000000 ____D C:\Users\Nicola\AppData\Local\{D02B8CBF-3FB0-495B-8B4D-8EA35EC246A3}
2014-01-05 00:18 - 2014-01-05 00:18 - 00000000 ____D C:\Users\Nicola\AppData\Local\{0CB6B998-3DBF-4F03-88DB-53B16EAF8366}
2014-01-04 16:16 - 2014-01-04 16:16 - 00000000 ____D C:\Users\Nicola\AppData\Local\{DC5483A8-410D-4285-8850-E72D79834F5C}
2014-01-03 20:56 - 2014-01-03 20:56 - 00000000 ____D C:\Users\Nicola\AppData\Local\{3058C508-DA34-495F-907C-86381F510337}
2014-01-03 20:55 - 2014-01-03 20:55 - 00000000 ____D C:\Users\Nicola\AppData\Local\{46A62F6A-6728-4582-BFD9-321164E61FAD}
2014-01-02 20:42 - 2014-01-02 20:41 - 00000000 ____D C:\Users\Nicola\AppData\Local\{541D456D-2360-4B3D-B14A-E071BDA2B1BC}
2013-12-31 17:19 - 2013-12-31 17:19 - 00000000 ____D C:\Users\Nicola\AppData\Local\{05F54587-4AEC-4B24-8137-AC629F550AED}
2013-12-31 16:30 - 2013-12-31 16:30 - 00000000 ____D C:\Users\Nicola\AppData\Local\{BDE6C2FF-C74D-471C-8D21-D5392CC0E6B3}
2013-12-30 21:11 - 2013-12-30 21:11 - 00000000 ____D C:\Users\Nicola\AppData\Local\{5E13BC8E-7459-4084-A93E-76CD2D92EC97}
2013-12-30 20:40 - 2013-12-30 20:40 - 00000000 ____D C:\Users\Nicola\AppData\Local\{6513C6B1-F9A1-4EB6-B467-D12934642AAA}
2013-12-30 00:25 - 2013-12-30 00:25 - 00000000 ____D C:\Users\Nicola\AppData\Local\{B7D2CC41-7BDA-46C0-9E5B-A9F5EFC76027}
2013-12-30 00:04 - 2013-12-30 00:04 - 00000000 ____D C:\Users\Nicola\AppData\Local\{3D745F3B-1464-4AD6-9FBD-7489C8FA7DD8}
2013-12-30 00:04 - 2013-12-30 00:04 - 00000000 ____D C:\Users\Nicola\AppData\Local\{0436F365-CED8-409E-9014-6B11CCC186E4}
2013-12-29 21:12 - 2013-12-29 21:11 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-29 20:20 - 2013-11-17 23:30 - 00000000 ____D C:\ProgramData\AVAST Software
2013-12-28 22:02 - 2013-12-28 22:20 - 00045338 _____ C:\Users\Nicola\Downloads\E8C9Bd01
2013-12-28 21:30 - 2013-12-28 22:42 - 12722176 _____ C:\Users\Nicola\Downloads\Pictures.pd6
2013-12-28 21:30 - 2013-12-28 21:30 - 00000000 ____D C:\Users\Nicola\AppData\Local\{A5114347-D333-4BC0-A543-6E1E013DC5B0}
2013-12-28 21:29 - 2013-12-28 21:29 - 00000000 ____D C:\Users\Nicola\AppData\Local\{F17854CA-7D18-43BD-B535-1BC2ED50395E}
2013-12-27 18:30 - 2013-12-27 18:30 - 00294226 _____ C:\Users\Nicola\Documents\avg.csv

Files to move or delete:
====================
C:\Users\Nicola\ACERCLR.DLL
C:\Users\Nicola\d3dx10_42.dll
C:\Users\Nicola\dsetup32.dll
C:\Users\Nicola\DXSETUP.exe
C:\Users\Nicola\HPSFdetect.exe
C:\Users\Nicola\WLIDRES.DLL
C:\Users\Nicola\wow_helper.exe


Some content of TEMP:
====================
C:\Users\Nicola\AppData\Local\Temp\htmlayout.dll
C:\Users\Nicola\AppData\Local\Temp\i4jdel0.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== BCD ================================

Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume1
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
extendedinput           Yes
default                 {current}
resumeobject            {be0ba533-4fd3-11e3-9afc-b45874863bcd}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30
customactions           0x1000085000001
                        0x5400000f
custom:5400000f         {be0ba539-4fd3-11e3-9afc-b45874863bcd}

Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {be0ba539-4fd3-11e3-9afc-b45874863bcd}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {be0ba533-4fd3-11e3-9afc-b45874863bcd}
nx                      OptIn
detecthal               Yes

Windows Boot Loader
-------------------
identifier              {be0ba535-4fd3-11e3-9afc-b45874863bcd}
device                  ramdisk=[C:]\Recovery\be0ba535-4fd3-11e3-9afc-b45874863bcd\Winre.wim,{be0ba536-4fd3-11e3-9afc-b45874863bcd}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\be0ba535-4fd3-11e3-9afc-b45874863bcd\Winre.wim,{be0ba536-4fd3-11e3-9afc-b45874863bcd}
systemroot              \windows
nx                      OptIn
winpe                   Yes

Windows Boot Loader
-------------------
identifier              {be0ba539-4fd3-11e3-9afc-b45874863bcd}
device                  ramdisk=[D:]\Recovery\WindowsRE\Winre.wim,{be0ba53a-4fd3-11e3-9afc-b45874863bcd}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[D:]\Recovery\WindowsRE\Winre.wim,{be0ba53a-4fd3-11e3-9afc-b45874863bcd}
systemroot              \windows
nx                      OptIn
winpe                   Yes

Resume from Hibernate
---------------------
identifier              {be0ba533-4fd3-11e3-9afc-b45874863bcd}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No

Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume1
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS Settings
------------
identifier              {emssettings}
bootems                 Yes

Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM Defects
-----------
identifier              {badmemory}

Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}

Device options
--------------
identifier              {be0ba536-4fd3-11e3-9afc-b45874863bcd}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\be0ba535-4fd3-11e3-9afc-b45874863bcd\boot.sdi

Device options
--------------
identifier              {be0ba53a-4fd3-11e3-9afc-b45874863bcd}
description             Ramdisk Options
ramdisksdidevice        partition=D:
ramdisksdipath          \Recovery\WindowsRE\boot.sdi



LastRegBack: 2014-01-09 01:19

==================== End Of Log ============================

 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.26.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Nicola :: NICOLA-HP [administrator]

26/01/2014 16:42:59
MBAM-log-2014-01-26 (16-59-44).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 205024
Time elapsed: 7 minute(s), 40 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 4
HKCU\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff (PUP.Optional.MySearchDial.A) -> No action taken.
HKCU\Software\InstallCore\1I1T1Q1S (PUP.Optional.InstallCore.A) -> No action taken.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> No action taken.
HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff (PUP.Optional.MySearchDial.A) -> No action taken.

Registry Values Detected: 1
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: 0W1L1I1S0L1K1R -> No action taken.

Registry Data Items Detected: 2
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.MySearchDial.A) -> Bad: (http://start.mysearchdial.com/?f=1&a=dnldstr1202&cd=2XzuyEtN2Y1L1Qzu0E0Czy0AyByEyE0AyDzztB0B0CyEyB0BtN0D0Tzu0SyBtCtCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=656244596&ir=) Good: (http://www.google.com) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.MySearchDial.A) -> Bad: (http://start.mysearchdial.com/?f=1&a=dnldstr1202&cd=2XzuyEtN2Y1L1Qzu0E0Czy0AyByEyE0AyDzztB0B0CyEyB0BtN0D0Tzu0SyBtCtCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=656244596&ir=) Good: (http://www.google.com) -> No action taken.

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\Nicola\Downloads\WinRARSetup-11550928-vffsb.exe (PUP.Optional.TSA) -> No action taken.
C:\Users\Nicola\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pflphaooapbgpeakohlggbpidpppgdff_0.localstorage (PUP.Optional.FunMoods.A) -> No action taken.

(end)
 

Rkill 2.6.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 01/26/2014 04:47:34 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

 * Windows Firewall Disabled

   [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
   "EnableFirewall" = dword:00000000

Checking Windows Service Integrity:

 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Manual

 * WMPNetworkSvc [Missing Service]

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 01/26/2014 04:49:33 PM
Execution time: 0 hours(s), 1 minute(s), and 59 seconds(s)

 

Show Hidden by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
Show Hidden will display all hidden folders on your computer.
You can use the -f argument to display hidden files as well.

Program started at: 01/26/2014 05:24:55 PM
Windows Version: Windows 7

Please be patient while your hard drives are scanned.

Scanning the C:\ drive

 * C:\$RECYCLE.BIN
 * C:\$RECYCLE.BIN\S-1-5-18
 * C:\$RECYCLE.BIN\S-1-5-21-1551403403-997359160-2161683577-1001
 * C:\$RECYCLE.BIN\S-1-5-21-1551403403-997359160-2161683577-500
 * C:\$RECYCLE.BIN\S-1-5-21-863251482-4034002167-3552090545-500
 * C:\boot
 * C:\Config.Msi
 * C:\HP
 * C:\Program Files\Uninstall Information
 * C:\Program Files (x86)\Common Files\Windows Live\.cache
 * C:\Program Files (x86)\InstallShield Installation Information
 * C:\Program Files (x86)\IObit\Advanced SystemCare 7\Update
 * C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\Update
 * C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\update
 * C:\Program Files (x86)\IObit\LiveUpdate\update
 * C:\Program Files (x86)\Uninstall Information
 * C:\ProgramData
 * C:\ProgramData\Apple Computer\iTunes\SC Info
 * C:\ProgramData\CheckPoint\ZoneAlarm\Data\avsys\temp\sdk8\SysWHist
 * C:\ProgramData\Common Files
 * C:\ProgramData\Microsoft\DRM\Server
 * C:\ProgramData\Microsoft\Windows\DRM
 * C:\ProgramData\Microsoft\Windows\DRM\Cache
 * C:\ProgramData\Microsoft\WwanSvc
 * C:\ProgramData\Microsoft\WwanSvc\Profiles
 * C:\Recovery\be0ba535-4fd3-11e3-9afc-b45874863bcd
 * C:\System Volume Information
 * C:\System Volume Information\SPP
 * C:\System Volume Information\SPP\OnlineMetadataCache
 * C:\System Volume Information\SPP\SppCbsHiveStore
 * C:\System Volume Information\SPP\SppGroupCache
 * C:\System Volume Information\SystemRestore
 * C:\System Volume Information\SystemRestore\FRStaging
 * C:\System Volume Information\SystemRestore\WmiStaging
 * C:\SYSTEM.SAV
 * C:\SYSTEM.SAV\Logs\RM
 * C:\Users\Nicola\AppData
 * C:\Users\Nicola\AppData\Local\Microsoft\CardSpace
 * C:\Users\Nicola\AppData\Local\Microsoft\Device Metadata\dmrccache\downloads
 * C:\Users\Nicola\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~
 * C:\Users\Nicola\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~
 * C:\Users\Nicola\AppData\Local\Microsoft\Feeds Cache
 * C:\Users\Nicola\AppData\Local\Microsoft\Feeds Cache\1BZDA1G2
 * C:\Users\Nicola\AppData\Local\Microsoft\Feeds Cache\1EKDUPP7
 * C:\Users\Nicola\AppData\Local\Microsoft\Feeds Cache\291ONJ3T
 * C:\Users\Nicola\AppData\Local\Microsoft\Feeds Cache\2RU2V06W
 * C:\Users\Nicola\AppData\Local\Microsoft\Feeds Cache\4D2A50KG
 * C:\Users\Nicola\AppData\Local\Microsoft\Feeds Cache\5Y5ABNHG
 * C:\Users\Nicola\AppData\Local\Microsoft\Feeds Cache\668C04JW
 * C:\Users\Nicola\AppData\Local\Microsoft\Feeds Cache\70H8LHSK
 * C:\Users\Nicola\AppData\Local\Microsoft\Feeds Cache\A0ZI42B6
 * C:\Users\Nicola\AppData\Local\Microsoft\Feeds Cache\A4HDO5HS
 * C:\Users\Nicola\AppData\Local\Microsoft\Feeds Cache\A83L0WMQ
 * C:\Users\Nicola\AppData\Local\Microsoft\Feeds Cache\CLB5YYD5
 * C:\Users\Nicola\AppData\Local\Microsoft\Feeds Cache\CQLW3P5E
 * C:\Users\Nicola\AppData\Local\Microsoft\Feeds Cache\DPXPW617
 * C:\Users\Nicola\AppData\Local\Microsoft\Feeds Cache\E9YO4Y40
 * C:\Users\Nicola\AppData\Local\Microsoft\Feeds Cache\EC0WH67H
 * C:\Users\Nicola\AppData\Local\Microsoft\Feeds Cache\EE7BHXFE
 * C:\Users\Nicola\AppData\Local\Microsoft\Feeds Cache\FUT078TR
 * C:\Users\Nicola\AppData\Local\Microsoft\Feeds Cache\G7BY1V7I
 * C:\Users\Nicola\AppData\Local\Microsoft\Feeds Cache\GOMX7NX2
 * C:\Users\Nicola\AppData\Local\Microsoft\Feeds Cache\GWRTFNZS
 * C:\Users\Nicola\AppData\Local\Microsoft\Feeds Cache\H12AQ9G0
 * C:\Users\Nicola\AppData\Local\Microsoft\Feeds Cache\HDZD5JAV
 * C:\Users\Nicola\AppData\Local\Microsoft\Feeds Cache\IWD24AJ8
 * C:\Users\Nicola\AppData\Local\Microsoft\Feeds Cache\J9HZNOBD
 * C:\Users\Nicola\AppData\Local\Microsoft\Feeds Cache\JF342I58
 * C:\Users\Nicola\AppData\Local\Microsoft\Feeds Cache\KXHTNJRR
 * C:\Users\Nicola\AppData\Local\Microsoft\Feeds Cache\M4NH4EZO
 * C:\Users\Nicola\AppData\Local\Microsoft\Feeds Cache\NJEHM0EV
 * C:\Users\Nicola\AppData\Local\Microsoft\Feeds Cache\O9LWE759
 * C:\Users\Nicola\AppData\Local\Microsoft\Feeds Cache\OJ0V047C
 * C:\Users\Nicola\AppData\Local\Microsoft\Feeds Cache\ON1YB0T1
 * C:\Users\Nicola\AppData\Local\Microsoft\Feeds Cache\P4D11AEB
 * C:\Users\Nicola\AppData\Local\Microsoft\Feeds Cache\Q4ZDCTU5
 * C:\Users\Nicola\AppData\Local\Microsoft\Feeds Cache\QO0PN1EL
 * C:\Users\Nicola\AppData\Local\Microsoft\Feeds Cache\QV0C53VV
 * C:\Users\Nicola\AppData\Local\Microsoft\Feeds Cache\S5F0TVTJ
 * C:\Users\Nicola\AppData\Local\Microsoft\Feeds Cache\VTYV620Y
 * C:\Users\Nicola\AppData\Local\Microsoft\Feeds Cache\W4XJ7B1B
 * C:\Users\Nicola\AppData\Local\Microsoft\Feeds Cache\WFBJGYG9
 * C:\Users\Nicola\AppData\Local\Microsoft\Feeds Cache\XBQ96GPQ
 * C:\Users\Nicola\AppData\Local\Microsoft\Feeds Cache\YTYNW9L1
 * C:\Users\Nicola\AppData\Local\Microsoft\Feeds Cache\ZDK3J2E1
 * C:\Users\Nicola\AppData\Local\Microsoft\Feeds Cache\ZQBWO14A
 * C:\Users\Nicola\AppData\Local\Microsoft\Internet Explorer\DOMStore
 * C:\Users\Nicola\AppData\Local\Microsoft\Internet Explorer\DOMStore\0AAKWSJZ
 * C:\Users\Nicola\AppData\Local\Microsoft\Internet Explorer\DOMStore\23WSD5Z2
 * C:\Users\Nicola\AppData\Local\Microsoft\Internet Explorer\DOMStore\304RB462
 * C:\Users\Nicola\AppData\Local\Microsoft\Internet Explorer\DOMStore\49WWI6ID
 * C:\Users\Nicola\AppData\Local\Microsoft\Internet Explorer\DOMStore\4D51MQ1P
 * C:\Users\Nicola\AppData\Local\Microsoft\Internet Explorer\DOMStore\52HFL8KB
 * C:\Users\Nicola\AppData\Local\Microsoft\Internet Explorer\DOMStore\52ZCJUIW
 * C:\Users\Nicola\AppData\Local\Microsoft\Internet Explorer\DOMStore\5P79E3D3
 * C:\Users\Nicola\AppData\Local\Microsoft\Internet Explorer\DOMStore\B2O080VG
 * C:\Users\Nicola\AppData\Local\Microsoft\Internet Explorer\DOMStore\CD4QARWC
 * C:\Users\Nicola\AppData\Local\Microsoft\Internet Explorer\DOMStore\DN6830PT
 * C:\Users\Nicola\AppData\Local\Microsoft\Internet Explorer\DOMStore\ECNFX0W1
 * C:\Users\Nicola\AppData\Local\Microsoft\Internet Explorer\DOMStore\GMDPIN99
 * C:\Users\Nicola\AppData\Local\Microsoft\Internet Explorer\DOMStore\HN3SAB09
 * C:\Users\Nicola\AppData\Local\Microsoft\Internet Explorer\DOMStore\J0SXEQZ0
 * C:\Users\Nicola\AppData\Local\Microsoft\Internet Explorer\DOMStore\J99PIW80
 * C:\Users\Nicola\AppData\Local\Microsoft\Internet Explorer\DOMStore\JFEO06M7
 * C:\Users\Nicola\AppData\Local\Microsoft\Internet Explorer\DOMStore\JM5QOT8E
 * C:\Users\Nicola\AppData\Local\Microsoft\Internet Explorer\DOMStore\NUX0XIG0
 * C:\Users\Nicola\AppData\Local\Microsoft\Internet Explorer\DOMStore\OEY5SVFO
 * C:\Users\Nicola\AppData\Local\Microsoft\Internet Explorer\DOMStore\PUT9VG5B
 * C:\Users\Nicola\AppData\Local\Microsoft\Internet Explorer\DOMStore\QFFNO184
 * C:\Users\Nicola\AppData\Local\Microsoft\Internet Explorer\DOMStore\SWHDDRMJ
 * C:\Users\Nicola\AppData\Local\Microsoft\Internet Explorer\DOMStore\SXVSE4OI
 * C:\Users\Nicola\AppData\Local\Microsoft\Internet Explorer\DOMStore\SZ5LD8TH
 * C:\Users\Nicola\AppData\Local\Microsoft\Internet Explorer\DOMStore\VUPMF3VF
 * C:\Users\Nicola\AppData\Local\Microsoft\Internet Explorer\DOMStore\Y2P91ZWG
 * C:\Users\Nicola\AppData\Local\Microsoft\Internet Explorer\DOMStore\ZTK34MUS
 * C:\Users\Nicola\AppData\Local\Microsoft\Media Player\Art Cache
 * C:\Users\Nicola\AppData\Local\Microsoft\Windows\AppCache
 * C:\Users\Nicola\AppData\Local\Microsoft\Windows\AppCache\2YC2ZTAI
 * C:\Users\Nicola\AppData\Local\Microsoft\Windows\AppCache\3A9X4W2K
 * C:\Users\Nicola\AppData\Local\Microsoft\Windows\AppCache\3JTUUIV1
 * C:\Users\Nicola\AppData\Local\Microsoft\Windows\AppCache\AI0X9GTW
 * C:\Users\Nicola\AppData\Local\Microsoft\Windows\AppCache\DD23O3TW
 * C:\Users\Nicola\AppData\Local\Microsoft\Windows\AppCache\DVRSE7ZG
 * C:\Users\Nicola\AppData\Local\Microsoft\Windows\AppCache\F342462M
 * C:\Users\Nicola\AppData\Local\Microsoft\Windows\AppCache\M06BD2SF
 * C:\Users\Nicola\AppData\Local\Microsoft\Windows\AppCache\PRLK8XIN
 * C:\Users\Nicola\AppData\Local\Microsoft\Windows\AppCache\VVJPBMGL
 * C:\Users\Nicola\AppData\Local\Microsoft\Windows\Burn\Burn
 * C:\Users\Nicola\AppData\Local\Microsoft\Windows\History
 * C:\Users\Nicola\AppData\Local\Microsoft\Windows\History\History.IE5
 * C:\Users\Nicola\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012013120920131210
 * C:\Users\Nicola\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012013122320131230
 * C:\Users\Nicola\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012013122420131225
 * C:\Users\Nicola\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012013122520131226
 * C:\Users\Nicola\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012013122620131227
 * C:\Users\Nicola\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012013122720131228
 * C:\Users\Nicola\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012013122820131229
 * C:\Users\Nicola\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012013123020131231
 * C:\Users\Nicola\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012013123020140106
 * C:\Users\Nicola\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012013123120140101
 * C:\Users\Nicola\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012014010620140107
 * C:\Users\Nicola\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012014012320140124
 * C:\Users\Nicola\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012014012420140125
 * C:\Users\Nicola\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012014012520140126
 * C:\Users\Nicola\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012014012620140127
 * C:\Users\Nicola\AppData\Local\Microsoft\Windows\History\Low\History.IE5
 * C:\Users\Nicola\AppData\Local\Microsoft\Windows\Temporary Internet Files
 * C:\Users\Nicola\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
 * C:\Users\Nicola\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DLISS263
 * C:\Users\Nicola\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H7ZAO2K9
 * C:\Users\Nicola\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UXW3UABI
 * C:\Users\Nicola\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y010HRB8
 * C:\Users\Nicola\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5
 * C:\Users\Nicola\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized
 * C:\Users\Nicola\AppData\Local\Microsoft\Windows\WebCache
 * C:\Users\Nicola\AppData\Local\Microsoft\Windows\WebCache.old
 * C:\Users\Nicola\AppData\Local\Microsoft\Windows Live\Contacts\Default\15.4\DBStore
 * C:\Users\Nicola\AppData\Local\Microsoft\Windows Live\Contacts\Default\15.4\DBStore\Backup
 * C:\Users\Nicola\AppData\Local\Microsoft\Windows Live\Contacts\Default\15.4\DBStore\LogFiles
 * C:\Users\Nicola\AppData\Local\Microsoft\Windows Live\Contacts\Default\DBStore
 * C:\Users\Nicola\AppData\Local\Microsoft\Windows Live\Contacts\Default\DBStore\LogFiles
 * C:\Users\Nicola\AppData\Local\Microsoft\Windows Live\Contacts\Default\W4CR1\DBStore
 * C:\Users\Nicola\AppData\Local\Microsoft\Windows Live\Contacts\Default\W4CR1\DBStore\LogFiles
 * C:\Users\Nicola\AppData\Local\Microsoft\Windows Live Mail\Calendars\DBStore
 * C:\Users\Nicola\AppData\Local\Microsoft\Windows Live Mail\Calendars\DBStore\Backup
 * C:\Users\Nicola\AppData\Local\Microsoft\Windows Live Mail\Calendars\DBStore\LogFiles
 * C:\Users\Nicola\AppData\Local\Microsoft\Windows NT\DiskQuota
 * C:\Users\Nicola\AppData\Local\Temp\History
 * C:\Users\Nicola\AppData\Local\Temp\History\History.IE5
 * C:\Users\Nicola\AppData\Local\Temp\Temporary Internet Files
 * C:\Users\Nicola\AppData\Local\Temp\Temporary Internet Files\Content.IE5
 * C:\Users\Nicola\AppData\Local\Temp\Temporary Internet Files\Content.IE5\3P833FLN
 * C:\Users\Nicola\AppData\Local\Temp\Temporary Internet Files\Content.IE5\EPZ9K2LP
 * C:\Users\Nicola\AppData\Local\Temp\Temporary Internet Files\Content.IE5\U4RION08
 * C:\Users\Nicola\AppData\Local\Temp\Temporary Internet Files\Content.IE5\XRFUKWBP
 * C:\Users\Nicola\AppData\Local\Temp\~23498wefj
 * C:\Users\Nicola\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore
 * C:\Users\Nicola\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\0E4IOGTZ
 * C:\Users\Nicola\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\13SQVQW9
 * C:\Users\Nicola\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\1XZ6EGT1
 * C:\Users\Nicola\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\29EANCJD
 * C:\Users\Nicola\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\2T560SWF
 * C:\Users\Nicola\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\3FIHAR10
 * C:\Users\Nicola\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\61SGU3K8
 * C:\Users\Nicola\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\6C9A9DM9
 * C:\Users\Nicola\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\6OWZHQQ7
 * C:\Users\Nicola\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\7CEXZ93F
 * C:\Users\Nicola\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\896DO01N
 * C:\Users\Nicola\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\8CTMTKB4
 * C:\Users\Nicola\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\972TYG2W
 * C:\Users\Nicola\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\9X2BVE7I
 * C:\Users\Nicola\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\B5EMN013
 * C:\Users\Nicola\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\COQJDI33
 * C:\Users\Nicola\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\CZPVHRL5
 * C:\Users\Nicola\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\D87B7M8M
 * C:\Users\Nicola\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\ECFPIZU3
 * C:\Users\Nicola\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\ESBALMRF
 * C:\Users\Nicola\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\GKL5J3KW
 * C:\Users\Nicola\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\HZ0EQ7BT
 * C:\Users\Nicola\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\IISN228Y
 * C:\Users\Nicola\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\IXYZYCFW
 * C:\Users\Nicola\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\MSTEAX8Z
 * C:\Users\Nicola\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\N1IOODBE
 * C:\Users\Nicola\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\N8JCV7BO
 * C:\Users\Nicola\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\OA4JYZ9B
 * C:\Users\Nicola\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\R2N38C74
 * C:\Users\Nicola\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\SMU33LAP
 * C:\Users\Nicola\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\TAYDSEPN
 * C:\Users\Nicola\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\UTO6HEAY
 * C:\Users\Nicola\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\V0JR9CLD
 * C:\Users\Nicola\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\WOMITUKJ
 * C:\Users\Nicola\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\X1GWNS5I
 * C:\Users\Nicola\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\XGS3HU55
 * C:\Users\Nicola\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\YGT6R3GU
 * C:\Users\Nicola\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\YHM2MRRV
 * C:\Users\Nicola\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\Z7U215A5
 * C:\Users\Nicola\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\ZHZRDSFS
 * C:\Users\Nicola\AppData\LocalLow\Microsoft\Windows\AppCache
 * C:\Users\Nicola\AppData\LocalLow\Microsoft\Windows\AppCache\53WK3PSG
 * C:\Users\Nicola\AppData\LocalLow\Microsoft\Windows\AppCache\68RSG8QX
 * C:\Users\Nicola\AppData\LocalLow\Microsoft\Windows\AppCache\AUVCZOUA
 * C:\Users\Nicola\AppData\LocalLow\Microsoft\Windows\AppCache\B7A9FY37
 * C:\Users\Nicola\AppData\LocalLow\Microsoft\Windows\AppCache\F9C93KIM
 * C:\Users\Nicola\AppData\LocalLow\Microsoft\Windows\AppCache\IANT8T14
 * C:\Users\Nicola\AppData\LocalLow\Microsoft\Windows\AppCache\IMSMHT68
 * C:\Users\Nicola\AppData\LocalLow\Microsoft\Windows\AppCache\IV36WOXA
 * C:\Users\Nicola\AppData\LocalLow\Microsoft\Windows\AppCache\Q3R2477X
 * C:\Users\Nicola\AppData\LocalLow\Microsoft\Windows\AppCache\WSLWN22D
 * C:\Users\Nicola\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned
 * C:\Users\Nicola\AppData\Roaming\Microsoft\Internet Explorer\UserData
 * C:\Users\Nicola\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\0FZ0Z3UC
 * C:\Users\Nicola\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\26NIYZT5
 * C:\Users\Nicola\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\9VSEY8BW
 * C:\Users\Nicola\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\AJHNKBBT
 * C:\Users\Nicola\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\GWD3SEVM
 * C:\Users\Nicola\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\REA5NU6H
 * C:\Users\Nicola\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\RLRPMOP1
 * C:\Users\Nicola\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\T2896K1L
 * C:\Users\Nicola\AppData\Roaming\Microsoft\Internet Explorer\UserData\PU2BVV3Y
 * C:\Users\Nicola\AppData\Roaming\Microsoft\Internet Explorer\UserData\Q28EUF89
 * C:\Users\Nicola\AppData\Roaming\Microsoft\Internet Explorer\UserData\YA0BS3H3
 * C:\Users\Nicola\AppData\Roaming\Microsoft\Internet Explorer\UserData\YWWDZIZF
 * C:\Users\Nicola\AppData\Roaming\Microsoft\Windows\Cookies
 * C:\Users\Nicola\AppData\Roaming\Microsoft\Windows\DNTException
 * C:\Users\Nicola\AppData\Roaming\Microsoft\Windows\DNTException\Low
 * C:\Users\Nicola\AppData\Roaming\Microsoft\Windows\IECompatCache
 * C:\Users\Nicola\AppData\Roaming\Microsoft\Windows\IECompatCache\Low
 * C:\Users\Nicola\AppData\Roaming\Microsoft\Windows\IECompatUACache
 * C:\Users\Nicola\AppData\Roaming\Microsoft\Windows\IECompatUACache\Low
 * C:\Users\Nicola\AppData\Roaming\Microsoft\Windows\IEDownloadHistory
 * C:\Users\Nicola\AppData\Roaming\Microsoft\Windows\IETldCache
 * C:\Users\Nicola\AppData\Roaming\Microsoft\Windows\IETldCache\Low
 * C:\Users\Nicola\AppData\Roaming\Microsoft\Windows\PrivacIE
 * C:\Users\Nicola\AppData\Roaming\Microsoft\Windows\PrivacIE\Low
 * C:\Users\Public\Desktop
 * C:\Users\Public\Favorites
 * C:\Users\Public\Recorded TV\TempRec\TempSBE
 * C:\Windows\Globalization\MCT
 * C:\Windows\Installer
 * C:\Windows\Installer\$PatchCache$
 * C:\Windows\Installer\$PatchCache$\Managed
 * C:\Windows\Installer\$PatchCache$\Managed\000021599B0090400100000000F01FEC
 * C:\Windows\Installer\$PatchCache$\Managed\000021599B0090400100000000F01FEC\12.0.6015
 * C:\Windows\Installer\$PatchCache$\Managed\00004159070000000000000000F01FEC
 * C:\Windows\Installer\$PatchCache$\Managed\00004159070000000000000000F01FEC\14.0.4763
 * C:\Windows\Installer\$PatchCache$\Managed\032440EF5AC97F34B985A55C2AA8F133
 * C:\Windows\Installer\$PatchCache$\Managed\032440EF5AC97F34B985A55C2AA8F133\15.4.3502
 * C:\Windows\Installer\$PatchCache$\Managed\1007C6B46D7C017319E3B52CF3EC196E\9.0.30729
 * C:\Windows\Installer\$PatchCache$\Managed\3D04254D3B6B9FF42B3445CE3E1E0066
 * C:\Windows\Installer\$PatchCache$\Managed\3D04254D3B6B9FF42B3445CE3E1E0066\15.4.3502
 * C:\Windows\Installer\$PatchCache$\Managed\4314AE291D01A814191EA5403531A183
 * C:\Windows\Installer\$PatchCache$\Managed\4314AE291D01A814191EA5403531A183\15.4.3502
 * C:\Windows\Installer\$PatchCache$\Managed\4A9D4F432C248434EB4F5E358C54947E
 * C:\Windows\Installer\$PatchCache$\Managed\4A9D4F432C248434EB4F5E358C54947E\15.4.3502
 * C:\Windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B
 * C:\Windows\Installer\$PatchCache$\Managed\766F6333940964D4896BC447E3BE5C1B\15.4.3502
 * C:\Windows\Installer\$PatchCache$\Managed\775F634D5961F2D4B844CA679CE90020
 * C:\Windows\Installer\$PatchCache$\Managed\775F634D5961F2D4B844CA679CE90020\15.4.3502
 * C:\Windows\Installer\$PatchCache$\Managed\7F80AB91827CC964A853FBDB6333EB80
 * C:\Windows\Installer\$PatchCache$\Managed\7F80AB91827CC964A853FBDB6333EB80\15.4.3502
 * C:\Windows\Installer\$PatchCache$\Managed\B6ACDB9A3563B764CA384963D73AFB3E
 * C:\Windows\Installer\$PatchCache$\Managed\B6ACDB9A3563B764CA384963D73AFB3E\15.4.3502
 * C:\Windows\Installer\$PatchCache$\Managed\C173E5AD3336A8D3394AF65D2BB0CCE6
 * C:\Windows\Installer\$PatchCache$\Managed\C173E5AD3336A8D3394AF65D2BB0CCE6\10.0.30319
 * C:\Windows\Installer\$PatchCache$\Managed\C28643E881181F13CBC489DC69571E2C\4.0.30319
 * C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B
 * C:\Windows\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319
 * C:\Windows\Installer\$PatchCache$\Managed\E97A59ECCF4EFFF4A857920FB449F22F
 * C:\Windows\Installer\$PatchCache$\Managed\E97A59ECCF4EFFF4A857920FB449F22F\15.4.3502
 * C:\Windows\Installer\$PatchCache$\Managed\EFEE0228DC83E77358593193D847A0EC
 * C:\Windows\Installer\$PatchCache$\Managed\EFEE0228DC83E77358593193D847A0EC\9.0.30729
 * C:\Windows\Installer\$PatchCache$\Managed\F132F0B0A6ECD384AA32773B467F9571
 * C:\Windows\Installer\$PatchCache$\Managed\F132F0B0A6ECD384AA32773B467F9571\15.4.3502
 * C:\Windows\Installer\$PatchCache$\Managed\F4E3B286A696ED244AC1C470AE61874B
 * C:\Windows\Installer\$PatchCache$\Managed\F4E3B286A696ED244AC1C470AE61874B\15.4.3502
 * C:\Windows\Installer\$PatchCache$\Managed\F4EF34AC2FF97DA4880FCCB3CA712B62
 * C:\Windows\Installer\$PatchCache$\Managed\F4EF34AC2FF97DA4880FCCB3CA712B62\6.0.5
 * C:\Windows\msdownld.tmp
 * C:\Windows\ServiceProfiles\LocalService\AppData
 * C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies
 * C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\History
 * C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5
 * C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files
 * C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5
 * C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\1ZTPZOBZ
 * C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\HACASDUG
 * C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\LEX31HEM
 * C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\OBWU9XVB
 * C:\Windows\ServiceProfiles\NetworkService\AppData
 * C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Media Player\Art Cache
 * C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History
 * C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5
 * C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files
 * C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
 * C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M
 * C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5
 * C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5
 * C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA
 * C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies
 * C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History
 * C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5
 * C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files
 * C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
 * C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M
 * C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5
 * C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5
 * C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA
 * C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies
 * C:\Windows\winsxs\Temp\PendingDeletes

Finished scanning the C:\ drive. 329 hidden items found.

Scanning the D:\ drive

 * D:\$RECYCLE.BIN\S-1-5-18
 * D:\$RECYCLE.BIN\S-1-5-21-1551403403-997359160-2161683577-1001

Finished scanning the D:\ drive. 2 hidden items found.

Scanning the E:\ drive

 * E:\$RECYCLE.BIN

Finished scanning the E:\ drive. 1 hidden items found.

Program finished at: 01/26/2014 05:25:32 PM
Execution time: 0 hours(s), 0 minute(s), and 37 seconds(s)
 

 



#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:11:15 PM

Posted 26 January 2014 - 05:23 PM

This is not what I asked for.

Farbar Recovery Scan Tool is not allowed in this forum.

Please edit your post and remove the log.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users