Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

IE9 cant display page/dropouts/looped/WLM.Errors/AV pauses [Solved]

Started by NoobMel , Mar 08 2012 07:17 PM

  • This topic is locked This topic is locked

#1
NoobMel
Posted 08 March 2012 - 07:17 PM

NoobMel

    Member

  • Member
  • PipPip
  • 38 posts
Hi Geeks To Go,
I think I have a virus/malware/infection of some sort. I get a lot of IE9 cant display web page/drop outs and occasional redirects, Im often caught in loops on pages and I even get taken back to the beginning of pages (just happened, got taken back to this box after typing it all and it was empty) This is my second try at submitting this post. In Windows Live Mail I only sign into my POP3 acct and I'm getting alot of different errors and lose all my old contacts when this happens and can only get them back by signing into WLM & exporting them. Optus wireless broadband regularly drops out, when I go to reconnect it says its connected. Optus disconnect & reconnected my service yesterday and things were a bit better with IE9 for about 3 hrs then back to page drop outs etc. I tried Eset on line scanner but it keep pausing on individual files for 10-15min. I have trouble updating my AVG and Windows (I often have to use the microsoft fix it tool, sometimes it wont do anything when I click it, I just get looped) Start up is not too bad but shutdown takes at least 1min 40 sec. I run Regzooka every day and have no less than 100 registry errors. I have also run Erunt,OTL,OTM and TDSkiller,as per malware removal guide, things seem almost better but only for a day.Please help. I have included my OTL
Thanks,NoobMel
Attached File  OTL today.txt   108.74KB   99 downloads

OTL logfile created on: 3/9/2012 10:32:32 AM - Run 5
OTL by OldTimer - Version 3.2.35.1 Folder = C:\Users\Melinda\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.86 Gb Total Physical Memory | 2.36 Gb Available Physical Memory | 61.22% Memory free
7.71 Gb Paging File | 6.06 Gb Available in Paging File | 78.67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.38 Gb Total Space | 382.24 Gb Free Space | 84.49% Space Free | Partition Type: NTFS
Drive D: | 13.08 Gb Total Space | 1.73 Gb Free Space | 13.23% Space Free | Partition Type: NTFS
Drive G: | 21.46 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MELINDA-HP | User Name: Melinda | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Melinda\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe ()
PRC - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
PRC - C:\Program Files (x86)\Optus Mobile Broadband\Optus Mobile Broadband.exe ()
PRC - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgfws.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG PC Tuneup\BoostSpeed.exe (AVG)
PRC - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Security Task Manager\SpyProtector.exe (Neuber Software - www.neuber.com)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
PRC - C:\Program Files (x86)\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll ()
MOD - C:\Program Files (x86)\Optus Mobile Broadband\Optus Mobile Broadband.exe ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\31fce331fded94dd06627603f6fe4562\Accessibility.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\AVG\AVG PC Tuneup\madExcept_.bpl ()
MOD - C:\Program Files (x86)\AVG\AVG PC Tuneup\madBasic_.bpl ()
MOD - C:\Program Files (x86)\AVG\AVG PC Tuneup\madDisAsm_.bpl ()
MOD - C:\Program Files (x86)\Optus Mobile Broadband\SMSPlugin.dll ()
MOD - C:\Program Files (x86)\Optus Mobile Broadband\atcomm.dll ()
MOD - C:\Program Files (x86)\Optus Mobile Broadband\DetectDev.dll ()
MOD - C:\Program Files (x86)\Optus Mobile Broadband\LocaleMgrPlugin.dll ()
MOD - C:\Program Files (x86)\Optus Mobile Broadband\FileManager.dll ()
MOD - C:\Program Files (x86)\Optus Mobile Broadband\DialUpPlugin.dll ()
MOD - C:\Program Files (x86)\Optus Mobile Broadband\XCodec.dll ()
MOD - C:\Program Files (x86)\Optus Mobile Broadband\DeviceOperate.dll ()
MOD - C:\Program Files (x86)\Optus Mobile Broadband\ConfigFilePlugin.dll ()
MOD - C:\Program Files (x86)\Optus Mobile Broadband\NotifyServicePlugin.dll ()
MOD - C:\Program Files (x86)\Optus Mobile Broadband\isaputrace.dll ()
MOD - C:\Program Files (x86)\Optus Mobile Broadband\NetInfoPlugin.dll ()
MOD - C:\Program Files (x86)\Optus Mobile Broadband\NDISAPI.dll ()
MOD - C:\Program Files (x86)\Optus Mobile Broadband\DeviceMgrUIPlugin.dll ()
MOD - C:\Program Files (x86)\Optus Mobile Broadband\DeviceMgrPlugin.dll ()
MOD - C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (HPClientSvc) -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company)
SRV:64bit: - (AERTFilters) -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (vToolbarUpdater) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe ()
SRV - (IconMan_R) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (avgfws) -- C:\Program Files (x86)\AVG\AVG2012\avgfws.exe (AVG Technologies CZ, s.r.o.)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (UNS) Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (WAS) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (BrYNSvc) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (RSPCIESTOR) -- C:\Windows\SysNative\drivers\RtsPStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (mbamchameleon) -- C:\Windows\SysNative\drivers\mbamchameleon.sys ()
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSEH) -- C:\Windows\SysNative\drivers\AVGIDSEH.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (RTL8192Ce) -- C:\Windows\SysNative\drivers\rtl8192ce.sys (Realtek Semiconductor Corporation )
DRV:64bit: - (Avgfwfd) -- C:\Windows\SysNative\drivers\avgfwd6a.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (MEIx64) Intel® -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (huawei_enumerator) -- C:\Windows\SysNative\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (ewusbnet) -- C:\Windows\SysNative\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (ew_hwusbdev) -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (DrvAgent64) -- C:\Windows\SysWOW64\drivers\DrvAgent64.SYS (Phoenix Technologies)
DRV - (dfg) -- C:\Windows\SysWOW64\drivers\dfg.sys (defrag Development Team)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.jp.msn.com/CQALL/13
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/we...&l=dis&o=CPNTDF
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://au.search.yah...psg&type=CPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/we...&l=dis&o=CPNTDF
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://au.search.yah...psg&type=CPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKCU\..\SearchScopes,DefaultScope = {9907022F-A16F-41DD-A63A-755908A97C5E}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekko.com/?s...q={searchTerms}
IE - HKCU\..\SearchScopes\{9907022F-A16F-41DD-A63A-755908A97C5E}: "URL" = http://www.google.co...age={startPage}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/02/05 14:38:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\10.0.0.7\ [2012/02/24 13:58:55 | 000,000,000 | ---D | M]

[2011/12/28 19:44:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/12/03 16:38:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/12/20 14:16:49 | 000,003,747 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml

O1 HOSTS File: ([2012/03/09 00:29:07 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [Spy Protector] C:\Program Files (x86)\Security Task Manager\SpyProtector.exe (Neuber Software - www.neuber.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O8:64bit: - Extra context menu item: &ieSpell Options - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Check &Spelling - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O8:64bit: - Extra context menu item: Lookup on Merriam Webster - C:\Program Files (x86)\ieSpell\Merriam Webster.HTM ()
O8:64bit: - Extra context menu item: Lookup on Wikipedia - C:\Program Files (x86)\ieSpell\wikipedia.HTM ()
O8 - Extra context menu item: &ieSpell Options - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Check &Spelling - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files (x86)\ieSpell\Merriam Webster.HTM ()
O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files (x86)\ieSpell\wikipedia.HTM ()
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bit...m/qsax/qsax.cab (BitDefender QuickScan Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{808E4596-7271-40D6-A6BF-AD9AC7592073}: DhcpNameServer = 139.130.4.4 203.50.2.71
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8A544915-7F61-4BD1-8295-56A667F32833}: NameServer = 198.142.0.51 61.88.88.88
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\gopher - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll ()
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/11/17 11:07:38 | 000,142,336 | R--- | M] () - G:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2010/06/06 19:02:18 | 000,000,045 | R--- | M] () - G:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/09 09:53:47 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{C402E922-BA58-474C-9A11-5497398D2ABB}
[2012/03/09 09:53:36 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{F722EFDE-8244-4A62-9795-1BEABE5B2B69}
[2012/03/08 23:44:41 | 005,650,384 | ---- | C] (ZookaWare) -- C:\Users\Melinda\Desktop\RegZooka.exe
[2012/03/08 21:02:40 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{92426E5F-1124-47B0-A326-5A8730AC2AB6}
[2012/03/08 21:02:26 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{57E6E48F-CF5B-4245-949A-21B2CA120AB4}
[2012/03/08 18:53:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2012/03/08 09:01:58 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{257FD2D9-35E1-4D46-8E76-EA8C6671FB4A}
[2012/03/08 09:01:47 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{D668B82E-4CEF-4346-87E0-2401AF25A883}
[2012/03/08 09:00:09 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{0811BBBD-47E6-48F1-AF72-034BE9F2A316}
[2012/03/08 08:59:18 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{6A5495FF-F8FE-470D-9B60-C2A129DAF25A}
[2012/03/07 11:39:26 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{CDAF7103-32CF-42B4-965D-9BE02FAFF275}
[2012/03/07 11:39:15 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{55F7CAA0-B28D-4FE4-9CBE-6BC0CAC4C0D4}
[2012/03/06 23:38:47 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{E3470C59-9255-4619-8F80-F6FB9E2BDEE7}
[2012/03/06 23:38:29 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{365B430B-863D-4DB5-A857-D3AA46A05D55}
[2012/03/06 17:40:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
[2012/03/06 11:38:02 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{FE666845-0C2A-4B8C-8433-77717CC80AC9}
[2012/03/06 11:37:51 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{D257974D-26E3-4509-B231-4D631906D321}
[2012/03/05 18:27:15 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{DD4CBA2F-0A2F-4A90-A313-844F8DDDED2D}
[2012/03/05 18:27:03 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{27B148E7-F144-4CBD-BB5A-9288CB325EBB}
[2012/03/05 14:28:16 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/03/05 14:18:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/03/05 14:12:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012/03/05 13:37:53 | 000,000,000 | ---D | C] -- C:\Users\Melinda\Desktop\tdsskiller 1
[2012/03/05 12:16:46 | 000,584,704 | ---- | C] (OldTimer Tools) -- C:\Users\Melinda\Desktop\OTL.exe
[2012/03/05 10:37:47 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{4B6876B6-308B-40A2-847D-96D3E0E8C600}
[2012/03/04 14:42:34 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{77E2FB96-EA72-4573-A7C8-1BA89AA32086}
[2012/03/04 14:42:21 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{235D0258-4EFF-43C2-9331-9E837AE20543}
[2012/03/04 10:24:29 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{5ECD4915-7A2A-428A-B031-9D13B34F3573}
[2012/03/03 11:14:42 | 000,000,000 | ---D | C] -- C:\Users\Melinda\Desktop\equake3d
[2012/03/03 10:33:51 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{8C6355C3-F161-414D-9E86-8102414D0A0F}
[2012/03/03 10:33:39 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{C536FD0F-EF71-42FA-964F-E65B05FABC27}
[2012/03/02 22:33:12 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{179E95D5-86DD-412A-9C83-2F47485F27C4}
[2012/03/02 22:32:59 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{B1A16406-A391-489C-9FFE-B4B963DC8EC6}
[2012/03/02 10:32:32 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{E38677B8-16B8-4B65-B1E2-C61016F79045}
[2012/03/02 10:32:18 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{1AB1A71D-F7FF-4968-8397-58264C9E22D2}
[2012/03/01 11:10:26 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{E2F6CF50-0A88-4CC3-9251-0045AA001CB5}
[2012/03/01 11:10:10 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{5ED5BC0E-42FC-4BBC-94CA-4EE4B5F4220C}
[2012/02/29 20:23:35 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{646C1CD0-AD93-447D-A1AC-34B7550F1B04}
[2012/02/29 20:23:18 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{8EB176D6-BF9D-48FE-86FE-965CC94E8EDC}
[2012/02/29 19:13:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda Security
[2012/02/29 08:22:45 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{7A16235F-28DA-4ED1-B5A6-B447CBC943BE}
[2012/02/29 08:22:27 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{0FDFC69C-B7E1-424A-9C15-02D71884E8D5}
[2012/02/28 11:35:18 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{D6305987-BADE-4E41-8176-79D9CF8DAE17}
[2012/02/28 11:35:00 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{5BED19A1-A056-4B25-B521-11F38CCED2A3}
[2012/02/27 09:33:48 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{6B2C0377-6EB9-42C5-B43B-5138AFD4A8DC}
[2012/02/27 09:33:35 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{4B9863F2-A5B1-45A3-BB04-9FAE8B208777}
[2012/02/26 21:55:51 | 000,000,000 | ---D | C] -- C:\ProgramData\MusicStation
[2012/02/26 21:55:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MusicStation
[2012/02/26 21:55:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2012/02/26 21:55:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2012/02/26 21:55:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2012/02/26 15:11:18 | 001,640,400 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll0255.old
[2012/02/26 15:11:18 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll0255.old
[2012/02/26 15:01:52 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/02/26 14:53:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spyware Doctor
[2012/02/26 14:52:46 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\blekkotb
[2012/02/26 14:34:44 | 000,000,000 | ---D | C] -- C:\ProgramData\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
[2012/02/26 14:10:17 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\PackageAware
[2012/02/26 13:49:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager
[2012/02/26 13:49:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Security Task Manager
[2012/02/26 12:15:00 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{8A9022B6-35F2-4A14-A38E-A5171529D45E}
[2012/02/26 12:14:47 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{47F36EE9-811D-4B40-9A4D-7D08BC6C6ACD}
[2012/02/25 13:28:13 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{8F3CA914-3EB2-46D2-96B0-F84F1DD70849}
[2012/02/25 13:28:00 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{9FBD3079-0AD7-4756-AA69-AB25BAAE8969}
[2012/02/24 23:29:56 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{BD4A7EFF-55ED-46D9-A565-7200F4FC580D}
[2012/02/24 23:29:43 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{29BAA61E-873C-43DD-AEBD-4ACD7500DE70}
[2012/02/24 17:15:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free YouTube Downloader
[2012/02/24 17:15:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free YouTube Downloader
[2012/02/24 17:06:52 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\TempDIR
[2012/02/24 09:11:04 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{18573A8F-A672-4253-ADF3-9863112B7F34}
[2012/02/24 09:10:52 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{D8925F3F-3B25-4751-8E9F-43614E409A6E}
[2012/02/23 19:32:27 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Roaming\RegZooka
[2012/02/23 13:57:17 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{699EA9CD-22FD-469E-B13B-9DE7AB676268}
[2012/02/23 13:57:04 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{00B4FF27-DF7A-4BDC-9043-64332043CB6C}
[2012/02/22 13:29:07 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{6D94C375-1761-40D5-9D45-8875CA506471}
[2012/02/22 13:28:54 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{4324BA1C-0CE9-45F8-8A7B-2AA9DE54629B}
[2012/02/22 13:10:54 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012/02/22 13:10:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2012/02/22 13:10:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
[2012/02/21 19:45:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ieSpell
[2012/02/21 12:36:45 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{963E04B7-D5B8-4510-A9B7-25D4DC8777C6}
[2012/02/21 12:36:33 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{FBF94B8A-0762-408C-8D20-C5D4486E5668}
[2012/02/20 13:00:44 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{2F31F851-C3A9-42F6-8C02-5E534256C585}
[2012/02/20 13:00:31 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{CC6EBAAD-E13B-4CF5-89E9-19B49C15403F}
[2012/02/20 12:02:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/02/19 10:11:13 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{1850DD9B-5D9E-4C59-A522-4409E50BD7ED}
[2012/02/19 10:10:34 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{C591CD94-6404-49BC-976B-A9B0D7893255}
[2012/02/18 14:36:34 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{A6110E3E-48E2-4B13-907C-29F9D0B1AC9C}
[2012/02/18 14:36:20 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{447E2B99-A8B7-43DF-9DEC-7C947FB70AD0}
[2012/02/17 12:11:26 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{E38477BD-47FA-4013-AEF7-34950A36F875}
[2012/02/17 12:11:13 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{85598587-4617-44FF-9805-A2755E2E6FF3}
[2012/02/12 22:23:58 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RegZooka
[2012/02/12 22:23:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RegZooka
[2012/02/12 21:10:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup
[2012/02/12 20:59:38 | 008,351,256 | ---- | C] (AVG ) -- C:\Users\Melinda\Desktop\avg_pct_stf_all_10_27.exe
[2012/02/12 19:47:22 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{CF68B384-58C8-4AF2-8F4F-B11A84844412}
[2012/02/12 19:47:10 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{CF8E12B8-CC50-4B0A-AD44-8FC2D308A089}
[2012/02/10 23:31:32 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{E2D88596-B333-48BF-921C-F68017EB3E31}
[2012/02/10 23:31:18 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{7789A5CD-2D6B-4AF3-BDDC-472E8AE0F612}
[2012/02/08 22:18:29 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{74284BDD-B4BF-4D60-8324-C6905ED65368}
[2012/02/08 22:18:17 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{8CD19904-9F8E-4774-8886-52432678B33F}

========== Files - Modified Within 30 Days ==========

[2012/03/09 09:56:01 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/09 09:51:19 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/09 09:51:19 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/09 09:44:46 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/09 09:43:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/09 09:43:40 | 3104,722,944 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/09 00:29:07 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/03/08 23:45:31 | 000,000,957 | ---- | M] () -- C:\Users\Melinda\Desktop\RegZooka.lnk
[2012/03/08 23:45:18 | 005,650,384 | ---- | M] (ZookaWare) -- C:\Users\Melinda\Desktop\RegZooka.exe
[2012/03/08 23:42:59 | 000,002,016 | -H-- | M] () -- C:\Users\Melinda\Documents\Default.rdp
[2012/03/08 23:42:33 | 091,119,021 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/03/08 13:17:50 | 000,763,422 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/08 13:17:50 | 000,657,378 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/08 13:17:50 | 000,118,576 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/03/07 11:55:27 | 000,001,555 | ---- | M] () -- C:\Users\Melinda\Documents\Did you get this.eml
[2012/03/07 10:30:56 | 000,002,414 | ---- | M] () -- C:\Users\Melinda\Documents\Contacts.csv
[2012/03/06 10:26:27 | 000,622,359 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavifw.avm
[2012/03/05 13:36:58 | 002,044,252 | ---- | M] () -- C:\Users\Melinda\Desktop\tdsskiller 1.zip
[2012/03/05 12:16:47 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\Melinda\Desktop\OTL.exe
[2012/03/03 13:14:24 | 000,540,162 | ---- | M] () -- C:\Users\Melinda\Desktop\MindSurgePop.pdf
[2012/02/29 22:26:58 | 000,001,029 | ---- | M] () -- C:\Users\Melinda\Desktop\Reliance 3G.lnk
[2012/02/27 18:17:45 | 000,029,472 | ---- | M] () -- C:\Users\Melinda\Documents\Veda.pdf
[2012/02/26 21:58:14 | 000,001,171 | ---- | M] () -- C:\Users\Melinda\Desktop\Optus Mobile Broadband.lnk
[2012/02/26 21:58:14 | 000,000,291 | ---- | M] () -- C:\Windows\SysWow64\MsiExec.config
[2012/02/26 21:55:57 | 000,000,243 | ---- | M] () -- C:\ProgramData\MusicStation.xml
[2012/02/26 21:55:52 | 000,000,903 | ---- | M] () -- C:\Users\Melinda\Application Data\Microsoft\Internet Explorer\Quick Launch\MusicStation.lnk
[2012/02/26 21:54:31 | 000,001,798 | ---- | M] () -- C:\Users\Melinda\Desktop\MusicStation - Shortcut.lnk
[2012/02/26 21:51:34 | 000,001,556 | ---- | M] () -- C:\Users\Melinda\Desktop\mbam - Shortcut.lnk
[2012/02/26 21:30:40 | 000,001,460 | ---- | M] () -- C:\Users\Melinda\Desktop\avgui - Shortcut.lnk
[2012/02/26 15:32:56 | 001,462,592 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/02/26 13:53:33 | 000,650,538 | ---- | M] () -- C:\Users\Melinda\Desktop\SecurityTaskManager_Manual.pdf
[2012/02/25 19:43:43 | 000,001,542 | ---- | M] () -- C:\Users\Melinda\Desktop\TaskMan - Shortcut.lnk
[2012/02/25 18:59:19 | 002,086,240 | ---- | M] () -- C:\Users\Melinda\Desktop\SecurityTaskManager_Setup.exe
[2012/02/24 17:15:41 | 000,002,093 | ---- | M] () -- C:\Users\Melinda\Application Data\Microsoft\Internet Explorer\Quick Launch\Free YouTube Downloader.lnk
[2012/02/24 16:38:31 | 000,000,123 | ---- | M] () -- C:\Users\Melinda\Desktop\Microsoft Fix it.url
[2012/02/24 09:15:54 | 001,356,320 | ---- | M] () -- C:\Users\Melinda\Desktop\WordsofWisdomCalendar.pdf
[2012/02/24 09:15:17 | 001,191,491 | ---- | M] () -- C:\Users\Melinda\Desktop\GoodVibrations.pdf
[2012/02/24 09:14:50 | 000,727,340 | ---- | M] () -- C:\Users\Melinda\Desktop\ConsciousnessEvolution.pdf
[2012/02/22 13:39:33 | 000,324,377 | ---- | M] () -- C:\Users\Melinda\Desktop\3.Relationships.pdf
[2012/02/22 13:37:39 | 000,198,909 | ---- | M] () -- C:\Users\Melinda\Desktop\2.Power.pdf
[2012/02/22 13:37:10 | 000,211,354 | ---- | M] () -- C:\Users\Melinda\Desktop\1.Money.pdf
[2012/02/21 23:16:05 | 001,147,854 | ---- | M] () -- C:\Users\Melinda\Desktop\equake3d.zip
[2012/02/21 17:19:10 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/02/21 17:19:07 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012/02/20 23:45:14 | 192,324,644 | ---- | M] () -- C:\Users\Melinda\Desktop\guyfinley-sevensteps.zip
[2012/02/20 23:15:09 | 000,394,379 | ---- | M] () -- C:\Users\Melinda\Desktop\ThePowerPart2[1].pdf
[2012/02/20 20:29:15 | 002,075,864 | ---- | M] () -- C:\Users\Melinda\Desktop\Read This[1].pdf
[2012/02/20 18:58:55 | 070,433,991 | ---- | M] () -- C:\Users\Melinda\Desktop\blue-sciatica.mp3
[2012/02/20 18:49:46 | 000,235,764 | ---- | M] () -- C:\Users\Melinda\Desktop\sleeplikeababyreport.pdf
[2012/02/20 18:40:21 | 009,186,449 | ---- | M] () -- C:\Users\Melinda\Desktop\Formerly Illegal Treatment Reverses Pain in Minutes.mp3
[2012/02/20 18:19:43 | 008,330,656 | ---- | M] () -- C:\Users\Melinda\Desktop\Prolozone Therapy, Powerful Cure for Pain.mp3
[2012/02/20 18:17:48 | 002,275,936 | ---- | M] () -- C:\Users\Melinda\Desktop\Turbulence-Training-Fat-Loss-Beginner-Programs.pdf
[2012/02/20 18:02:19 | 001,007,901 | ---- | M] () -- C:\Users\Melinda\Desktop\Foods that kill fat.pdf
[2012/02/20 18:01:44 | 001,220,548 | ---- | M] () -- C:\Users\Melinda\Desktop\Stretching_Tips.pdf
[2012/02/20 17:57:00 | 000,029,769 | ---- | M] () -- C:\Users\Melinda\Desktop\freepilatesdvd.htm
[2012/02/20 17:37:28 | 006,093,330 | ---- | M] () -- C:\Users\Melinda\Desktop\BeyondDietMainProduct.zip
[2012/02/18 23:40:04 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForMelinda.job
[2012/02/17 13:00:23 | 000,003,584 | ---- | M] () -- C:\Users\Melinda\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/17 11:33:45 | 000,274,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/02/17 11:25:11 | 000,771,342 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/02/12 21:10:06 | 000,001,136 | ---- | M] () -- C:\Users\Melinda\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup.lnk
[2012/02/12 21:10:06 | 000,001,112 | ---- | M] () -- C:\Users\Melinda\Desktop\AVG PC Tuneup.lnk
[2012/02/12 20:59:38 | 008,351,256 | ---- | M] (AVG ) -- C:\Users\Melinda\Desktop\avg_pct_stf_all_10_27.exe
[2012/02/10 23:58:52 | 000,452,069 | ---- | M] () -- C:\Users\Melinda\Desktop\MessagesFromTheFuture.pdf
[2012/02/08 23:06:46 | 000,003,780 | ---- | M] () -- C:\Users\Melinda\Documents\Resident Shield scan.csv
[2012/02/08 22:13:54 | 000,025,160 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro36.sys

========== Files Created - No Company Name ==========

[2012/03/08 23:45:31 | 000,000,957 | ---- | C] () -- C:\Users\Melinda\Desktop\RegZooka.lnk
[2012/03/08 18:51:45 | 000,000,900 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/08 18:51:44 | 000,000,896 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/07 11:55:26 | 000,001,555 | ---- | C] () -- C:\Users\Melinda\Documents\Did you get this.eml
[2012/03/07 10:30:55 | 000,002,414 | ---- | C] () -- C:\Users\Melinda\Documents\Contacts.csv
[2012/03/05 13:36:42 | 002,044,252 | ---- | C] () -- C:\Users\Melinda\Desktop\tdsskiller 1.zip
[2012/03/03 13:13:29 | 000,540,162 | ---- | C] () -- C:\Users\Melinda\Desktop\MindSurgePop.pdf
[2012/02/29 22:26:58 | 000,001,029 | ---- | C] () -- C:\Users\Melinda\Desktop\Reliance 3G.lnk
[2012/02/27 18:17:45 | 000,029,472 | ---- | C] () -- C:\Users\Melinda\Documents\Veda.pdf
[2012/02/26 21:58:14 | 000,001,171 | ---- | C] () -- C:\Users\Melinda\Desktop\Optus Mobile Broadband.lnk
[2012/02/26 21:55:57 | 000,000,243 | ---- | C] () -- C:\ProgramData\MusicStation.xml
[2012/02/26 21:55:54 | 000,000,291 | ---- | C] () -- C:\Windows\SysWow64\MsiExec.config
[2012/02/26 21:55:52 | 000,000,903 | ---- | C] () -- C:\Users\Melinda\Application Data\Microsoft\Internet Explorer\Quick Launch\MusicStation.lnk
[2012/02/26 21:54:31 | 000,001,798 | ---- | C] () -- C:\Users\Melinda\Desktop\MusicStation - Shortcut.lnk
[2012/02/26 21:51:34 | 000,001,556 | ---- | C] () -- C:\Users\Melinda\Desktop\mbam - Shortcut.lnk
[2012/02/26 21:30:40 | 000,001,460 | ---- | C] () -- C:\Users\Melinda\Desktop\avgui - Shortcut.lnk
[2012/02/26 15:32:49 | 001,462,592 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/02/26 15:11:18 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll0255.old
[2012/02/26 13:53:33 | 000,650,538 | ---- | C] () -- C:\Users\Melinda\Desktop\SecurityTaskManager_Manual.pdf
[2012/02/25 19:43:43 | 000,001,542 | ---- | C] () -- C:\Users\Melinda\Desktop\TaskMan - Shortcut.lnk
[2012/02/25 18:58:31 | 002,086,240 | ---- | C] () -- C:\Users\Melinda\Desktop\SecurityTaskManager_Setup.exe
[2012/02/24 17:15:41 | 000,002,093 | ---- | C] () -- C:\Users\Melinda\Application Data\Microsoft\Internet Explorer\Quick Launch\Free YouTube Downloader.lnk
[2012/02/24 16:38:31 | 000,000,123 | ---- | C] () -- C:\Users\Melinda\Desktop\Microsoft Fix it.url
[2012/02/24 09:15:40 | 001,356,320 | ---- | C] () -- C:\Users\Melinda\Desktop\WordsofWisdomCalendar.pdf
[2012/02/24 09:15:03 | 001,191,491 | ---- | C] () -- C:\Users\Melinda\Desktop\GoodVibrations.pdf
[2012/02/24 09:14:48 | 000,727,340 | ---- | C] () -- C:\Users\Melinda\Desktop\ConsciousnessEvolution.pdf
[2012/02/22 13:39:33 | 000,324,377 | ---- | C] () -- C:\Users\Melinda\Desktop\3.Relationships.pdf
[2012/02/22 13:37:39 | 000,198,909 | ---- | C] () -- C:\Users\Melinda\Desktop\2.Power.pdf
[2012/02/22 13:37:10 | 000,211,354 | ---- | C] () -- C:\Users\Melinda\Desktop\1.Money.pdf
[2012/02/21 23:15:59 | 001,147,854 | ---- | C] () -- C:\Users\Melinda\Desktop\equake3d.zip
[2012/02/21 17:19:10 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/02/21 17:19:07 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012/02/20 23:45:14 | 192,324,644 | ---- | C] () -- C:\Users\Melinda\Desktop\guyfinley-sevensteps.zip
[2012/02/20 23:15:08 | 000,394,379 | ---- | C] () -- C:\Users\Melinda\Desktop\ThePowerPart2[1].pdf
[2012/02/20 20:29:15 | 002,075,864 | ---- | C] () -- C:\Users\Melinda\Desktop\Read This[1].pdf
[2012/02/20 18:58:55 | 070,433,991 | ---- | C] () -- C:\Users\Melinda\Desktop\blue-sciatica.mp3
[2012/02/20 18:49:46 | 000,235,764 | ---- | C] () -- C:\Users\Melinda\Desktop\sleeplikeababyreport.pdf
[2012/02/20 18:40:21 | 009,186,449 | ---- | C] () -- C:\Users\Melinda\Desktop\Formerly Illegal Treatment Reverses Pain in Minutes.mp3
[2012/02/20 18:19:43 | 008,330,656 | ---- | C] () -- C:\Users\Melinda\Desktop\Prolozone Therapy, Powerful Cure for Pain.mp3
[2012/02/20 18:17:48 | 002,275,936 | ---- | C] () -- C:\Users\Melinda\Desktop\Turbulence-Training-Fat-Loss-Beginner-Programs.pdf
[2012/02/20 18:02:19 | 001,007,901 | ---- | C] () -- C:\Users\Melinda\Desktop\Foods that kill fat.pdf
[2012/02/20 18:01:44 | 001,220,548 | ---- | C] () -- C:\Users\Melinda\Desktop\Stretching_Tips.pdf
[2012/02/20 17:57:00 | 000,029,769 | ---- | C] () -- C:\Users\Melinda\Desktop\freepilatesdvd.htm
[2012/02/20 17:37:28 | 006,093,330 | ---- | C] () -- C:\Users\Melinda\Desktop\BeyondDietMainProduct.zip
[2012/02/17 13:00:22 | 000,003,584 | ---- | C] () -- C:\Users\Melinda\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/12 21:10:06 | 000,001,136 | ---- | C] () -- C:\Users\Melinda\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup.lnk
[2012/02/12 21:10:06 | 000,001,112 | ---- | C] () -- C:\Users\Melinda\Desktop\AVG PC Tuneup.lnk
[2012/02/10 23:58:50 | 000,452,069 | ---- | C] () -- C:\Users\Melinda\Desktop\MessagesFromTheFuture.pdf
[2012/02/08 23:06:46 | 000,003,780 | ---- | C] () -- C:\Users\Melinda\Documents\Resident Shield scan.csv
[2012/02/03 23:36:54 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/02/03 23:36:54 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/02/03 23:36:54 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/02/03 23:36:54 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/02/03 23:36:54 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/01 19:20:00 | 000,000,000 | ---- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2012/01/01 19:19:42 | 000,000,000 | ---- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2011/12/27 21:08:35 | 000,007,610 | ---- | C] () -- C:\Users\Melinda\AppData\Local\Resmon.ResmonCfg
[2011/12/10 14:14:27 | 000,771,342 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/12/10 11:06:33 | 000,001,854 | ---- | C] () -- C:\Users\Melinda\AppData\Roaming\GhostObjGAFix.xml
[2011/12/02 21:39:54 | 000,102,912 | ---- | C] () -- C:\Windows\SysWow64\EasyHook64.dll
[2011/12/02 21:39:54 | 000,084,480 | ---- | C] () -- C:\Windows\SysWow64\EasyHook32.dll
[2011/11/30 21:41:00 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/11/30 17:44:26 | 000,000,268 | RH-- | C] () -- C:\Users\Melinda\AppData\Roaming\libiconv
[2011/11/30 17:44:26 | 000,000,268 | RH-- | C] () -- C:\Users\Melinda\AppData\Roaming\laserjet
[2011/11/30 17:44:26 | 000,000,268 | RH-- | C] () -- C:\Users\Melinda\AppData\Roaming\images
[2011/10/21 17:27:54 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/10/21 17:27:54 | 000,217,536 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/10/21 17:22:54 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011/10/21 17:03:04 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011/05/25 08:20:30 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2010/12/21 10:50:14 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2010/12/17 12:07:18 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin

========== LOP Check ==========

[2011/12/31 11:05:15 | 000,000,000 | ---D | M] -- C:\Users\Melinda\AppData\Roaming\Acapela Group
[2012/01/04 12:29:41 | 000,000,000 | ---D | M] -- C:\Users\Melinda\AppData\Roaming\Auslogics
[2012/01/28 22:28:45 | 000,000,000 | ---D | M] -- C:\Users\Melinda\AppData\Roaming\AVG
[2012/01/27 16:11:19 | 000,000,000 | ---D | M] -- C:\Users\Melinda\AppData\Roaming\AVG Secure Search
[2012/02/05 14:39:12 | 000,000,000 | ---D | M] -- C:\Users\Melinda\AppData\Roaming\AVG2012
[2011/12/26 19:00:23 | 000,000,000 | ---D | M] -- C:\Users\Melinda\AppData\Roaming\FixCleaner
[2012/02/05 18:50:12 | 000,000,000 | ---D | M] -- C:\Users\Melinda\AppData\Roaming\ieSpell
[2012/01/01 19:20:00 | 000,000,000 | ---D | M] -- C:\Users\Melinda\AppData\Roaming\Nikon
[2011/12/10 15:58:48 | 000,000,000 | ---D | M] -- C:\Users\Melinda\AppData\Roaming\PC Cleaners
[2012/02/04 08:53:28 | 000,000,000 | ---D | M] -- C:\Users\Melinda\AppData\Roaming\Product_RM
[2012/02/04 09:08:42 | 000,000,000 | ---D | M] -- C:\Users\Melinda\AppData\Roaming\Registry Mechanic
[2012/02/23 19:32:27 | 000,000,000 | ---D | M] -- C:\Users\Melinda\AppData\Roaming\RegZooka
[2012/01/07 20:34:07 | 000,000,000 | ---D | M] -- C:\Users\Melinda\AppData\Roaming\Smart PDF Converter Pro
[2012/03/07 22:36:31 | 000,000,000 | ---D | M] -- C:\Users\Melinda\AppData\Roaming\SoftGrid Client
[2011/08/13 15:33:09 | 000,000,000 | ---D | M] -- C:\Users\Melinda\AppData\Roaming\Synaptics
[2012/01/09 20:10:06 | 000,000,000 | ---D | M] -- C:\Users\Melinda\AppData\Roaming\Systweak
[2011/12/31 11:28:13 | 000,000,000 | ---D | M] -- C:\Users\Melinda\AppData\Roaming\TP
[2011/08/13 15:35:04 | 000,000,000 | ---D | M] -- C:\Users\Melinda\AppData\Roaming\WildTangent
[2011/12/02 23:07:35 | 000,000,000 | ---D | M] -- C:\Users\Melinda\AppData\Roaming\Windows Live Writer
[2012/02/04 17:05:35 | 000,000,000 | ---D | M] -- C:\Users\Melinda\AppData\Roaming\ZumoDrive
[2012/02/01 13:40:15 | 000,032,636 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 764 bytes -> C:\Users\Melinda\Documents\Did you get this.eml:OECustomProperty
@Alternate Data Stream - 550 bytes -> C:\Users\Melinda\Documents\email AVG.eml:OECustomProperty
@Alternate Data Stream - 199 bytes -> C:\ProgramData\Temp:0B4227B4
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:A8ADE5D8
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:D1B5B4F1

< End of report >
  • 0

Advertisements

#2
CompCav
Posted 24 April 2012 - 01:06 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Hi, NoobMel! Posted ImageMy nick name is CompCav and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any questions or you are unsure about anything, just ask and I will help you out. :)

If you have resolved the issues you were originally experiencing, or have received help elsewhere, please let me know so that this topic can be closed.


Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. One of the steps I will be asking you to do requires you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.

If you are ready to get started, please review and follow these guidelines so that we resolve your issues in a timely and effective manner:
  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
  • Please make sure to carefully read any instructions that I give you. Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. These instructions are not suitable for any other computer, even if the issues are fairly similar.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. However, the one thing that you should always do, is to make sure your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Just do a Copy/Paste of the entire contents of the log file inside your post and submit.
  • You must reply within four days failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic. PM me only if I have not responded to your last post in 2 days.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to ultimately reformat your hard drive and reinstall the operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Please have the software and storage media for backing up your data available.


FIRST

I run Regzooka every day and have no less than 100 registry errors.

A registry cleaner will not increase your system's speed or performance, and has the potential to break your registry to the point that your PC is no longer bootable.
We strongly advise that people stay away from any of the registry cleaners out there.
Go HERE to get more information about why registry cleaners aren't needed.


Since it has been awhile we need an updated OTL plus Extras and aswMBR logs :)


Step 1.

Delete your current copy of OTL it is out of date.

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select Scan All Users
  • Under File Scans File Age: Select 90 days from the drop down box.
  • Select Lop Check and Purity Check
  • Under Extra Registry: Select Use SafeList
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    C:\Windows\assembly\tmp\U\*.* /s
    C:\Program Files\Common Files\ComObjects\*.* /s
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    >C:\commands.txt echo list vol /raw /hide /c
    /wait
    >C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
    /wait
    type c:\diskreport.txt /c
    /wait
    erase c:\commands.txt /hide /c
    /wait
    erase c:\diskreport.txt /hide /c
    CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open OTL.Txt and Extras.txt .
  • Post both logs


Step 2.

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
If it does not run rename aswMBR.exe to Iexplore.exe and try it again.

Step 3.

Please post:

OTL.txt
Extras.txt
aswMBR log




Give me any updates on issues with your computer
  • 1

#3
NoobMel
Posted 26 April 2012 - 04:46 AM

NoobMel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Hi CompCav, Thanks for you time in helping me with my issue. A quick update on my computer. In February this year I had taken my computer to a tech to get other issues resolved. He found a virus, removed it(cant remember what it was) but also put a few programs on my computer that I did not ask for nor want. I was using Optus mobile broadband on my laptop at the time (I have since gotten cable internet) and my usage doubled and the same old problems (with some new) started occurring again. I deleted a couple of the programs he installed after finding out they were bad for back-doors. Deleted programs -itunes -bonjour(Microsoft Word) -IE8(I had IE9 when I took it too him) another program I can't seem to delete is the so called upgrade he gave me from Optus to Reliance 3G. After speaking with Optus and trying to re-install Optus program from stick, it will only install Reliance 3G!! Optus suggested something wrong and my system may being used to bounce signal from! I still use my Optus broadband on my laptop when away from the house. Should I stop using it while we work through current issues?
I re-installed IE9 and all the old things that were happening (before I took my laptop to the tech) started happening again. All of which I mentioned in my first post. You may need your patients with me as I've only been computing since November 2011. So here goes...please find all that you requested below :)
OTL.txt
OTL logfile created on: 26/04/2012 6:45:32 PM - Run 6
OTL by OldTimer - Version 3.2.42.1 Folder = C:\Users\Melinda\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.86 Gb Total Physical Memory | 2.67 Gb Available Physical Memory | 69.18% Memory free
7.71 Gb Paging File | 6.33 Gb Available in Paging File | 82.17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.38 Gb Total Space | 392.47 Gb Free Space | 86.76% Space Free | Partition Type: NTFS
Drive D: | 13.08 Gb Total Space | 1.73 Gb Free Space | 13.23% Space Free | Partition Type: NTFS

Computer Name: KGB | User Name: Melinda | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Melinda\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe ()
PRC - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
PRC - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgfws.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG PC Tuneup\BoostSpeed.exe (AVG)
PRC - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\ProgramData\DatacardService\DCSHelper.exe (Huawei Technologies Co., Ltd.)
PRC - C:\Program Files (x86)\Security Task Manager\SpyProtector.exe (Neuber Software - www.neuber.com)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
PRC - C:\Program Files (x86)\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
MOD - C:\Program Files (x86)\AVG\AVG PC Tuneup\madExcept_.bpl ()
MOD - C:\Program Files (x86)\AVG\AVG PC Tuneup\madBasic_.bpl ()
MOD - C:\Program Files (x86)\AVG\AVG PC Tuneup\madDisAsm_.bpl ()
MOD - C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (HPClientSvc) -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company)
SRV:64bit: - (AERTFilters) -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (vToolbarUpdater10.2.0) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe ()
SRV - (IconMan_R) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (avgfws) -- C:\Program Files (x86)\AVG\AVG2012\avgfws.exe (AVG Technologies CZ, s.r.o.)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (UNS) Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (WAS) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (HWDeviceService64.exe) -- C:\ProgramData\DatacardService\HWDeviceService64.exe ()
SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (BrYNSvc) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (RSPCIESTOR) -- C:\Windows\SysNative\drivers\RtsPStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (mbamchameleon) -- C:\Windows\SysNative\drivers\mbamchameleon.sys ()
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSEH) -- C:\Windows\SysNative\drivers\AVGIDSEH.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (RTL8192Ce) -- C:\Windows\SysNative\drivers\rtl8192ce.sys (Realtek Semiconductor Corporation )
DRV:64bit: - (Avgfwfd) -- C:\Windows\SysNative\drivers\avgfwd6a.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (MEIx64) Intel® -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (huawei_enumerator) -- C:\Windows\SysNative\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (ewusbnet) -- C:\Windows\SysNative\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (ew_hwusbdev) -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (DrvAgent64) -- C:\Windows\SysWOW64\drivers\DrvAgent64.SYS (Phoenix Technologies)
DRV - (dfg) -- C:\Windows\SysWOW64\drivers\dfg.sys (defrag Development Team)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.jp.msn.com/CQALL/13
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/we...&l=dis&o=CPNTDF
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://au.search.yah...psg&type=CPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/we...&l=dis&o=CPNTDF
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://au.search.yah...psg&type=CPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2138450356-3777672214-2490113955-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com.au/
IE - HKU\S-1-5-21-2138450356-3777672214-2490113955-1000\..\SearchScopes,DefaultScope = {9907022F-A16F-41DD-A63A-755908A97C5E}
IE - HKU\S-1-5-21-2138450356-3777672214-2490113955-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-2138450356-3777672214-2490113955-1000\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekko.com/?s...q={searchTerms}
IE - HKU\S-1-5-21-2138450356-3777672214-2490113955-1000\..\SearchScopes\{9907022F-A16F-41DD-A63A-755908A97C5E}: "URL" = http://www.google.co...age={startPage}
IE - HKU\S-1-5-21-2138450356-3777672214-2490113955-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/02/05 13:38:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\10.2.0.3\ [2012/03/14 20:47:19 | 000,000,000 | ---D | M]

[2011/12/28 18:44:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/12/03 15:38:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/12/20 13:16:49 | 000,003,747 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml

O1 HOSTS File: ([2012/03/08 23:29:07 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll ()
O3 - HKU\S-1-5-21-2138450356-3777672214-2490113955-1000\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-21-2138450356-3777672214-2490113955-1000..\Run: [Spy Protector] C:\Program Files (x86)\Security Task Manager\SpyProtector.exe (Neuber Software - www.neuber.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisplayLastLogonInfo = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2138450356-3777672214-2490113955-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2138450356-3777672214-2490113955-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-2138450356-3777672214-2490113955-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2138450356-3777672214-2490113955-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O8:64bit: - Extra context menu item: &ieSpell Options - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O8:64bit: - Extra context menu item: Check &Spelling - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O8:64bit: - Extra context menu item: Lookup on Merriam Webster - C:\Program Files (x86)\ieSpell\Merriam Webster.HTM ()
O8:64bit: - Extra context menu item: Lookup on Wikipedia - C:\Program Files (x86)\ieSpell\wikipedia.HTM ()
O8 - Extra context menu item: &ieSpell Options - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Check &Spelling - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files (x86)\ieSpell\Merriam Webster.HTM ()
O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files (x86)\ieSpell\wikipedia.HTM ()
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O16:64bit: - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Reg Error: Key error.)
O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bit...m/qsax/qsax.cab (BitDefender QuickScan Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = MEL
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{808E4596-7271-40D6-A6BF-AD9AC7592073}: DhcpNameServer = 10.1.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9B2B64CB-6CEB-4628-B274-81517F023C55}: NameServer = 198.142.0.51 61.88.88.88
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\gopher - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll ()
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2012/04/26 17:55:19 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Melinda\Desktop\OTL.exe
[2012/04/26 09:30:24 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{CCD73A2E-AE34-4A43-BBAC-1780A63F2518}
[2012/04/26 09:30:14 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{52D44C32-A3CE-40FB-B8D2-F1956147701D}
[2012/04/25 21:29:48 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{87B55922-639E-4669-86FE-00949C182A07}
[2012/04/25 21:29:38 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{D3CD3D74-2810-4AAD-876C-9534985E2A76}
[2012/04/25 09:29:11 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{59C2588F-F50C-4C56-AA24-BE9BD5A8017A}
[2012/04/25 09:28:52 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{A48E0F4D-90FE-4B89-B4FB-7D9A0AD9C6A1}
[2012/04/24 20:11:11 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{25C45252-AE75-44C3-8260-E65FF92C416F}
[2012/04/24 20:10:58 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{3459F998-D835-413A-868F-3DE4A5BEC39C}
[2012/04/24 08:10:31 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{64B6E454-9683-473C-BE56-A40D13EA7488}
[2012/04/24 08:10:19 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{DA6B4FC0-1E01-4DFD-8872-85DEA2E2B471}
[2012/04/23 20:09:53 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{D006BE77-568D-4CC1-8689-22CA44216880}
[2012/04/23 20:09:41 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{6ED138A0-7982-46AE-BD1C-95E6A52BC53E}
[2012/04/23 08:09:14 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{77CC18D9-1902-48D3-B3C1-8D4760B5A968}
[2012/04/23 08:09:02 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{59B7EE85-AEEC-4F44-B493-DC323E9DBA30}
[2012/04/22 09:35:25 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{CA6C1451-EF07-4111-8364-036224B82EAD}
[2012/04/22 09:35:14 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{D9C8C268-9BF4-4ACD-9359-76E09D70A2E9}
[2012/04/21 17:30:04 | 000,000,000 | ---D | C] -- C:\Users\Melinda\Documents\Email contacts
[2012/04/21 17:27:58 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{B503596C-C7F6-4DA7-8DD3-EFD0BCF47AC0}
[2012/04/21 17:27:47 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{D03E3B92-1535-4080-95E3-4DC88477850C}
[2012/04/21 08:55:35 | 000,000,000 | ---D | C] -- C:\Users\Melinda\Documents\Free meter
[2012/04/21 08:04:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2012/04/20 15:19:36 | 000,000,000 | ---D | C] -- C:\Users\Melinda\Desktop\FreeMeter_v1.6.3
[2012/04/20 11:26:50 | 000,000,000 | ---D | C] -- C:\Users\Melinda\Documents\Chakras and Sound
[2012/04/16 11:56:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reliance 3G
[2012/04/16 11:56:09 | 000,196,608 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_juwwanecm.sys
[2012/04/16 11:56:09 | 000,093,696 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_jucdcacm.sys
[2012/04/16 11:56:09 | 000,085,504 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_jubusenum.sys
[2012/04/16 11:56:09 | 000,055,296 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_jucdcecm.sys
[2012/04/16 11:56:09 | 000,029,184 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_juextctrl.sys
[2012/04/16 11:53:29 | 000,999,936 | ---- | C] (DiBcom SA) -- C:\Windows\SysNative\drivers\mod7700.sys
[2012/04/16 11:53:29 | 000,256,000 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbnet.sys
[2012/04/16 11:53:29 | 000,121,600 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbmdm.sys
[2012/04/16 11:53:29 | 000,032,768 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\Windows\SysNative\drivers\ewdcsc.sys
[2012/04/16 11:53:29 | 000,013,952 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys
[2012/04/16 11:50:21 | 000,117,248 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys
[2012/04/14 14:34:36 | 000,000,000 | ---D | C] -- C:\Windows\en
[2012/04/14 14:27:04 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{9183FB58-DB80-4D97-A2C6-16B58FF4F25E}
[2012/04/14 14:26:53 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{2C585B9B-CF03-4A0A-B259-1914EFAD068D}
[2012/04/14 07:12:32 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{F93ADE6E-7AA2-41BA-9C81-94879818B955}
[2012/04/14 07:12:20 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{32BAFF1D-CDF2-4A53-9E37-EB9853BDD1F1}
[2012/04/13 16:52:42 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{C27B40BF-36D4-4C2F-94A6-1A36D678DE90}
[2012/04/13 09:35:42 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{EC932874-B989-40A7-BED4-4B1DE83C2055}
[2012/04/12 21:35:18 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{9C0FF176-7327-48FA-8E6F-FC141010B94B}
[2012/04/12 09:34:53 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{023ED782-2740-4E16-9FD6-6A50AB5981FA}
[2012/04/11 21:34:29 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{B84CFABE-FE63-4E00-8B50-B150C1A4EAF6}
[2012/04/11 12:22:21 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/04/11 12:22:21 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/04/11 12:22:20 | 002,311,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/04/11 12:22:20 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/04/11 12:22:20 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/04/11 12:22:20 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/04/11 12:22:20 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/04/11 12:22:19 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/04/11 12:22:19 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/04/11 12:22:19 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/04/11 12:22:19 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/04/11 12:21:59 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/04/11 12:21:58 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/04/11 12:21:58 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/04/11 12:20:04 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/04/11 12:20:04 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012/04/11 12:20:04 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012/04/11 09:02:12 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{460D6280-D054-477C-A39B-A8CBB86EB483}
[2012/04/10 21:11:05 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Ride Games
[2012/04/10 21:01:48 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{8A68E6A8-F334-448E-8E3E-E16517D85AC2}
[2012/04/10 08:48:02 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{731361E4-2C5B-48C3-9460-3A109B129811}
[2012/04/09 08:39:30 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{57F12377-02CB-4423-A39D-9D8D7FE6C116}
[2012/04/08 08:39:31 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{8315E4DF-116B-4D54-A3F7-F2B3F5B0A1D5}
[2012/04/07 11:43:33 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{DD5F3593-21DF-4972-A5BE-B29A75345656}
[2012/04/06 23:43:09 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{1BF43F00-A917-4DE5-9605-3E633561E93B}
[2012/04/06 09:30:20 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{7A928057-42F5-4B4B-B5E9-6208DAFC3824}
[2012/04/06 01:04:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Playrix Entertainment
[2012/04/06 00:25:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPlayCity.com
[2012/04/06 00:25:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyPlayCity.com
[2012/04/05 20:44:30 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{A1876668-DEB4-488B-8EFD-D0ED58B073F3}
[2012/04/05 08:44:04 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{554470F5-1751-4E23-AB21-1FA406B970A7}
[2012/04/04 20:27:53 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{865E1F2E-1C44-4B07-BA25-01B23E1D818D}
[2012/04/04 08:27:29 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{F1F4A1FC-AF26-41F6-BDE1-DD1774DCEF4C}
[2012/04/03 08:06:12 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{5E254370-BBCA-4DD2-AC04-27606558E3A3}
[2012/04/02 10:06:22 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{FE17DFC1-6FCD-42BA-BC3E-2B6541E250A0}
[2012/04/01 22:05:58 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{477D73E4-7304-4378-88A3-F36F497631AE}
[2012/04/01 10:05:47 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{79566A73-CD0E-42BD-8123-E974F8497E00}
[2012/03/31 22:05:23 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{9A4436E6-A2DA-420B-A7B8-DB7E4F549190}
[2012/03/31 10:58:20 | 000,000,000 | ---D | C] -- C:\Users\Melinda\Video
[2012/03/31 10:04:59 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{0278FCE3-3509-4AFC-BDD7-39256AB442C7}
[2012/03/30 19:49:01 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{5ECB98B4-81AC-4959-BA9C-2D8F158D40EC}
[2012/03/30 07:48:34 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{5DBE1C05-93F5-49FB-8BE1-150866C18F2D}
[2012/03/29 19:48:10 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{0A562645-605C-491D-9FC2-5F7967D9531C}
[2012/03/29 07:47:44 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{E57C3A22-C097-42F0-97BA-CA483478567D}
[2012/03/29 07:47:33 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{F9D6695F-62CD-4E0B-B273-D549D70520AE}
[2012/03/28 08:28:18 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{FCF12662-CF50-4005-BBAD-0A50177205EB}
[2012/03/28 08:28:05 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{2736B27F-6C01-4F6D-9C7B-5766335E9FF8}
[2012/03/27 18:48:46 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{AB0D8E12-7E71-46CF-A05B-E204DAB1B4BF}
[2012/03/27 18:48:35 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{63A59ECD-751A-4DE9-976D-0D724E729C87}
[2012/03/27 06:48:05 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{8E07F5D0-2919-4B1B-9845-418EA586D803}
[2012/03/27 06:47:49 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{3E853C80-F0C2-4165-9B8D-7D7082DAC73B}
[2012/03/26 12:51:25 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{95991D3D-8C04-4F03-8E54-499311FBC30A}
[2012/03/26 12:51:14 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{670AE4AE-A4D9-41AE-BDCA-D1C39254CECF}
[2012/03/25 08:35:41 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{7AD7B4DA-14C4-4556-9C56-7E05BCBEA640}
[2012/03/25 08:35:29 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{6F1DC764-CECD-491E-A389-ADA45BBF124D}
[2012/03/24 08:13:03 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{807EFB36-9246-473A-8CD5-92E110735AA5}
[2012/03/24 08:12:46 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{D4594301-CDE2-4DD5-92E6-452A569D48E9}
[2012/03/23 08:21:55 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{02A72F8E-DE69-4AC0-9991-EB7A5D269CC7}
[2012/03/23 08:21:43 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{9F88E881-1673-4186-8767-AC42DEFEBAB4}
[2012/03/22 09:19:41 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{0B51B560-5FA6-4FD6-89FB-6A9FCA84DEBA}
[2012/03/22 09:19:30 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{6ECC1406-584B-4FCE-8080-F86A945B739D}
[2012/03/21 08:00:35 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{DE043930-CA16-4DF8-AF05-2A28825AEC60}
[2012/03/21 08:00:24 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{3536CA53-5A22-4D1E-B840-3006B3B238CF}
[2012/03/19 12:32:49 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\LogMeIn Rescue Applet
[2012/03/19 07:11:30 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{B20D5F31-1F18-4B5C-AFA2-A0BC08E6304D}
[2012/03/19 07:11:19 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{4FA3E691-0E43-42DB-82FC-D2572FD1C6CB}
[2012/03/18 19:02:03 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{E7AFE311-44A8-4927-80B6-8171AC6C16BB}
[2012/03/18 19:01:52 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{0F61602E-4714-4DDA-81E6-E7F810923507}
[2012/03/18 07:01:24 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{74312EAF-E55F-4BA1-83A7-A0B76B4B0FAD}
[2012/03/18 07:01:02 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{B20485BC-6C00-4E1D-A507-D47C6CCBBBBD}
[2012/03/17 15:19:24 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\Ilivid Player
[2012/03/17 15:15:07 | 000,000,000 | -H-D | C] -- C:\ProgramData\{A37818CF-E0CC-4A13-B685-605AE2F01FD2}
[2012/03/17 15:15:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid
[2012/03/17 15:14:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iLivid
[2012/03/17 09:28:53 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{2246046E-5E0F-42F1-9A9A-D337D85BA751}
[2012/03/17 09:28:41 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{AED1DADD-8661-4A9A-B9DE-A0966C82BA68}
[2012/03/16 07:47:10 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{7979D50A-8E34-4B08-B818-9709769785A1}
[2012/03/16 07:46:59 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{353C6033-8E1D-41F6-9D93-530D535E58B2}
[2012/03/15 08:50:15 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{B334E627-DD18-4768-9F12-F0B7E0186873}
[2012/03/15 08:49:58 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{21C4BB98-12BE-4B85-86C8-787BEAA43049}
[2012/03/14 16:01:32 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/03/14 16:00:15 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/03/14 16:00:15 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/03/14 16:00:15 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/03/14 16:00:14 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012/03/14 16:00:14 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012/03/14 14:48:04 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{35677158-1BC4-4BE9-A6B6-64C23C1CB28F}
[2012/03/14 14:47:47 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{61953E66-496E-4393-A6DC-D678C771589C}
[2012/03/13 08:20:57 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{70BEA903-457F-4CB4-A89D-AAD8D6112125}
[2012/03/13 08:20:44 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{45765166-0B93-4B95-9224-ED65A985D98C}
[2012/03/12 11:14:18 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{F3135FA4-532D-41F6-A83A-759D76D97B96}
[2012/03/12 11:14:06 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{603AE8D0-DFB0-4EF2-8323-AF0877561F9F}
[2012/03/11 23:13:40 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{39BD69EA-F049-4CFA-AFEB-2063162B501E}
[2012/03/11 23:13:28 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{ACE14922-4222-40A5-9E72-063CC2B92329}
[2012/03/11 11:13:02 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{0477A125-CB0D-4F1B-8033-1D060CB6ED9B}
[2012/03/11 11:12:51 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{AB27C04E-FA63-4AF7-97CD-875955AD7EEF}
[2012/03/10 21:51:03 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{99CBCED4-F722-40E9-BCA5-1F4307DB030C}
[2012/03/10 21:50:41 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{6FE46668-8E80-419D-B1E7-1BE27959F21B}
[2012/03/10 09:50:15 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{E15C9562-311B-4445-86BF-F257960EA4E3}
[2012/03/10 09:50:04 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{67851101-075B-4C3A-8836-1C7A2E83EBC6}
[2012/03/10 09:49:11 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{CE29D8C3-E1B6-4137-AEA9-4C90C2502084}
[2012/03/10 09:48:59 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{7C10E732-DFE8-4191-BBB7-3CA21FCC8D6B}
[2012/03/09 20:54:25 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{F8AA99DC-D76E-4C59-A305-7EBE201DE550}
[2012/03/09 20:54:14 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{F2051F52-F829-43FD-9688-6D543624728C}
[2012/03/09 08:53:47 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{C402E922-BA58-474C-9A11-5497398D2ABB}
[2012/03/09 08:53:36 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{F722EFDE-8244-4A62-9795-1BEABE5B2B69}
[2012/03/08 22:44:41 | 005,650,384 | ---- | C] (ZookaWare) -- C:\Users\Melinda\Desktop\RegZooka.exe
[2012/03/08 20:02:40 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{92426E5F-1124-47B0-A326-5A8730AC2AB6}
[2012/03/08 20:02:26 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{57E6E48F-CF5B-4245-949A-21B2CA120AB4}
[2012/03/08 18:37:20 | 000,302,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
[2012/03/08 08:01:58 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{257FD2D9-35E1-4D46-8E76-EA8C6671FB4A}
[2012/03/08 08:01:47 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{D668B82E-4CEF-4346-87E0-2401AF25A883}
[2012/03/08 08:00:09 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{0811BBBD-47E6-48F1-AF72-034BE9F2A316}
[2012/03/08 07:59:18 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{6A5495FF-F8FE-470D-9B60-C2A129DAF25A}
[2012/03/07 10:39:26 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{CDAF7103-32CF-42B4-965D-9BE02FAFF275}
[2012/03/07 10:39:15 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{55F7CAA0-B28D-4FE4-9CBE-6BC0CAC4C0D4}
[2012/03/06 22:38:47 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{E3470C59-9255-4619-8F80-F6FB9E2BDEE7}
[2012/03/06 22:38:29 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{365B430B-863D-4DB5-A857-D3AA46A05D55}
[2012/03/06 16:40:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
[2012/03/06 10:38:02 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{FE666845-0C2A-4B8C-8433-77717CC80AC9}
[2012/03/06 10:37:51 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{D257974D-26E3-4509-B231-4D631906D321}
[2012/03/05 17:27:15 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{DD4CBA2F-0A2F-4A90-A313-844F8DDDED2D}
[2012/03/05 17:27:03 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{27B148E7-F144-4CBD-BB5A-9288CB325EBB}
[2012/03/05 13:28:25 | 000,191,264 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2012/03/05 13:28:25 | 000,172,320 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2012/03/05 13:28:25 | 000,172,320 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2012/03/05 13:28:16 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/03/05 13:18:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/03/05 13:12:50 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/03/05 13:12:50 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/03/05 13:12:50 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/03/05 13:12:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012/03/05 09:37:47 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{4B6876B6-308B-40A2-847D-96D3E0E8C600}
[2012/03/04 13:42:34 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{77E2FB96-EA72-4573-A7C8-1BA89AA32086}
[2012/03/04 13:42:21 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{235D0258-4EFF-43C2-9331-9E837AE20543}
[2012/03/04 09:24:29 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{5ECD4915-7A2A-428A-B031-9D13B34F3573}
[2012/03/03 10:14:42 | 000,000,000 | ---D | C] -- C:\Users\Melinda\Desktop\equake3d
[2012/03/03 09:33:51 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{8C6355C3-F161-414D-9E86-8102414D0A0F}
[2012/03/03 09:33:39 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{C536FD0F-EF71-42FA-964F-E65B05FABC27}
[2012/03/02 21:33:12 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{179E95D5-86DD-412A-9C83-2F47485F27C4}
[2012/03/02 21:32:59 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{B1A16406-A391-489C-9FFE-B4B963DC8EC6}
[2012/03/02 09:32:32 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{E38677B8-16B8-4B65-B1E2-C61016F79045}
[2012/03/02 09:32:18 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{1AB1A71D-F7FF-4968-8397-58264C9E22D2}
[2012/03/01 10:10:26 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{E2F6CF50-0A88-4CC3-9251-0045AA001CB5}
[2012/03/01 10:10:10 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{5ED5BC0E-42FC-4BBC-94CA-4EE4B5F4220C}
[2012/02/29 19:23:35 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{646C1CD0-AD93-447D-A1AC-34B7550F1B04}
[2012/02/29 19:23:18 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{8EB176D6-BF9D-48FE-86FE-965CC94E8EDC}
[2012/02/29 18:13:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda Security
[2012/02/29 07:22:45 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{7A16235F-28DA-4ED1-B5A6-B447CBC943BE}
[2012/02/29 07:22:27 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{0FDFC69C-B7E1-424A-9C15-02D71884E8D5}
[2012/02/28 10:35:18 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{D6305987-BADE-4E41-8176-79D9CF8DAE17}
[2012/02/28 10:35:00 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{5BED19A1-A056-4B25-B521-11F38CCED2A3}
[2012/02/27 08:33:48 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{6B2C0377-6EB9-42C5-B43B-5138AFD4A8DC}
[2012/02/27 08:33:35 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{4B9863F2-A5B1-45A3-BB04-9FAE8B208777}
[2012/02/26 20:55:51 | 000,000,000 | ---D | C] -- C:\ProgramData\MusicStation
[2012/02/26 20:55:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MusicStation
[2012/02/26 20:55:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2012/02/26 20:55:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2012/02/26 20:55:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2012/02/26 14:11:18 | 001,640,400 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll0255.old
[2012/02/26 14:11:18 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll0255.old
[2012/02/26 14:01:52 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/02/26 13:53:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spyware Doctor
[2012/02/26 13:52:46 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\blekkotb
[2012/02/26 13:34:44 | 000,000,000 | ---D | C] -- C:\ProgramData\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
[2012/02/26 13:10:17 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\PackageAware
[2012/02/26 12:49:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager
[2012/02/26 12:49:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Security Task Manager
[2012/02/26 11:15:00 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{8A9022B6-35F2-4A14-A38E-A5171529D45E}
[2012/02/26 11:14:47 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{47F36EE9-811D-4B40-9A4D-7D08BC6C6ACD}
[2012/02/25 12:28:13 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{8F3CA914-3EB2-46D2-96B0-F84F1DD70849}
[2012/02/25 12:28:00 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{9FBD3079-0AD7-4756-AA69-AB25BAAE8969}
[2012/02/24 22:29:56 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{BD4A7EFF-55ED-46D9-A565-7200F4FC580D}
[2012/02/24 22:29:43 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{29BAA61E-873C-43DD-AEBD-4ACD7500DE70}
[2012/02/24 16:15:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free YouTube Downloader
[2012/02/24 16:15:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free YouTube Downloader
[2012/02/24 16:06:52 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\TempDIR
[2012/02/24 08:11:04 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{18573A8F-A672-4253-ADF3-9863112B7F34}
[2012/02/24 08:10:52 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{D8925F3F-3B25-4751-8E9F-43614E409A6E}
[2012/02/23 18:32:27 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Roaming\RegZooka
[2012/02/23 12:57:17 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{699EA9CD-22FD-469E-B13B-9DE7AB676268}
[2012/02/23 12:57:04 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{00B4FF27-DF7A-4BDC-9043-64332043CB6C}
[2012/02/22 12:29:07 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{6D94C375-1761-40D5-9D45-8875CA506471}
[2012/02/22 12:28:54 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{4324BA1C-0CE9-45F8-8A7B-2AA9DE54629B}
[2012/02/22 12:10:54 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012/02/22 12:10:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2012/02/22 12:10:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
[2012/02/21 18:45:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ieSpell
[2012/02/21 16:19:11 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012/02/21 16:19:10 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2012/02/21 16:19:10 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2012/02/21 16:19:10 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012/02/21 16:19:10 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2012/02/21 16:19:10 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2012/02/21 16:19:10 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012/02/21 16:19:10 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2012/02/21 16:19:10 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012/02/21 16:19:10 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2012/02/21 16:19:10 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012/02/21 16:19:10 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012/02/21 16:19:10 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2012/02/21 16:19:10 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2012/02/21 16:19:10 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012/02/21 16:19:10 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012/02/21 16:19:09 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2012/02/21 16:19:09 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2012/02/21 16:19:09 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2012/02/21 16:19:09 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2012/02/21 16:19:09 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/02/21 16:19:09 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012/02/21 16:19:09 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2012/02/21 16:19:09 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2012/02/21 16:19:09 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2012/02/21 16:19:09 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2012/02/21 16:19:09 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2012/02/21 16:19:09 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012/02/21 16:19:08 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2012/02/21 16:19:08 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2012/02/21 16:19:08 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2012/02/21 16:19:08 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012/02/21 16:19:08 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2012/02/21 16:19:08 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2012/02/21 16:19:08 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2012/02/21 16:19:08 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2012/02/21 16:19:08 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/02/21 16:19:08 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2012/02/21 16:19:08 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2012/02/21 16:19:08 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012/02/21 16:19:08 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012/02/21 16:19:08 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2012/02/21 16:19:08 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2012/02/21 16:19:08 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012/02/21 16:19:08 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2012/02/21 16:19:08 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012/02/21 16:19:08 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2012/02/21 16:19:08 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2012/02/21 16:19:08 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2012/02/21 16:19:08 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2012/02/21 16:19:08 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2012/02/21 16:19:08 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2012/02/21 16:19:08 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012/02/21 16:19:07 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/02/21 16:19:07 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/02/21 16:19:07 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2012/02/21 16:19:07 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2012/02/21 16:19:07 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2012/02/21 16:19:07 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012/02/21 16:19:07 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012/02/21 16:19:07 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012/02/21 11:36:45 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{963E04B7-D5B8-4510-A9B7-25D4DC8777C6}
[2012/02/21 11:36:33 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{FBF94B8A-0762-408C-8D20-C5D4486E5668}
[2012/02/20 12:00:44 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{2F31F851-C3A9-42F6-8C02-5E534256C585}
[2012/02/20 12:00:31 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{CC6EBAAD-E13B-4CF5-89E9-19B49C15403F}
[2012/02/20 11:02:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/02/19 09:11:13 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{1850DD9B-5D9E-4C59-A522-4409E50BD7ED}
[2012/02/19 09:10:34 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{C591CD94-6404-49BC-976B-A9B0D7893255}
[2012/02/18 13:36:34 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{A6110E3E-48E2-4B13-907C-29F9D0B1AC9C}
[2012/02/18 13:36:20 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{447E2B99-A8B7-43DF-9DEC-7C947FB70AD0}
[2012/02/17 11:11:26 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{E38477BD-47FA-4013-AEF7-34950A36F875}
[2012/02/17 11:11:13 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{85598587-4617-44FF-9805-A2755E2E6FF3}
[2012/02/17 10:20:32 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2012/02/17 10:20:19 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2012/02/17 10:20:19 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2012/02/17 10:19:52 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012/02/12 21:23:58 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RegZooka
[2012/02/12 21:23:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RegZooka
[2012/02/12 20:10:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup
[2012/02/12 19:59:38 | 008,351,256 | ---- | C] (AVG ) -- C:\Users\Melinda\Desktop\avg_pct_stf_all_10_27.exe
[2012/02/12 18:47:22 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{CF68B384-58C8-4AF2-8F4F-B11A84844412}
[2012/02/12 18:47:10 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{CF8E12B8-CC50-4B0A-AD44-8FC2D308A089}
[2012/02/10 22:31:32 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{E2D88596-B333-48BF-921C-F68017EB3E31}
[2012/02/10 22:31:18 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{7789A5CD-2D6B-4AF3-BDDC-472E8AE0F612}
[2012/02/08 21:18:29 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{74284BDD-B4BF-4D60-8324-C6905ED65368}
[2012/02/08 21:18:17 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{8CD19904-9F8E-4774-8886-52432678B33F}
[2012/02/06 18:46:48 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012/02/06 15:43:38 | 000,000,000 | ---D | C] -- C:\AVGTemp
[2012/02/06 10:00:40 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{A53A4C63-DA99-4E5C-93BA-F1095D54C2BB}
[2012/02/06 10:00:27 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{9FB28661-6D2E-4A62-8837-B5FE9CA39647}
[2012/02/06 09:42:05 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\BestPractices
[2012/02/06 09:42:00 | 000,000,000 | ---D | C] -- C:\inetpub
[2012/02/06 09:42:00 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\BestPractices
[2012/02/05 18:28:34 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2012/02/05 17:50:12 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Roaming\ieSpell
[2012/02/05 16:16:42 | 001,182,616 | ---- | C] (PC Drivers HeadQuarters ) -- C:\Users\Melinda\Desktop\DriverDetective.exe
[2012/02/05 13:39:12 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Roaming\AVG2012
[2012/02/05 13:38:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012
[2012/02/05 13:38:53 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG
[2012/02/05 13:38:23 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012/02/05 13:38:23 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG
[2012/02/05 13:37:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2012/02/05 13:31:02 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012/02/05 13:30:38 | 003,968,400 | ---- | C] (AVG Technologies) -- C:\Users\Melinda\Desktop\avg_isc_stb_all_2012_1913.exe
[2012/02/05 12:04:08 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{2CC509FB-7652-451F-9CC0-E6DC52B67C72}
[2012/02/05 12:03:56 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{07F00172-AD37-44C8-8EC3-66460858CEB3}
[2012/02/05 12:02:57 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{2C5CFAF5-B96C-49A2-B0AB-C2914151C48F}
[2012/02/05 11:52:20 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Roaming\Apple Computer
[2012/02/05 11:52:03 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2012/02/05 11:51:34 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2012/02/05 11:26:49 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\Apple
[2012/02/05 08:29:18 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{2AA6F83B-5A32-4D75-BBD0-D07B48FDF59F}
[2012/02/05 08:19:51 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{BB685AC7-E562-46D3-B51F-7C7E31E5CA6C}
[2012/02/05 08:19:28 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{DA05869A-5DAF-4EE6-A0AE-2A86E76C68F7}
[2012/02/04 16:05:31 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Roaming\ZumoDrive
[2012/02/04 12:44:32 | 001,490,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WdfCoInstaller01007.dll
[2012/02/04 12:44:32 | 001,490,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfCoInstaller01007.dll
[2012/02/04 12:43:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Reliance 3G
[2012/02/04 12:26:26 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Roaming\WinRAR
[2012/02/04 11:46:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2012/02/04 11:46:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2012/02/04 10:24:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage
[2012/02/04 09:39:31 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012/02/04 09:29:00 | 000,107,552 | ---- | C] (Realtek Semiconductor Corporation) -- C:\Windows\SysNative\RTNUninst64.dll
[2012/02/04 08:57:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2012/02/04 08:56:33 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2012/02/04 08:39:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\REALTEK PCIE Wireless LAN Driver
[2012/02/04 08:31:42 | 000,021,712 | ---- | C] (Phoenix Technologies) -- C:\Windows\SysWow64\drivers\DrvAgent64.SYS
[2012/02/04 08:31:42 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\eSupport.com
[2012/02/04 08:08:42 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Roaming\Registry Mechanic
[2012/02/04 07:54:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2012/02/04 07:53:28 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Roaming\Product_RM
[2012/02/04 07:53:28 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/02/03 23:23:06 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/02/03 22:36:54 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/02/03 22:36:54 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/02/03 22:36:54 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/02/03 22:36:44 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/03 12:48:35 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/02/03 12:47:23 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{E8022EC3-2C4A-4DD1-A428-E77A243E7118}
[2012/02/03 12:47:11 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{4B682FA8-70EC-4AE4-8A36-46E23FB99A93}
[2012/02/03 00:46:44 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{DEC6C2DE-9F3B-4C0A-A0F7-49459E6819A4}
[2012/02/03 00:46:32 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{F92CF7ED-C234-4680-AF41-08A34A49A271}
[2012/02/02 15:56:16 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2012/02/02 15:48:00 | 000,378,240 | ---- | C] (Neuber Software) -- C:\Users\Melinda\Desktop\SvchostAnalyzer.exe
[2012/02/02 12:18:27 | 000,000,000 | ---D | C] -- C:\_OTM
[2012/02/02 12:17:59 | 000,523,264 | ---- | C] (OldTimer Tools) -- C:\Users\Melinda\Desktop\OTM.exe
[2012/02/02 12:10:04 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/02/02 12:08:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/02/02 12:08:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2012/02/02 10:59:59 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{3987F8CA-3C67-4940-BA8B-A898AB9C78BB}
[2012/02/02 10:59:47 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{22662600-D07F-4C6E-84D0-2D3400403A09}
[2012/02/01 20:07:09 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\CrashDumps
[2012/02/01 12:49:03 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{735EA2DA-5973-427F-B85D-0CA79F5E3AB2}
[2012/02/01 12:48:51 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{D1ED4088-6988-45C9-92F9-458FDF75FA00}
[2012/01/31 17:56:04 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{1004B6BC-F856-4EB2-964A-DC2C3537DE1D}
[2012/01/31 17:55:52 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{8567ADEC-D5FF-46B5-B915-81D6F5723D23}
[2012/01/30 21:07:48 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{3A6B55EA-FAF3-4E0C-9602-08BCE821C552}
[2012/01/30 21:07:32 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{32DD466A-A93C-4B65-B966-E34297476878}
[2012/01/30 09:03:27 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{17B684CF-78B4-4FD9-A3D0-0C286337F226}
[2012/01/30 09:03:15 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{465C552D-1063-44EF-97F6-1F7116034674}
[2012/01/30 09:01:13 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{E89FC909-5628-4CE1-9F79-C5D5F7BFFC47}
[2012/01/30 09:01:00 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{7E02D3BE-1A29-4A06-A14A-28355778DC22}
[2012/01/29 17:58:33 | 000,000,000 | ---D | C] -- C:\Users\Melinda\Documents\Just add you
[2012/01/29 14:43:53 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{DD930E5E-3CFF-4FE4-9C5B-30CD58C229A8}
[2012/01/29 14:43:41 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{41A93FD7-9A8E-4AC6-A9C2-C06427E90703}
[2012/01/29 14:43:10 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{FCDD3A4A-673D-425A-B536-3FA5D2F18132}
[2012/01/29 14:42:58 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{28D69055-053F-478B-BECD-A217DD992B85}
[2012/01/29 01:37:31 | 009,888,872 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysWow64\RtsPStorIcon.dll
[2012/01/29 01:37:31 | 000,339,048 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\drivers\RtsPStor.sys
[2012/01/29 01:29:42 | 000,439,320 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\iaStor.sys
[2012/01/29 01:29:29 | 000,000,000 | ---D | C] -- C:\Drivers
[2012/01/29 01:21:47 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2012/01/29 01:21:38 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2012/01/29 01:16:07 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2012/01/29 01:16:07 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2012/01/29 01:16:04 | 002,615,400 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll
[2012/01/29 01:16:04 | 001,560,168 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl
[2012/01/29 01:16:03 | 000,331,880 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll
[2012/01/29 01:16:02 | 000,014,952 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCoLDR64.dll
[2012/01/29 01:16:01 | 000,149,608 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll
[2012/01/29 01:16:00 | 003,744,872 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll
[2012/01/29 01:16:00 | 001,969,768 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll
[2012/01/29 01:16:00 | 001,247,848 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll
[2012/01/29 01:16:00 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2012/01/29 01:16:00 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2012/01/29 01:16:00 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2012/01/29 01:16:00 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2012/01/29 01:16:00 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2012/01/29 01:16:00 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2012/01/29 01:15:58 | 000,100,456 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInstII64.dll
[2012/01/29 01:15:38 | 001,698,408 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll
[2012/01/29 01:01:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Drivers.com
[2012/01/28 20:04:34 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{81E5D732-B9E9-4409-B36E-ACEEDD3C6FE1}
[2012/01/28 20:04:22 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{66C4D755-5E58-46E5-9A98-130BD49EAB58}
[2012/01/27 22:22:21 | 000,000,000 | ---D | C] -- C:\Users\Melinda\Documents\LocaleMetaData
[2012/01/27 20:21:25 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\{D646F1B2-7854-4FDC-AD17-F8573371FD60}

========== Files - Modified Within 90 Days ==========

[2012/04/26 18:01:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/26 17:58:23 | 000,763,422 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/04/26 17:58:23 | 000,657,378 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/04/26 17:58:23 | 000,118,576 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/04/26 17:55:19 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Melinda\Desktop\OTL.exe
[2012/04/26 17:01:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/26 15:45:58 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/26 15:45:58 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/26 15:38:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/26 15:38:23 | 3104,722,944 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/26 10:56:17 | 000,271,846 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/04/26 08:44:38 | 096,270,290 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/04/21 17:44:53 | 000,003,688 | ---- | M] () -- C:\Users\Melinda\Documents\Contacts.csv
[2012/04/20 19:21:05 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForMelinda.job
[2012/04/20 15:13:15 | 000,075,941 | ---- | M] () -- C:\Users\Melinda\Desktop\FreeMeter_v1.6.3.zip
[2012/04/17 08:58:48 | 000,624,083 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavifw.avm
[2012/04/16 11:56:57 | 000,001,011 | ---- | M] () -- C:\Users\Public\Desktop\Reliance 3G.lnk
[2012/04/10 21:10:55 | 000,000,064 | ---- | M] () -- C:\Windows\GPlrLanc.dat
[2012/04/06 00:25:47 | 000,002,212 | ---- | M] () -- C:\Users\Melinda\Application Data\Microsoft\Internet Explorer\Quick Launch\Call of Atlantis.lnk
[2012/04/06 00:25:47 | 000,002,188 | ---- | M] () -- C:\Users\Melinda\Desktop\Call of Atlantis.lnk
[2012/04/06 00:25:47 | 000,002,083 | ---- | M] () -- C:\Users\Melinda\Desktop\Play Online Games.lnk
[2012/04/06 00:25:47 | 000,002,044 | ---- | M] () -- C:\Users\Melinda\Desktop\MyPlayCity Games.lnk
[2012/04/04 21:48:27 | 003,136,930 | ---- | M] () -- C:\Users\Melinda\Desktop\Survival.pdf
[2012/04/04 21:34:19 | 003,023,620 | ---- | M] () -- C:\Users\Melinda\Desktop\SurvivalManual.pdf
[2012/04/04 16:36:14 | 000,154,887 | ---- | M] () -- C:\Users\Melinda\Desktop\fixit4me.gadget
[2012/04/04 11:48:27 | 000,000,019 | ---- | M] () -- C:\Users\Melinda\Desktop\channel_ajax
[2012/04/02 21:23:27 | 010,413,632 | ---- | M] () -- C:\Users\Melinda\Desktop\Missing-411.mp3
[2012/03/30 18:31:15 | 000,007,610 | ---- | M] () -- C:\Users\Melinda\AppData\Local\Resmon.ResmonCfg
[2012/03/29 13:06:30 | 000,201,065 | ---- | M] () -- C:\Users\Melinda\Desktop\Volunteer Registration Form 2012-signed.pdf
[2012/03/29 12:43:47 | 000,164,857 | ---- | M] () -- C:\Users\Melinda\Desktop\Volunteer Registration Form 2012.pdf
[2012/03/28 18:04:53 | 002,130,102 | ---- | M] () -- C:\Users\Melinda\Documents\Smiles.bmp
[2012/03/28 18:01:42 | 000,032,585 | ---- | M] () -- C:\Users\Melinda\Documents\Smiles.gif
[2012/03/28 16:41:47 | 000,225,530 | ---- | M] () -- C:\Users\Melinda\Documents\reciept Animals Australia.gif
[2012/03/17 15:15:06 | 000,000,915 | ---- | M] () -- C:\Users\Public\Desktop\iLivid Download Manager.lnk
[2012/03/15 08:47:42 | 000,274,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/03/13 13:45:47 | 000,200,519 | ---- | M] () -- C:\Users\Melinda\Documents\Optus recharge reciept.png
[2012/03/12 21:54:35 | 004,239,590 | ---- | M] () -- C:\Users\Melinda\Desktop\Vegatarian Ebook2.pdf
[2012/03/08 23:29:07 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/03/08 22:45:31 | 000,000,957 | ---- | M] () -- C:\Users\Melinda\Desktop\RegZooka.lnk
[2012/03/08 22:45:18 | 005,650,384 | ---- | M] (ZookaWare) -- C:\Users\Melinda\Desktop\RegZooka.exe
[2012/03/08 22:42:59 | 000,002,016 | -H-- | M] () -- C:\Users\Melinda\Documents\Default.rdp
[2012/03/08 18:37:20 | 000,302,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
[2012/03/07 10:55:27 | 000,001,555 | ---- | M] () -- C:\Users\Melinda\Documents\Did you get this.eml
[2012/03/06 16:23:37 | 005,559,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/03/06 15:29:47 | 003,968,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/03/06 15:29:41 | 003,913,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/03/05 13:28:17 | 000,525,544 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll
[2012/03/05 13:28:17 | 000,191,264 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2012/03/05 13:28:17 | 000,172,320 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2012/03/05 13:28:17 | 000,172,320 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2012/03/05 13:12:43 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012/03/05 13:12:43 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/03/05 13:12:43 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/03/05 13:12:43 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/03/05 12:36:58 | 002,044,252 | ---- | M] () -- C:\Users\Melinda\Desktop\tdsskiller 1.zip
[2012/03/03 12:14:24 | 000,540,162 | ---- | M] () -- C:\Users\Melinda\Desktop\MindSurgePop.pdf
[2012/03/01 16:16:16 | 000,023,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012/03/01 16:08:27 | 000,220,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/03/01 16:03:50 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012/02/28 16:26:48 | 002,311,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/02/28 16:18:57 | 001,493,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/02/28 16:18:36 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/02/28 16:15:47 | 000,818,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/02/28 16:13:16 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/02/28 16:09:50 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/02/28 10:41:21 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/02/28 10:39:51 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/02/28 10:36:48 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/02/28 10:33:31 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/02/28 10:29:59 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/02/27 17:17:45 | 000,029,472 | ---- | M] () -- C:\Users\Melinda\Documents\Veda.pdf
[2012/02/26 20:58:14 | 000,000,291 | ---- | M] () -- C:\Windows\SysWow64\MsiExec.config
[2012/02/26 20:55:57 | 000,000,243 | ---- | M] () -- C:\ProgramData\MusicStation.xml
[2012/02/26 20:55:52 | 000,000,903 | ---- | M] () -- C:\Users\Melinda\Application Data\Microsoft\Internet Explorer\Quick Launch\MusicStation.lnk
[2012/02/26 20:54:31 | 000,001,798 | ---- | M] () -- C:\Users\Melinda\Desktop\MusicStation - Shortcut.lnk
[2012/02/26 20:51:34 | 000,001,556 | ---- | M] () -- C:\Users\Melinda\Desktop\mbam - Shortcut.lnk
[2012/02/26 20:30:40 | 000,001,460 | ---- | M] () -- C:\Users\Melinda\Desktop\avgui - Shortcut.lnk
[2012/02/26 14:32:56 | 001,462,592 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/02/26 12:53:33 | 000,650,538 | ---- | M] () -- C:\Users\Melinda\Desktop\SecurityTaskManager_Manual.pdf
[2012/02/25 18:43:43 | 000,001,542 | ---- | M] () -- C:\Users\Melinda\Desktop\TaskMan - Shortcut.lnk
[2012/02/25 17:59:19 | 002,086,240 | ---- | M] () -- C:\Users\Melinda\Desktop\SecurityTaskManager_Setup.exe
[2012/02/24 16:15:41 | 000,002,093 | ---- | M] () -- C:\Users\Melinda\Application Data\Microsoft\Internet Explorer\Quick Launch\Free YouTube Downloader.lnk
[2012/02/24 15:38:31 | 000,000,123 | ---- | M] () -- C:\Users\Melinda\Desktop\Microsoft Fix it.url
[2012/02/24 08:15:54 | 001,356,320 | ---- | M] () -- C:\Users\Melinda\Desktop\WordsofWisdomCalendar.pdf
[2012/02/24 08:15:17 | 001,191,491 | ---- | M] () -- C:\Users\Melinda\Desktop\GoodVibrations.pdf
[2012/02/24 08:14:50 | 000,727,340 | ---- | M] () -- C:\Users\Melinda\Desktop\ConsciousnessEvolution.pdf
[2012/02/22 12:39:33 | 000,324,377 | ---- | M] () -- C:\Users\Melinda\Desktop\3.Relationships.pdf
[2012/02/22 12:37:39 | 000,198,909 | ---- | M] () -- C:\Users\Melinda\Desktop\2.Power.pdf
[2012/02/22 12:37:10 | 000,211,354 | ---- | M] () -- C:\Users\Melinda\Desktop\1.Money.pdf
[2012/02/21 22:16:05 | 001,147,854 | ---- | M] () -- C:\Users\Melinda\Desktop\equake3d.zip
[2012/02/21 16:19:11 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012/02/21 16:19:10 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2012/02/21 16:19:10 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2012/02/21 16:19:10 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012/02/21 16:19:10 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2012/02/21 16:19:10 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2012/02/21 16:19:10 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012/02/21 16:19:10 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2012/02/21 16:19:10 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012/02/21 16:19:10 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2012/02/21 16:19:10 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012/02/21 16:19:10 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012/02/21 16:19:10 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/02/21 16:19:10 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2012/02/21 16:19:10 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2012/02/21 16:19:10 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012/02/21 16:19:10 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012/02/21 16:19:09 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2012/02/21 16:19:09 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2012/02/21 16:19:09 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2012/02/21 16:19:09 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2012/02/21 16:19:09 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/02/21 16:19:09 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012/02/21 16:19:09 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2012/02/21 16:19:09 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2012/02/21 16:19:09 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2012/02/21 16:19:09 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2012/02/21 16:19:09 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2012/02/21 16:19:09 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012/02/21 16:19:08 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2012/02/21 16:19:08 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2012/02/21 16:19:08 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2012/02/21 16:19:08 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012/02/21 16:19:08 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2012/02/21 16:19:08 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2012/02/21 16:19:08 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2012/02/21 16:19:08 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2012/02/21 16:19:08 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/02/21 16:19:08 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2012/02/21 16:19:08 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2012/02/21 16:19:08 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012/02/21 16:19:08 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012/02/21 16:19:08 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2012/02/21 16:19:08 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2012/02/21 16:19:08 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012/02/21 16:19:08 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2012/02/21 16:19:08 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012/02/21 16:19:08 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2012/02/21 16:19:08 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2012/02/21 16:19:08 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2012/02/21 16:19:08 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2012/02/21 16:19:08 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2012/02/21 16:19:08 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2012/02/21 16:19:08 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012/02/21 16:19:07 | 000,697,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/02/21 16:19:07 | 000,603,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/02/21 16:19:07 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2012/02/21 16:19:07 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2012/02/21 16:19:07 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2012/02/21 16:19:07 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012/02/21 16:19:07 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012/02/21 16:19:07 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012/02/21 16:19:07 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012/02/20 22:45:14 | 192,324,644 | ---- | M] () -- C:\Users\Melinda\Desktop\guyfinley-sevensteps.zip
[2012/02/20 22:15:09 | 000,394,379 | ---- | M] () -- C:\Users\Melinda\Desktop\ThePowerPart2[1].pdf
[2012/02/20 19:29:15 | 002,075,864 | ---- | M] () -- C:\Users\Melinda\Desktop\Read This[1].pdf
[2012/02/20 17:58:55 | 070,433,991 | ---- | M] () -- C:\Users\Melinda\Desktop\blue-sciatica.mp3
[2012/02/20 17:49:46 | 000,235,764 | ---- | M] () -- C:\Users\Melinda\Desktop\sleeplikeababyreport.pdf
[2012/02/20 17:40:21 | 009,186,449 | ---- | M] () -- C:\Users\Melinda\Desktop\Formerly Illegal Treatment Reverses Pain in Minutes.mp3
[2012/02/20 17:19:43 | 008,330,656 | ---- | M] () -- C:\Users\Melinda\Desktop\Prolozone Therapy, Powerful Cure for Pain.mp3
[2012/02/20 17:17:48 | 002,275,936 | ---- | M] () -- C:\Users\Melinda\Desktop\Turbulence-Training-Fat-Loss-Beginner-Programs.pdf
[2012/02/20 17:02:19 | 001,007,901 | ---- | M] () -- C:\Users\Melinda\Desktop\Foods that kill fat.pdf
[2012/02/20 17:01:44 | 001,220,548 | ---- | M] () -- C:\Users\Melinda\Desktop\Stretching_Tips.pdf
[2012/02/20 16:37:28 | 006,093,330 | ---- | M] () -- C:\Users\Melinda\Desktop\BeyondDietMainProduct.zip
[2012/02/17 16:08:26 | 001,031,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012/02/17 15:04:22 | 000,826,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012/02/17 12:00:23 | 000,003,584 | ---- | M] () -- C:\Users\Melinda\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/17 10:25:11 | 000,771,342 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/02/12 20:10:06 | 000,001,136 | ---- | M] () -- C:\Users\Melinda\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup.lnk
[2012/02/12 20:10:06 | 000,001,112 | ---- | M] () -- C:\Users\Melinda\Desktop\AVG PC Tuneup.lnk
[2012/02/12 19:59:38 | 008,351,256 | ---- | M] (AVG ) -- C:\Users\Melinda\Desktop\avg_pct_stf_all_10_27.exe
[2012/02/10 22:58:52 | 000,452,069 | ---- | M] () -- C:\Users\Melinda\Desktop\MessagesFromTheFuture.pdf
[2012/02/10 16:06:07 | 001,544,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/02/08 22:06:46 | 000,003,780 | ---- | M] () -- C:\Users\Melinda\Documents\Resident Shield scan.csv
[2012/02/08 21:13:54 | 000,025,160 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro36.sys
[2012/02/06 18:51:36 | 000,024,572 | ---- | M] () -- C:\Users\Melinda\Documents\AVG Scan 6.2.2012.csv
[2012/02/06 15:42:43 | 000,304,968 | ---- | M] () -- C:\Users\Melinda\Desktop\get_fwndis_noAVG2012_en.exe
[2012/02/05 16:16:52 | 001,182,616 | ---- | M] (PC Drivers HeadQuarters ) -- C:\Users\Melinda\Desktop\DriverDetective.exe
[2012/02/05 13:38:53 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2012/02/05 13:38:53 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavifw.avm
[2012/02/05 13:38:53 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2012/02/05 13:30:47 | 003,968,400 | ---- | M] (AVG Technologies) -- C:\Users\Melinda\Desktop\avg_isc_stb_all_2012_1913.exe
[2012/02/04 12:44:35 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
[2012/02/04 11:48:08 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/02/04 08:31:42 | 000,021,712 | ---- | M] (Phoenix Technologies) -- C:\Windows\SysWow64\drivers\DrvAgent64.SYS
[2012/02/04 08:31:42 | 000,001,088 | ---- | M] () -- C:\Users\Melinda\Desktop\Find Drivers with DriverAgent.lnk
[2012/02/03 23:45:11 | 000,001,097 | ---- | M] () -- C:\Users\Melinda\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/02/03 22:46:12 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.bak
[2012/02/03 01:35:16 | 000,962,530 | ---- | M] () -- C:\Users\Melinda\Desktop\22PowerfulToolsToTransformYourFear_New.pdf
[2012/02/03 01:11:31 | 006,176,103 | ---- | M] () -- C:\Users\Melinda\Desktop\WordsOfWisdom.zip
[2012/02/02 15:48:01 | 000,378,240 | ---- | M] (Neuber Software) -- C:\Users\Melinda\Desktop\SvchostAnalyzer.exe
[2012/02/02 13:13:13 | 059,104,204 | ---- | M] () -- C:\Users\Melinda\Desktop\AlphaMindControl.zip
[2012/02/02 12:18:00 | 000,523,264 | ---- | M] (OldTimer Tools) -- C:\Users\Melinda\Desktop\OTM.exe
[2012/02/02 12:08:20 | 000,000,888 | ---- | M] () -- C:\Users\Melinda\Desktop\NTREGOPT.lnk
[2012/02/02 12:08:20 | 000,000,869 | ---- | M] () -- C:\Users\Melinda\Desktop\ERUNT.lnk
[2012/02/01 21:51:44 | 002,919,658 | ---- | M] () -- C:\Users\Melinda\Documents\Resource and performance log.html
[2012/02/01 21:47:46 | 000,069,632 | ---- | M] () -- C:\Users\Melinda\Documents\event viewer diagnostic performance log.evtx
[2012/02/01 02:10:18 | 000,001,401 | ---- | M] () -- C:\Users\Melinda\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/02/01 00:37:27 | 000,005,850 | ---- | M] () -- C:\Users\Melinda\Documents\email AVG.eml
[2012/01/29 01:48:29 | 000,053,248 | ---- | M] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2012/01/29 01:36:57 | 009,888,872 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysWow64\RtsPStorIcon.dll
[2012/01/29 01:36:55 | 000,339,048 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\drivers\RtsPStor.sys
[2012/01/27 22:22:20 | 001,118,208 | ---- | M] () -- C:\Users\Melinda\Documents\Events 864.evtx

========== Files Created - No Company Name ==========

[2012/04/26 10:56:17 | 000,271,846 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/04/26 08:44:38 | 096,270,290 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/04/21 17:44:53 | 000,003,688 | ---- | C] () -- C:\Users\Melinda\Documents\Contacts.csv
[2012/04/20 15:13:14 | 000,075,941 | ---- | C] () -- C:\Users\Melinda\Desktop\FreeMeter_v1.6.3.zip
[2012/04/17 08:58:48 | 000,624,083 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\iavifw.avm
[2012/04/16 11:56:57 | 000,001,011 | ---- | C] () -- C:\Users\Public\Desktop\Reliance 3G.lnk
[2012/04/10 21:10:55 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2012/04/06 00:25:47 | 000,002,212 | ---- | C] () -- C:\Users\Melinda\Application Data\Microsoft\Internet Explorer\Quick Launch\Call of Atlantis.lnk
[2012/04/06 00:25:47 | 000,002,188 | ---- | C] () -- C:\Users\Melinda\Desktop\Call of Atlantis.lnk
[2012/04/06 00:25:47 | 000,002,083 | ---- | C] () -- C:\Users\Melinda\Desktop\Play Online Games.lnk
[2012/04/06 00:25:47 | 000,002,044 | ---- | C] () -- C:\Users\Melinda\Desktop\MyPlayCity Games.lnk
[2012/04/04 21:48:27 | 003,136,930 | ---- | C] () -- C:\Users\Melinda\Desktop\Survival.pdf
[2012/04/04 21:34:19 | 003,023,620 | ---- | C] () -- C:\Users\Melinda\Desktop\SurvivalManual.pdf
[2012/04/04 16:36:05 | 000,154,887 | ---- | C] () -- C:\Users\Melinda\Desktop\fixit4me.gadget
[2012/04/04 11:48:27 | 000,000,019 | ---- | C] () -- C:\Users\Melinda\Desktop\channel_ajax
[2012/04/02 21:22:13 | 010,413,632 | ---- | C] () -- C:\Users\Melinda\Desktop\Missing-411.mp3
[2012/03/29 13:06:30 | 000,201,065 | ---- | C] () -- C:\Users\Melinda\Desktop\Volunteer Registration Form 2012-signed.pdf
[2012/03/29 12:43:47 | 000,164,857 | ---- | C] () -- C:\Users\Melinda\Desktop\Volunteer Registration Form 2012.pdf
[2012/03/28 18:04:53 | 002,130,102 | ---- | C] () -- C:\Users\Melinda\Documents\Smiles.bmp
[2012/03/28 18:01:40 | 000,032,585 | ---- | C] () -- C:\Users\Melinda\Documents\Smiles.gif
[2012/03/28 16:41:45 | 000,225,530 | ---- | C] () -- C:\Users\Melinda\Documents\reciept Animals Australia.gif
[2012/03/17 15:15:06 | 000,000,915 | ---- | C] () -- C:\Users\Public\Desktop\iLivid Download Manager.lnk
[2012/03/13 13:45:47 | 000,200,519 | ---- | C] () -- C:\Users\Melinda\Documents\Optus recharge reciept.png
[2012/03/12 21:53:52 | 004,239,590 | ---- | C] () -- C:\Users\Melinda\Desktop\Vegatarian Ebook2.pdf
[2012/03/08 22:45:31 | 000,000,957 | ---- | C] () -- C:\Users\Melinda\Desktop\RegZooka.lnk
[2012/03/08 17:51:45 | 000,000,900 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/08 17:51:44 | 000,000,896 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/07 10:55:26 | 000,001,555 | ---- | C] () -- C:\Users\Melinda\Documents\Did you get this.eml
[2012/03/05 12:36:42 | 002,044,252 | ---- | C] () -- C:\Users\Melinda\Desktop\tdsskiller 1.zip
[2012/03/03 12:13:29 | 000,540,162 | ---- | C] () -- C:\Users\Melinda\Desktop\MindSurgePop.pdf
[2012/02/27 17:17:45 | 000,029,472 | ---- | C] () -- C:\Users\Melinda\Documents\Veda.pdf
[2012/02/26 20:55:57 | 000,000,243 | ---- | C] () -- C:\ProgramData\MusicStation.xml
[2012/02/26 20:55:54 | 000,000,291 | ---- | C] () -- C:\Windows\SysWow64\MsiExec.config
[2012/02/26 20:55:52 | 000,000,903 | ---- | C] () -- C:\Users\Melinda\Application Data\Microsoft\Internet Explorer\Quick Launch\MusicStation.lnk
[2012/02/26 20:54:31 | 000,001,798 | ---- | C] () -- C:\Users\Melinda\Desktop\MusicStation - Shortcut.lnk
[2012/02/26 20:51:34 | 000,001,556 | ---- | C] () -- C:\Users\Melinda\Desktop\mbam - Shortcut.lnk
[2012/02/26 20:30:40 | 000,001,460 | ---- | C] () -- C:\Users\Melinda\Desktop\avgui - Shortcut.lnk
[2012/02/26 14:32:49 | 001,462,592 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/02/26 14:11:18 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll0255.old
[2012/02/26 12:53:33 | 000,650,538 | ---- | C] () -- C:\Users\Melinda\Desktop\SecurityTaskManager_Manual.pdf
[2012/02/25 18:43:43 | 000,001,542 | ---- | C] () -- C:\Users\Melinda\Desktop\TaskMan - Shortcut.lnk
[2012/02/25 17:58:31 | 002,086,240 | ---- | C] () -- C:\Users\Melinda\Desktop\SecurityTaskManager_Setup.exe
[2012/02/24 16:15:41 | 000,002,093 | ---- | C] () -- C:\Users\Melinda\Application Data\Microsoft\Internet Explorer\Quick Launch\Free YouTube Downloader.lnk
[2012/02/24 15:38:31 | 000,000,123 | ---- | C] () -- C:\Users\Melinda\Desktop\Microsoft Fix it.url
[2012/02/24 08:15:40 | 001,356,320 | ---- | C] () -- C:\Users\Melinda\Desktop\WordsofWisdomCalendar.pdf
[2012/02/24 08:15:03 | 001,191,491 | ---- | C] () -- C:\Users\Melinda\Desktop\GoodVibrations.pdf
[2012/02/24 08:14:48 | 000,727,340 | ---- | C] () -- C:\Users\Melinda\Desktop\ConsciousnessEvolution.pdf
[2012/02/22 12:39:33 | 000,324,377 | ---- | C] () -- C:\Users\Melinda\Desktop\3.Relationships.pdf
[2012/02/22 12:37:39 | 000,198,909 | ---- | C] () -- C:\Users\Melinda\Desktop\2.Power.pdf
[2012/02/22 12:37:10 | 000,211,354 | ---- | C] () -- C:\Users\Melinda\Desktop\1.Money.pdf
[2012/02/21 22:15:59 | 001,147,854 | ---- | C] () -- C:\Users\Melinda\Desktop\equake3d.zip
[2012/02/21 16:19:10 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/02/21 16:19:07 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012/02/20 22:45:14 | 192,324,644 | ---- | C] () -- C:\Users\Melinda\Desktop\guyfinley-sevensteps.zip
[2012/02/20 22:15:08 | 000,394,379 | ---- | C] () -- C:\Users\Melinda\Desktop\ThePowerPart2[1].pdf
[2012/02/20 19:29:15 | 002,075,864 | ---- | C] () -- C:\Users\Melinda\Desktop\Read This[1].pdf
[2012/02/20 17:58:55 | 070,433,991 | ---- | C] () -- C:\Users\Melinda\Desktop\blue-sciatica.mp3
[2012/02/20 17:49:46 | 000,235,764 | ---- | C] () -- C:\Users\Melinda\Desktop\sleeplikeababyreport.pdf
[2012/02/20 17:40:21 | 009,186,449 | ---- | C] () -- C:\Users\Melinda\Desktop\Formerly Illegal Treatment Reverses Pain in Minutes.mp3
[2012/02/20 17:19:43 | 008,330,656 | ---- | C] () -- C:\Users\Melinda\Desktop\Prolozone Therapy, Powerful Cure for Pain.mp3
[2012/02/20 17:17:48 | 002,275,936 | ---- | C] () -- C:\Users\Melinda\Desktop\Turbulence-Training-Fat-Loss-Beginner-Programs.pdf
[2012/02/20 17:02:19 | 001,007,901 | ---- | C] () -- C:\Users\Melinda\Desktop\Foods that kill fat.pdf
[2012/02/20 17:01:44 | 001,220,548 | ---- | C] () -- C:\Users\Melinda\Desktop\Stretching_Tips.pdf
[2012/02/20 16:37:28 | 006,093,330 | ---- | C] () -- C:\Users\Melinda\Desktop\BeyondDietMainProduct.zip
[2012/02/17 12:00:22 | 000,003,584 | ---- | C] () -- C:\Users\Melinda\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/12 20:10:06 | 000,001,136 | ---- | C] () -- C:\Users\Melinda\Application Data\Microsoft\Internet Explorer\Quick Launch\AVG PC Tuneup.lnk
[2012/02/12 20:10:06 | 000,001,112 | ---- | C] () -- C:\Users\Melinda\Desktop\AVG PC Tuneup.lnk
[2012/02/10 22:58:50 | 000,452,069 | ---- | C] () -- C:\Users\Melinda\Desktop\MessagesFromTheFuture.pdf
[2012/02/08 22:06:46 | 000,003,780 | ---- | C] () -- C:\Users\Melinda\Documents\Resident Shield scan.csv
[2012/02/06 18:51:36 | 000,024,572 | ---- | C] () -- C:\Users\Melinda\Documents\AVG Scan 6.2.2012.csv
[2012/02/06 15:42:43 | 000,304,968 | ---- | C] () -- C:\Users\Melinda\Desktop\get_fwndis_noAVG2012_en.exe
[2012/02/06 11:40:54 | 000,025,160 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro36.sys
[2012/02/05 13:38:53 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2012/02/05 13:38:53 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavifw.avm
[2012/02/05 13:38:53 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2012/02/04 12:44:35 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ew_jubusenum_01007.Wdf
[2012/02/04 11:46:11 | 000,002,471 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/02/04 09:29:00 | 000,074,272 | ---- | C] () -- C:\Windows\SysNative\RtNicProp64.dll
[2012/02/04 08:31:42 | 000,001,088 | ---- | C] () -- C:\Users\Melinda\Desktop\Find Drivers with DriverAgent.lnk
[2012/02/03 23:45:11 | 000,001,097 | ---- | C] () -- C:\Users\Melinda\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/02/03 22:36:54 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/02/03 22:36:54 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/02/03 22:36:54 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/02/03 22:36:54 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/02/03 22:36:54 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/02/03 01:35:16 | 000,962,530 | ---- | C] () -- C:\Users\Melinda\Desktop\22PowerfulToolsToTransformYourFear_New.pdf
[2012/02/03 01:10:27 | 006,176,103 | ---- | C] () -- C:\Users\Melinda\Desktop\WordsOfWisdom.zip
[2012/02/02 12:59:26 | 059,104,204 | ---- | C] () -- C:\Users\Melinda\Desktop\AlphaMindControl.zip
[2012/02/02 12:08:20 | 000,000,888 | ---- | C] () -- C:\Users\Melinda\Desktop\NTREGOPT.lnk
[2012/02/02 12:08:20 | 000,000,869 | ---- | C] () -- C:\Users\Melinda\Desktop\ERUNT.lnk
[2012/02/01 21:52:34 | 002,919,658 | ---- | C] () -- C:\Users\Melinda\Documents\Resource and performance log.html
[2012/02/01 21:47:46 | 000,069,632 | ---- | C] () -- C:\Users\Melinda\Documents\event viewer diagnostic performance log.evtx
[2012/02/01 01:36:54 | 000,002,016 | -H-- | C] () -- C:\Users\Melinda\Documents\Default.rdp
[2012/02/01 00:37:27 | 000,005,850 | ---- | C] () -- C:\Users\Melinda\Documents\email AVG.eml
[2012/01/29 01:16:00 | 000,200,468 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT
[2012/01/27 22:22:20 | 001,118,208 | ---- | C] () -- C:\Users\Melinda\Documents\Events 864.evtx
[2012/01/01 18:20:00 | 000,000,000 | ---- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2012/01/01 18:19:42 | 000,000,000 | ---- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2011/12/27 20:08:35 | 000,007,610 | ---- | C] () -- C:\Users\Melinda\AppData\Local\Resmon.ResmonCfg
[2011/12/10 13:14:27 | 000,771,342 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/12/10 10:06:33 | 000,001,854 | ---- | C] () -- C:\Users\Melinda\AppData\Roaming\GhostObjGAFix.xml
[2011/12/02 20:39:54 | 000,102,912 | ---- | C] () -- C:\Windows\SysWow64\EasyHook64.dll
[2011/12/02 20:39:54 | 000,084,480 | ---- | C] () -- C:\Windows\SysWow64\EasyHook32.dll
[2011/11/30 20:41:00 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/11/30 16:44:26 | 000,000,268 | RH-- | C] () -- C:\Users\Melinda\AppData\Roaming\libiconv
[2011/11/30 16:44:26 | 000,000,268 | RH-- | C] () -- C:\Users\Melinda\AppData\Roaming\laserjet
[2011/11/30 16:44:26 | 000,000,268 | RH-- | C] () -- C:\Users\Melinda\AppData\Roaming\images
[2011/10/21 16:27:54 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/10/21 16:27:54 | 000,217,536 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/10/21 16:22:54 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011/10/21 16:03:04 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011/05/25 07:20:30 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2010/12/21 09:50:14 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2010/12/17 11:07:18 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin

========== LOP Check ==========

[2011/12/31 10:05:15 | 000,000,000 | ---D | M] -- C:\Users\Melinda\AppData\Roaming\Acapela Group
[2012/01/04 11:29:41 | 000,000,000 | ---D | M] -- C:\Users\Melinda\AppData\Roaming\Auslogics
[2012/01/28 21:28:45 | 000,000,000 | ---D | M] -- C:\Users\Melinda\AppData\Roaming\AVG
[2012/01/27 15:11:19 | 000,000,000 | ---D | M] -- C:\Users\Melinda\AppData\Roaming\AVG Secure Search
[2012/02/05 13:39:12 | 000,000,000 | ---D | M] -- C:\Users\Melinda\AppData\Roaming\AVG2012
[2011/12/26 18:00:23 | 000,000,000 | ---D | M] -- C:\Users\Melinda\AppData\Roaming\FixCleaner
[2012/03/19 14:33:24 | 000,000,000 | ---D | M] -- C:\Users\Melinda\AppData\Roaming\ieSpell
[2012/01/01 18:20:00 | 000,000,000 | ---D | M] -- C:\Users\Melinda\AppData\Roaming\Nikon
[2011/12/10 14:58:48 | 000,000,000 | ---D | M] -- C:\Users\Melinda\AppData\Roaming\PC Cleaners
[2012/02/04 07:53:28 | 000,000,000 | ---D | M] -- C:\Users\Melinda\AppData\Roaming\Product_RM
[2012/02/04 08:08:42 | 000,000,000 | ---D | M] -- C:\Users\Melinda\AppData\Roaming\Registry Mechanic
[2012/02/23 18:32:27 | 000,000,000 | ---D | M] -- C:\Users\Melinda\AppData\Roaming\RegZooka
[2012/01/07 19:34:07 | 000,000,000 | ---D | M] -- C:\Users\Melinda\AppData\Roaming\Smart PDF Converter Pro
[2012/04/21 18:07:14 | 000,000,000 | ---D | M] -- C:\Users\Melinda\AppData\Roaming\SoftGrid Client
[2011/08/13 14:33:09 | 000,000,000 | ---D | M] -- C:\Users\Melinda\AppData\Roaming\Synaptics
[2012/01/09 19:10:06 | 000,000,000 | ---D | M] -- C:\Users\Melinda\AppData\Roaming\Systweak
[2011/12/31 10:28:13 | 000,000,000 | ---D | M] -- C:\Users\Melinda\AppData\Roaming\TP
[2011/08/13 14:35:04 | 000,000,000 | ---D | M] -- C:\Users\Melinda\AppData\Roaming\WildTangent
[2011/12/02 22:07:35 | 000,000,000 | ---D | M] -- C:\Users\Melinda\AppData\Roaming\Windows Live Writer
[2012/02/04 16:05:35 | 000,000,000 | ---D | M] -- C:\Users\Melinda\AppData\Roaming\ZumoDrive
[2012/03/26 17:20:44 | 000,032,610 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011/02/26 14:49:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 15:49:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\ERDNT\cache86\explorer.exe
[2011/02/25 15:49:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 15:49:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 15:44:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/21 12:54:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 15:00:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 15:00:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/21 12:54:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/14 10:44:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache86\svchost.exe
[2009/07/14 10:44:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 10:44:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012/01/13 13:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/14 11:09:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\ERDNT\cache64\svchost.exe
[2009/07/14 11:09:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/14 11:09:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/21 12:53:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache86\userinit.exe
[2010/11/21 12:53:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/21 12:53:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/21 12:54:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\ERDNT\cache64\userinit.exe
[2010/11/21 12:54:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/21 12:54:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/21 12:54:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe
[2010/11/21 12:54:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/21 12:54:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2012/01/13 13:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >
"DisplayName" = @%SystemRoot%\system32\drivers\netbt.sys,-2
"Group" = PNP_TDI
"ImagePath" = System32\DRIVERS\netbt.sys
"Description" = @%SystemRoot%\system32\drivers\netbt.sys,-1
"ErrorControl" = 1
"Start" = 1
"Type" = 1
"DependOnService" = Tdxtcpip [binary data]
"Tag" = 87
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage]
"OtherDependencies" = Tcpip [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters]
"BcastNameQueryCount" = 3
"BcastQueryTimeout" = 750
"CacheTimeout" = 600000
"EnableLMHOSTS" = 1
"NameServerPort" = 137
"NameSrvQueryCount" = 3
"NameSrvQueryTimeout" = 1500
"NbProvider" = _tcp
"SessionKeepAlive" = 3600000
"Size/Small/Medium/Large" = 1
"TransportBindName" = \Device\
"UseNewSmb" = 1
"DhcpNodeType" = 8
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{57530E21-4DB5-4EB7-8673-0EA6EDD6AA43}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{808E4596-7271-40D6-A6BF-AD9AC7592073}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{9B2B64CB-6CEB-4628-B274-81517F023C55}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{BC979BD0-7FFE-422C-B54A-97263ABB5C74}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Enum]
"0" = Root\LEGACY_NETBT\0000
"Count" = 1
"NextInstance" = 1

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >
"Type" = 2
"Start" = 1
"ErrorControl" = 1
"Tag" = 2
"ImagePath" = system32\DRIVERS\netbios.sys
"DisplayName" = NetBIOS Interface
"Group" = NetBIOSGroup
"Description" = NetBIOS Interface
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage]
"LanaMap" = 01 07 01 00 01 0B 01 01 01 02 01 04 01 09 01 08 01 06 01 05 01 0C 01 03 [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters]
"MaxLana" = 12
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Enum]
"0" = Root\LEGACY_NETBIOS\0000
"Count" = 1
"NextInstance" = 1

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2012/02/21 16:19:10 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2012/02/21 16:19:10 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2012/02/21 16:19:10 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2012/02/21 16:19:11 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" [2012/02/21 16:19:11 | 000,748,336 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2012/02/21 16:19:08 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2012/02/21 16:19:08 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2012/02/21 16:19:08 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2012/02/21 16:19:11 | 000,748,336 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" [2012/02/21 16:19:11 | 000,748,336 | ---- | M] (Microsoft Corporation)

< C:\Windows\assembly\tmp\U\*.* /s >

< C:\Program Files\Common Files\ComObjects\*.* /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< type c:\diskreport.txt /c >
Microsoft DiskPart version 6.1.7601
Copyright © 1999-2008 Microsoft Corporation.
On computer: KGB
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 E DVD-ROM 0 B No Media
Volume 1 SYSTEM NTFS Partition 199 MB Healthy System
Volume 2 C NTFS Partition 452 GB Healthy Boot
Volume 3 D RECOVERY NTFS Partition 13 GB Healthy
Volume 4 HP_TOOLS FAT32 Partition 103 MB Healthy
Volume 5 F Removable 0 B No Media

========== Alternate Data Streams ==========

@Alternate Data Stream - 764 bytes -> C:\Users\Melinda\Documents\Did you get this.eml:OECustomProperty
@Alternate Data Stream - 550 bytes -> C:\Users\Melinda\Documents\email AVG.eml:OECustomProperty
@Alternate Data Stream - 199 bytes -> C:\ProgramData\Temp:0B4227B4
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:A8ADE5D8
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:D1B5B4F1

< End of report >

Extras.txt
OTL Extras logfile created on: 26/04/2012 6:45:32 PM - Run 6
OTL by OldTimer - Version 3.2.42.1 Folder = C:\Users\Melinda\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.86 Gb Total Physical Memory | 2.67 Gb Available Physical Memory | 69.18% Memory free
7.71 Gb Paging File | 6.33 Gb Available in Paging File | 82.17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.38 Gb Total Space | 392.47 Gb Free Space | 86.76% Space Free | Partition Type: NTFS
Drive D: | 13.08 Gb Total Space | 1.73 Gb Free Space | 13.23% Space Free | Partition Type: NTFS

Computer Name: KGB | User Name: Melinda | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 90 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05B5949C-F1D8-474A-9FB1-6F04C66C35B4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{063885EE-B80D-4789-B8F3-09A2B3B023BB}" = rport=445 | protocol=6 | dir=out | app=system |
"{0BD2D855-6CC4-4990-8650-BC7ABED5E65B}" = rport=138 | protocol=17 | dir=out | app=system |
"{0F88C939-1F75-489C-946C-36D0F2E6F2EB}" = lport=139 | protocol=6 | dir=in | app=system |
"{2A0B0BF8-E71E-482E-9AE3-984B1D08DFE3}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{309BE0E3-7E8A-4BA6-82D5-2C980CC5E4D1}" = lport=137 | protocol=17 | dir=in | app=system |
"{3DA6E5B5-207D-412F-87DA-496D832E113A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{494D4779-E7D8-4076-A1E1-80F8ECAE2B3E}" = lport=445 | protocol=6 | dir=in | app=system |
"{5A0505C3-E5D3-4CBB-BE8D-A69757B180BE}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{97E8B054-87BD-44A1-B941-41FE6183E1EE}" = rport=137 | protocol=17 | dir=out | app=system |
"{9997CBE8-FB6F-4203-BAF8-0C1223AD89FD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A9042525-50E5-46CE-8DED-5B6202CC20F2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{C80208EA-D030-416D-BFF1-1AB8D5EBA334}" = rport=139 | protocol=6 | dir=out | app=system |
"{D3C6522B-B99A-4520-B59E-4E791DBF8D30}" = lport=138 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B27563C-AC72-4982-86E6-9819D09225C5}" = protocol=58 | dir=out | [email protected],-28546 |
"{118C6D42-5C9F-46A6-9B59-17AC1297F75D}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{137B9E5D-B81B-4A6E-BAC8-9B03199991EA}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{14435110-6CF7-47EC-BAA0-6EECC2619BDB}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{16A990AF-8BE7-412A-B528-73CE297DF587}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{392679FA-9C4A-4449-8002-71B7DE25E2B8}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{5D4A001E-DF0C-4141-90D7-E4013D07D3EA}" = protocol=1 | dir=out | [email protected],-28544 |
"{7C9B83D2-54A3-410F-B53A-3E0E9CB723E2}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{8AD5472F-9397-4FAD-8389-D9268B4A8817}" = protocol=1 | dir=in | [email protected],-28543 |
"{96454115-C12C-4314-9814-ABC7F0A861CF}" = protocol=58 | dir=in | [email protected],-28545 |
"{97B641D1-92B1-4965-BE29-C888C0768723}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{ACDAFAB3-CBC8-4134-9C92-118F89457CB9}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{BE35F2B7-1E7C-478D-8D90-74856745DE62}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{E196E3F4-50CF-4B28-A7AA-FA6C40420003}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{EFA33C8C-3758-4B36-BB66-594C0621B1CD}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"TCP Query User{AD51F780-B4F7-4415-969C-E3B1A880A387}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{B19DC599-8F6A-4348-8227-2B320385A23E}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416031FF}" = Java™ 6 Update 31 (64-bit)
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{D050583D-5CEC-47B1-88AA-8B328CAA8621}" = AVG 2012
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E51A1789-9C20-43FC-AF13-C7AC29FAF111}" = AVG 2012
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F83779DF-E1F5-43A2-A7BE-732F856FADB7}" = Microsoft SQL Server Compact 3.5 SP1 x64 English
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"AVG" = AVG 2012
"DriverAgent.exe" = DriverAgent by eSupport.com
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{124DB96E-CBF5-44FB-AB59-7D2444DEC777}" = HP On Screen Display
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}" = iLivid
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9945F35E-85EF-4759-A95C-2E10AA34EA58}" = ESU for Microsoft Windows 7 SP1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4123-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1" = Free YouTube Downloader 3.5.124
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{B014EE44-9197-4513-9613-71E6EB1B514E}" = Nikon Message Center 2
"{B97E3520-C726-475E-BC0C-7561952633AB}" = HP Power Manager
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7231F7C-6530-4E65-ADA6-5B392CF5BEB1}" = Recovery Manager
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DDD62492-32A7-412B-8AF1-2CF032AD42E3}" = ViewNX 2
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E74E7F63-E70F-43f2-873F-35FB66F263B2}" = MusicStation
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F18046C5-1C4E-4BE1-A3D6-A6F970E2E8E8}" = ArcSoft Panorama Maker 5
"{FB83EAC4-E3F6-4666-B45B-44522F2344B6}" = Brother MFL-Pro Suite DCP-J315W
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"AVG Secure Search" = AVG Security Toolbar
"Call of Atlantis_is1" = Call of Atlantis
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"ieSpell" = ieSpell
"iLivid" = iLivid
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"My HP Game Console" = HP Game Console
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"RegZooka" = RegZooka
"Reliance 3G" = Reliance 3G
"Security Task Manager" = Security Task Manager 1.8d
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WT087328" = Blackhawk Striker 2
"WT087330" = Bounce Symphony
"WT087343" = Dora's World Adventure
"WT087361" = FATE
"WT087362" = Final Drive Nitro
"WT087394" = Penguins!
"WT087395" = Poker Superstars III
"WT087396" = Polar Bowler
"WT087397" = Polar Golfer
"WT087428" = Bejeweled 2 Deluxe
"WT087453" = Chuzzle Deluxe
"WT087501" = Plants vs. Zombies
"WT087533" = Zuma Deluxe
"WT089299" = Mystery P.I. - The London Caper
"WT089300" = World Cup Cricket 20-20
"WT089307" = Virtual Villagers 4 - The Tree of Life
"WT089308" = Blasterball 3
"WT089328" = Farm Frenzy
"WT089359" = Cake Mania
"WT089362" = Agatha Christie - Peril at End House

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 23/04/2012 5:42:23 PM | Computer Name = KGB.MEL | Source = WinMgmt | ID = 10
Description =

Error - 23/04/2012 8:38:34 PM | Computer Name = KGB.MEL | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 23/04/2012 11:14:28 PM | Computer Name = KGB.MEL | Source = VSS | ID = 8193
Description =

Error - 24/04/2012 5:05:31 AM | Computer Name = KGB.MEL | Source = WinMgmt | ID = 10
Description =

Error - 24/04/2012 7:55:27 PM | Computer Name = KGB.MEL | Source = WinMgmt | ID = 10
Description =

Error - 25/04/2012 12:11:11 AM | Computer Name = KGB.MEL | Source = WinMgmt | ID = 10
Description =

Error - 25/04/2012 3:37:36 AM | Computer Name = KGB.MEL | Source = WinMgmt | ID = 10
Description =

Error - 25/04/2012 7:11:57 PM | Computer Name = KGB.MEL | Source = WinMgmt | ID = 10
Description =

Error - 26/04/2012 2:10:02 AM | Computer Name = KGB.MEL | Source = WinMgmt | ID = 10
Description =

Error - 26/04/2012 5:16:41 AM | Computer Name = KGB.MEL | Source = VSS | ID = 8193
Description =

[ Hewlett-Packard Events ]
Error - 12/11/2011 11:51:40 PM | Computer Name = Melinda-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\111113022135.xml
File not created by asset agent

[ HP Wireless Assistant Events ]
Error - 13/08/2011 2:00:41 AM | Computer Name = Melinda-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 13/08/2011 2:01:42 AM | Computer Name = Melinda-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 13/08/2011 2:02:42 AM | Computer Name = Melinda-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 13/08/2011 2:03:42 AM | Computer Name = Melinda-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 13/08/2011 2:04:42 AM | Computer Name = Melinda-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 13/08/2011 2:05:42 AM | Computer Name = Melinda-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 13/08/2011 2:06:42 AM | Computer Name = Melinda-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 13/08/2011 2:07:42 AM | Computer Name = Melinda-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 13/08/2011 2:08:42 AM | Computer Name = Melinda-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 13/08/2011 2:09:42 AM | Computer Name = Melinda-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

[ Media Center Events ]
Error - 6/03/2012 7:47:07 PM | Computer Name = Melinda-HP | Source = MCUpdate | ID = 0
Description = 10:16:59 AM - Error connecting to the internet. 10:16:59 AM - Unable
to contact server..

Error - 13/03/2012 7:52:14 PM | Computer Name = Melinda-HP | Source = MCUpdate | ID = 0
Description = 10:22:14 AM - Error connecting to the internet. 10:22:14 AM - Unable
to contact server..

Error - 13/03/2012 7:52:26 PM | Computer Name = Melinda-HP | Source = MCUpdate | ID = 0
Description = 10:22:19 AM - Error connecting to the internet. 10:22:19 AM - Unable
to contact server..

Error - 13/03/2012 8:52:30 PM | Computer Name = Melinda-HP | Source = MCUpdate | ID = 0
Description = 11:22:30 AM - Error connecting to the internet. 11:22:30 AM - Unable
to contact server..

Error - 13/03/2012 8:52:36 PM | Computer Name = Melinda-HP | Source = MCUpdate | ID = 0
Description = 11:22:35 AM - Error connecting to the internet. 11:22:35 AM - Unable
to contact server..

Error - 13/03/2012 9:52:40 PM | Computer Name = Melinda-HP | Source = MCUpdate | ID = 0
Description = 12:22:40 PM - Error connecting to the internet. 12:22:40 PM - Unable
to contact server..

Error - 13/03/2012 9:52:46 PM | Computer Name = Melinda-HP | Source = MCUpdate | ID = 0
Description = 12:22:45 PM - Error connecting to the internet. 12:22:45 PM - Unable
to contact server..

Error - 13/03/2012 10:52:51 PM | Computer Name = Melinda-HP | Source = MCUpdate | ID = 0
Description = 1:22:51 PM - Error connecting to the internet. 1:22:51 PM - Unable
to contact server..

Error - 13/03/2012 10:52:57 PM | Computer Name = Melinda-HP | Source = MCUpdate | ID = 0
Description = 1:22:56 PM - Error connecting to the internet. 1:22:56 PM - Unable
to contact server..

Error - 16/04/2012 6:28:03 PM | Computer Name = KGB.MEL | Source = MCUpdate | ID = 0
Description = 7:57:56 AM - Error connecting to the internet. 7:57:56 AM - Unable
to contact server..

[ System Events ]
Error - 25/04/2012 7:11:17 PM | Computer Name = KGB.MEL | Source = DCOM | ID = 10005
Description =

Error - 25/04/2012 7:11:17 PM | Computer Name = KGB.MEL | Source = Service Control Manager | ID = 7001
Description = The Windows Image Acquisition (WIA) service depends on the Shell Hardware
Detection service which failed to start because of the following error: %%1058

Error - 25/04/2012 7:12:49 PM | Computer Name = KGB.MEL | Source = Service Control Manager | ID = 7000
Description = The HP Support Assistant Service service failed to start due to the
following error: %%3

Error - 25/04/2012 7:12:52 PM | Computer Name = KGB.MEL | Source = WMPNetworkSvc | ID = 866287
Description =

Error - 26/04/2012 2:08:31 AM | Computer Name = KGB.MEL | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\Rtlihvs.dll
Error
Code: 126

Error - 26/04/2012 2:08:37 AM | Computer Name = KGB.MEL | Source = Service Control Manager | ID = 7001
Description = The Windows Image Acquisition (WIA) service depends on the Shell Hardware
Detection service which failed to start because of the following error: %%1058

Error - 26/04/2012 2:09:17 AM | Computer Name = KGB.MEL | Source = DCOM | ID = 10005
Description =

Error - 26/04/2012 2:09:17 AM | Computer Name = KGB.MEL | Source = Service Control Manager | ID = 7001
Description = The Windows Image Acquisition (WIA) service depends on the Shell Hardware
Detection service which failed to start because of the following error: %%1058

Error - 26/04/2012 2:10:52 AM | Computer Name = KGB.MEL | Source = Service Control Manager | ID = 7000
Description = The HP Support Assistant Service service failed to start due to the
following error: %%3

Error - 26/04/2012 2:10:55 AM | Computer Name = KGB.MEL | Source = WMPNetworkSvc | ID = 866287
Description =


< End of report >

aswMBR log
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-26 19:03:31
-----------------------------
19:03:31.069 OS Version: Windows x64 6.1.7601 Service Pack 1
19:03:31.069 Number of processors: 2 586 0x2A07
19:03:31.085 ComputerName: KGB UserName:
19:03:33.175 Initialize success
19:04:11.007 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
19:04:11.007 Disk 0 Vendor: Hitachi_HTS545050B9A300 PB4OCA1G Size: 476940MB BusType: 11
19:04:11.022 Disk 0 MBR read successfully
19:04:11.022 Disk 0 MBR scan
19:04:11.022 Disk 0 Windows 7 default MBR code
19:04:11.038 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
19:04:11.054 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 463242 MB offset 409600
19:04:11.069 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 13394 MB offset 949129216
19:04:11.085 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 976560128
19:04:11.132 Disk 0 scanning C:\Windows\system32\drivers
19:04:18.822 Service scanning
19:04:43.283 Modules scanning
19:04:43.283 Disk 0 trace - called modules:
19:04:43.314 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
19:04:43.314 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004f02160]
19:04:43.330 3 CLASSPNP.SYS[fffff88001b6143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004a13060]
19:04:43.330 Scan finished successfully
19:04:58.212 Disk 0 MBR has been saved successfully to "C:\Users\Melinda\Desktop\MBR.dat"
19:04:58.228 The log file has been saved successfully to "C:\Users\Melinda\Desktop\aswMBR.txt"


Thanks :)
  • 0

#4
CompCav
Posted 26 April 2012 - 05:42 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts

Thanks :)

You are welcome!

Step 1.

Click Start >> Control Panel >> Programs

Uninstall:

iLivid

Step 2.

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run
To disable MBAM
Open the scanner and select the protection tab
Remove the tick from "Start with Windows"
Reboot and then run OTL
Posted Image




  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.

    :OTL
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/we...&l=dis&o=CPNTDF
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://eu.ask.com/we...&l=dis&o=CPNTDF
IE - HKU\S-1-5-21-2138450356-3777672214-2490113955-1000\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekko.com/?s...q={searchTerms}
O3 - HKU\S-1-5-21-2138450356-3777672214-2490113955-1000\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
[2012/03/17 15:19:24 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\Ilivid Player
[2012/03/17 15:15:07 | 000,000,000 | -H-D | C] -- C:\ProgramData\{A37818CF-E0CC-4A13-B685-605AE2F01FD2}
[2012/03/17 15:15:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid
[2012/03/17 15:14:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iLivid
[2012/03/08 22:44:41 | 005,650,384 | ---- | C] (ZookaWare) -- C:\Users\Melinda\Desktop\RegZooka.exe
[2012/02/26 13:52:46 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Local\blekkotb
[2012/02/23 18:32:27 | 000,000,000 | ---D | C] -- C:\Users\Melinda\AppData\Roaming\RegZooka
[2012/02/04 08:08:42 | 000,000,000 | ---D | M] -- C:\Users\Melinda\AppData\Roaming\Registry Mechanic
[2012/02/23 18:32:27 | 000,000,000 | ---D | M] -- C:\Users\Melinda\AppData\Roaming\RegZooka




:files
ipconfig /flushdns /c


:reg


:Commands
[purity]
[resethosts]
[emptytemp]
[createrestorepoint]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.


Step 3.

It looks like you ran ComboFix. Please post the Combofix.txt file it will be at C:\Combofix.txt


Step 4.

Please post:

OTL fix
ComboFix.txt


Please give me an update on your computer issues
  • 1

#5
NoobMel
Posted 27 April 2012 - 03:27 AM

NoobMel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Ok CompCav, I followed you instructions and uninstalled iLivid (tryed to use it once but couln't get it to work anyway), ran OTL fix, had to reboot and now here are the files:
All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
Registry key HKEY_USERS\S-1-5-21-2138450356-3777672214-2490113955-1000\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ not found.
Registry value HKEY_USERS\S-1-5-21-2138450356-3777672214-2490113955-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}\ deleted successfully.
C:\Users\Melinda\AppData\Local\Ilivid Player folder moved successfully.
Folder C:\ProgramData\{A37818CF-E0CC-4A13-B685-605AE2F01FD2}\ not found.
Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid\ not found.
Folder C:\Program Files (x86)\iLivid\ not found.
C:\Users\Melinda\Desktop\RegZooka.exe moved successfully.
C:\Users\Melinda\AppData\Local\blekkotb\data folder moved successfully.
C:\Users\Melinda\AppData\Local\blekkotb folder moved successfully.
C:\Users\Melinda\AppData\Roaming\RegZooka folder moved successfully.
C:\Users\Melinda\AppData\Roaming\Registry Mechanic\CleanReports folder moved successfully.
C:\Users\Melinda\AppData\Roaming\Registry Mechanic folder moved successfully.
Folder C:\Users\Melinda\AppData\Roaming\RegZooka\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Melinda\Desktop\cmd.bat deleted successfully.
C:\Users\Melinda\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Melinda
->Temp folder emptied: 507982 bytes
->Temporary Internet Files folder emptied: 12826802 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 470 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 102350 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67630 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 13.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.42.1 log created on 04272012_182939

Files\Folders moved on Reboot...
C:\Users\Melinda\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...



ComboFix 12-02-02.02 - Melinda 03/02/2012 23:38:21.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.3948.2830 [GMT 10.5:30]
Running from: E:\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Tarma Installer
c:\programdata\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setup.dll
c:\programdata\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\Setup.dat
c:\programdata\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\Setup.exe
c:\programdata\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\Setup.ico
.
.
((((((((((((((((((((((((( Files Created from 2012-01-03 to 2012-02-03 )))))))))))))))))))))))))))))))
.
.
2012-02-03 13:13 . 2012-02-03 13:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-02 11:05 . 2012-02-03 12:56 -------- d-----w- c:\program files (x86)\RegZooka
2012-02-02 06:26 . 2012-02-03 12:56 -------- d-----w- c:\programdata\SecTaskMan
2012-02-02 02:48 . 2012-02-02 02:48 -------- dc----w- C:\_OTM
2012-02-02 02:38 . 2012-02-02 02:39 -------- d-----w- c:\program files (x86)\ERUNT
2012-02-01 10:37 . 2012-02-01 10:37 -------- d-----w- c:\users\Melinda\AppData\Local\CrashDumps
2012-01-28 16:07 . 2012-01-28 16:06 9888872 ----a-w- c:\windows\SysWow64\RtsPStorIcon.dll
2012-01-28 16:07 . 2012-01-28 16:06 339048 ----a-w- c:\windows\system32\drivers\RtsPStor.sys
2012-01-28 15:59 . 2011-01-12 07:21 439320 ----a-w- c:\windows\system32\drivers\iaStor.sys
2012-01-28 15:59 . 2012-01-28 15:59 -------- d-----w- C:\Drivers
2012-01-28 15:51 . 2012-01-28 15:51 -------- d-----w- c:\program files\Realtek
2012-01-28 15:51 . 2012-01-28 15:51 -------- d-----w- c:\windows\SysWow64\RTCOM
2012-01-28 15:45 . 2011-12-12 06:50 100456 ----a-w- c:\windows\system32\RCoInstII64.dll
2012-01-28 15:45 . 2011-12-13 00:31 1698408 ----a-w- c:\windows\RtlExUpd.dll
2012-01-28 15:31 . 2012-01-28 15:31 -------- d-----w- c:\programdata\Drivers.com
2012-01-27 10:53 . 2012-02-03 12:54 -------- d-----w- c:\program files (x86)\AVG
2012-01-27 05:41 . 2012-01-27 05:41 -------- d-----w- c:\users\Melinda\AppData\Roaming\AVG Secure Search
2012-01-15 11:05 . 2012-01-15 11:05 -------- d-----w- c:\windows\Sun
2012-01-12 09:47 . 2012-01-12 10:21 -------- d-----w- c:\program files (x86)\MALWAREBYTES ANTI-MALWARE
2012-01-12 02:19 . 2012-01-12 02:19 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-11 17:05 . 2012-02-03 13:00 -------- d-----w- c:\program files\Google
2012-01-11 17:04 . 2012-02-03 12:56 -------- d-----w- c:\users\Melinda\AppData\Local\Google
2012-01-11 10:41 . 2012-02-01 05:05 -------- d-----w- c:\users\Melinda\AppData\Local\ElevatedDiagnostics
2012-01-11 09:36 . 2012-01-31 16:01 -------- d-----w- c:\users\Melinda\AppData\Local\Diagnostics
2012-01-11 08:03 . 2012-01-11 08:03 -------- d-----w- c:\users\Melinda\AppData\Local\Apps
2012-01-11 05:51 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 05:51 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 05:51 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-11 05:51 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-11 05:51 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 05:51 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-11 05:51 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-11 05:51 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-11 05:22 . 2012-01-11 05:22 -------- d-----w- c:\users\Melinda\AppData\Local\blekkotb
2012-01-10 00:07 . 2012-02-01 04:14 336208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-01-09 09:35 . 2012-01-09 09:35 -------- d-----w- c:\users\Melinda\AppData\Local\Microsoft Help
2012-01-09 09:35 . 2012-01-09 09:35 -------- d-----w- c:\programdata\Microsoft Help
2012-01-07 10:03 . 2012-01-07 10:04 -------- d-----w- c:\users\Melinda\AppData\Roaming\Smart PDF Converter Pro
2012-01-07 10:03 . 2012-01-11 11:50 -------- d-----w- c:\program files\Smart PDF Converter Pro
2012-01-07 03:09 . 2012-01-08 12:12 -------- d-----w- c:\users\Melinda\Tracing
2012-01-05 04:51 . 2012-01-05 04:51 29808 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2012-01-05 04:22 . 2012-01-05 04:22 -------- d-----w- c:\users\Melinda\AppData\Roaming\Malwarebytes
2012-01-05 04:22 . 2012-01-05 05:38 -------- d-----w- c:\programdata\Malwarebytes
2012-01-05 04:22 . 2012-01-05 04:22 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-01-05 04:22 . 2011-12-10 04:54 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-04 23:23 . 2012-02-02 02:22 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-31 07:06 . 2012-01-04 01:23 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2012-01-29 03:28 . 2012-01-04 01:23 336208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-01-28 16:18 . 2011-05-24 21:55 53248 ----a-w- c:\windows\SysWow64\CSVer.dll
2012-01-02 23:38 . 2012-01-02 23:38 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-12-21 02:07 . 2011-12-26 08:21 18816 ----a-w- c:\windows\system32\roboot64.exe
2011-12-10 05:28 . 2011-12-10 05:28 6070544 ----a-w- c:\windows\uninst.exe
2011-12-02 11:09 . 2011-12-02 11:09 84480 ----a-w- c:\windows\SysWow64\EasyHook32.dll
2011-12-02 11:09 . 2011-12-02 11:09 102912 ----a-w- c:\windows\SysWow64\EasyHook64.dll
2011-11-30 07:15 . 2011-11-30 07:15 57344 ----a-r- c:\users\Melinda\AppData\Roaming\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe
2011-11-30 07:14 . 2011-11-30 07:14 106496 ----a-w- c:\windows\SysWow64\ATL71.DLL
2011-11-29 15:51 . 2011-12-10 03:57 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8ADD330B-CCAE-43EC-8B7D-033344703285}\mpengine.dll
2011-11-24 04:52 . 2011-12-14 05:58 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-09 19:24 . 2011-04-09 23:51 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2010-02-09 2621440]
.
c:\users\Melinda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-11 136176]
R2 HP Support Assistant Service;HP Support Assistant Service; [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-11 136176]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-17 98208]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 DCService.exe;DCService.exe;c:\programdata\DatacardService\DCService.exe [2010-08-19 229376]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-12 13336]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-01-28 2429544]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-09-13 508264]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-31 2656280]
S3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe [2010-01-24 245760]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-13 219496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-11 17:04]
.
2012-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-11 17:04]
.
2012-01-09 c:\windows\Tasks\HPCeeScheduleForMelinda.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-21 416024]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-21 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-21 392472]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
IE: &ieSpell Options - c:\program files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: Lookup on Merriam Webster - file://c:\program files (x86)\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files (x86)\ieSpell\wikipedia.HTM
IE: Search the Web - c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
TCP: DhcpNameServer = 139.130.4.4 203.50.2.71
TCP: Interfaces\{65561D63-3AC7-445A-8794-41F926044C0F}: NameServer = 198.142.0.51 61.88.88.88
TCP: Interfaces\{7A0C8353-E990-4B89-A449-BEE7F31D002C}: NameServer = 198.142.0.51 61.88.88.88
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-Adobe Reader Speed Launcher - c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
Wow6432Node-HKLM-Run-ROC_roc_dec12 - c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-02-03 23:50:19 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-03 13:20
.
Pre-Run: 447,614,717,952 bytes free
Post-Run: 447,161,847,808 bytes free
.
- - End Of File - - 5880154E63AE984DB71C0BFC458DFE70

I hope these shed some light on things. :)
  • 0

#6
CompCav
Posted 27 April 2012 - 07:35 AM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Step 1.

Download the latest version of TDSSKiller from here and save it to your Desktop.


  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    Posted Image
  • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    Posted Image
  • Click the Start Scan button.

    Posted Image
  • If a suspicious object is detected, the default action will be Skip, click on Continue.

    Posted Image
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

    Posted Image
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 2.

Delete the Combofix on your desktop if you still have it.


Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop * IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.
Accept the disclaimer and allow to update if it asks

Posted Image

Posted Image

When finished, it produces a log for you.
Please include the C:\ComboFix.txt in your next reply.



Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

After the run you may have internet problems or access to somethng problems. Simply reboot the computer.

Step 3.

Please post:

TDSSKiller log
Combofix.txt


Give me an update on the issues that remain.
  • 1

#7
NoobMel
Posted 30 April 2012 - 03:36 AM

NoobMel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Hi CompCav, I've spent the last few days seeing if the previous issues are still present, most have gone but my laptop still takes nearly 2 min to shut down and I noticed the strange noise (this has been happening periodically) occurred during the first shutdown after running TDSKiller and Combofix. This noise I would liken to an old style film camera taking a photo, crossed with the noise windows 7 recycle bin makes when its emptied. I still have to exit IE sometimes as it starts to use between 35-47% CPU (not sure if this is normal) I usually have 2-3 tabs open. I have gone in to Task Manager and ended the IE that is using so much CPU but then another one jumps up so I have to end up closing all. I haven't tried using my Optus still yet(I'm worried it will start all the problems back up). It is still running through Reliance 3G which when I first connect it up loads over 1MB. Should I try the Optus(Reliance 3G)broadband now?
Here are the files that were made,
09:51:27.0962 5420 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
09:51:29.0975 5420 ============================================================
09:51:29.0975 5420 Current date / time: 2012/04/28 09:51:29.0975
09:51:29.0975 5420 SystemInfo:
09:51:29.0975 5420
09:51:29.0975 5420 OS Version: 6.1.7601 ServicePack: 1.0
09:51:29.0975 5420 Product type: Workstation
09:51:29.0975 5420 ComputerName: KGB
09:51:29.0975 5420 UserName: Melinda
09:51:29.0975 5420 Windows directory: C:\Windows
09:51:29.0975 5420 System windows directory: C:\Windows
09:51:29.0975 5420 Running under WOW64
09:51:29.0975 5420 Processor architecture: Intel x64
09:51:29.0975 5420 Number of processors: 2
09:51:29.0975 5420 Page size: 0x1000
09:51:29.0975 5420 Boot type: Normal boot
09:51:29.0975 5420 ============================================================
09:51:31.0628 5420 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:51:31.0706 5420 ============================================================
09:51:31.0706 5420 \Device\Harddisk0\DR0:
09:51:31.0706 5420 MBR partitions:
09:51:31.0706 5420 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
09:51:31.0706 5420 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x388C5000
09:51:31.0706 5420 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x38929000, BlocksNum 0x1A29000
09:51:31.0706 5420 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x33830
09:51:31.0706 5420 ============================================================
09:51:31.0737 5420 C: <-> \Device\Harddisk0\DR0\Partition1
09:51:31.0784 5420 D: <-> \Device\Harddisk0\DR0\Partition2
09:51:31.0784 5420 ============================================================
09:51:31.0784 5420 Initialize success
09:51:31.0784 5420 ============================================================
09:53:20.0485 5156 ============================================================
09:53:20.0485 5156 Scan started
09:53:20.0485 5156 Mode: Manual; SigCheck; TDLFS;
09:53:20.0485 5156 ============================================================
09:53:21.0842 5156 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
09:53:21.0936 5156 1394ohci - ok
09:53:22.0076 5156 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
09:53:22.0108 5156 ACDaemon - ok
09:53:22.0170 5156 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
09:53:22.0186 5156 ACPI - ok
09:53:22.0217 5156 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
09:53:22.0279 5156 AcpiPmi - ok
09:53:22.0342 5156 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
09:53:22.0357 5156 AdobeARMservice - ok
09:53:22.0420 5156 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
09:53:22.0451 5156 adp94xx - ok
09:53:22.0498 5156 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
09:53:22.0513 5156 adpahci - ok
09:53:22.0544 5156 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
09:53:22.0560 5156 adpu320 - ok
09:53:22.0591 5156 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
09:53:22.0700 5156 AeLookupSvc - ok
09:53:22.0794 5156 AERTFilters (d1e343bc00136ce03c4d403194d06a80) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
09:53:22.0794 5156 AERTFilters - ok
09:53:22.0856 5156 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
09:53:22.0903 5156 AFD - ok
09:53:22.0934 5156 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
09:53:22.0950 5156 agp440 - ok
09:53:22.0981 5156 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
09:53:23.0012 5156 ALG - ok
09:53:23.0059 5156 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
09:53:23.0059 5156 aliide - ok
09:53:23.0075 5156 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
09:53:23.0090 5156 amdide - ok
09:53:23.0106 5156 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
09:53:23.0137 5156 AmdK8 - ok
09:53:23.0153 5156 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
09:53:23.0168 5156 AmdPPM - ok
09:53:23.0215 5156 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
09:53:23.0231 5156 amdsata - ok
09:53:23.0262 5156 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
09:53:23.0278 5156 amdsbs - ok
09:53:23.0293 5156 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
09:53:23.0293 5156 amdxata - ok
09:53:23.0418 5156 AppHostSvc (59d01fa91962c9c1e9b4022b2d3b46db) C:\Windows\system32\inetsrv\apphostsvc.dll
09:53:23.0449 5156 AppHostSvc - ok
09:53:23.0496 5156 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
09:53:23.0543 5156 AppID - ok
09:53:23.0558 5156 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
09:53:23.0605 5156 AppIDSvc - ok
09:53:23.0636 5156 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
09:53:23.0699 5156 Appinfo - ok
09:53:23.0761 5156 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
09:53:23.0777 5156 arc - ok
09:53:23.0792 5156 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
09:53:23.0808 5156 arcsas - ok
09:53:23.0824 5156 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
09:53:23.0886 5156 AsyncMac - ok
09:53:23.0902 5156 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
09:53:23.0902 5156 atapi - ok
09:53:23.0964 5156 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
09:53:24.0026 5156 AudioEndpointBuilder - ok
09:53:24.0026 5156 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
09:53:24.0073 5156 AudioSrv - ok
09:53:24.0120 5156 Avgfwfd (96b4456f1dca4eda506ed31c7d2d6b05) C:\Windows\system32\DRIVERS\avgfwd6a.sys
09:53:24.0120 5156 Avgfwfd - ok
09:53:24.0307 5156 avgfws (5cd22eb540f82c70e33e530003f3903b) C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
09:53:24.0354 5156 avgfws - ok
09:53:24.0541 5156 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
09:53:24.0619 5156 AVGIDSAgent - ok
09:53:24.0760 5156 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
09:53:24.0775 5156 AVGIDSDriver - ok
09:53:24.0791 5156 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
09:53:24.0806 5156 AVGIDSEH - ok
09:53:24.0806 5156 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
09:53:24.0822 5156 AVGIDSFilter - ok
09:53:24.0838 5156 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys
09:53:24.0853 5156 Avgldx64 - ok
09:53:24.0869 5156 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys
09:53:24.0884 5156 Avgmfx64 - ok
09:53:24.0916 5156 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys
09:53:24.0931 5156 Avgrkx64 - ok
09:53:24.0962 5156 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys
09:53:24.0978 5156 Avgtdia - ok
09:53:25.0056 5156 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
09:53:25.0072 5156 avgwd - ok
09:53:25.0118 5156 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
09:53:25.0150 5156 AxInstSV - ok
09:53:25.0196 5156 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
09:53:25.0243 5156 b06bdrv - ok
09:53:25.0306 5156 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
09:53:25.0337 5156 b57nd60a - ok
09:53:25.0415 5156 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys
09:53:25.0477 5156 BCM43XX - ok
09:53:25.0508 5156 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
09:53:25.0540 5156 BDESVC - ok
09:53:25.0618 5156 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
09:53:25.0664 5156 Beep - ok
09:53:25.0742 5156 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
09:53:25.0805 5156 BFE - ok
09:53:25.0867 5156 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
09:53:25.0930 5156 BITS - ok
09:53:25.0992 5156 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
09:53:26.0039 5156 blbdrive - ok
09:53:26.0086 5156 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
09:53:26.0132 5156 bowser - ok
09:53:26.0164 5156 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
09:53:26.0179 5156 BrFiltLo - ok
09:53:26.0195 5156 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
09:53:26.0210 5156 BrFiltUp - ok
09:53:26.0288 5156 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
09:53:26.0320 5156 BridgeMP - ok
09:53:26.0366 5156 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
09:53:26.0429 5156 Browser - ok
09:53:26.0460 5156 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
09:53:26.0507 5156 Brserid - ok
09:53:26.0538 5156 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
09:53:26.0554 5156 BrSerWdm - ok
09:53:26.0585 5156 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
09:53:26.0616 5156 BrUsbMdm - ok
09:53:26.0647 5156 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
09:53:26.0678 5156 BrUsbSer - ok
09:53:27.0006 5156 BrYNSvc (ea7e57f87d6fee5fd6c5f813c04e8cd2) C:\Program Files (x86)\Browny02\BrYNSvc.exe
09:53:27.0006 5156 BrYNSvc ( UnsignedFile.Multi.Generic ) - warning
09:53:27.0006 5156 BrYNSvc - detected UnsignedFile.Multi.Generic (1)
09:53:27.0022 5156 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
09:53:27.0053 5156 BTHMODEM - ok
09:53:27.0100 5156 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
09:53:27.0146 5156 bthserv - ok
09:53:27.0178 5156 catchme - ok
09:53:27.0224 5156 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
09:53:27.0271 5156 cdfs - ok
09:53:27.0334 5156 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
09:53:27.0365 5156 cdrom - ok
09:53:27.0412 5156 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
09:53:27.0458 5156 CertPropSvc - ok
09:53:27.0505 5156 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
09:53:27.0536 5156 circlass - ok
09:53:27.0568 5156 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
09:53:27.0583 5156 CLFS - ok
09:53:27.0677 5156 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:53:27.0677 5156 clr_optimization_v2.0.50727_32 - ok
09:53:27.0724 5156 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
09:53:27.0739 5156 clr_optimization_v2.0.50727_64 - ok
09:53:27.0848 5156 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:53:27.0864 5156 clr_optimization_v4.0.30319_32 - ok
09:53:27.0911 5156 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
09:53:27.0926 5156 clr_optimization_v4.0.30319_64 - ok
09:53:27.0958 5156 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
09:53:27.0989 5156 CmBatt - ok
09:53:28.0004 5156 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
09:53:28.0004 5156 cmdide - ok
09:53:28.0067 5156 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
09:53:28.0098 5156 CNG - ok
09:53:28.0129 5156 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
09:53:28.0145 5156 Compbatt - ok
09:53:28.0176 5156 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
09:53:28.0192 5156 CompositeBus - ok
09:53:28.0207 5156 COMSysApp - ok
09:53:28.0238 5156 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
09:53:28.0254 5156 crcdisk - ok
09:53:28.0301 5156 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
09:53:28.0348 5156 CryptSvc - ok
09:53:28.0519 5156 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
09:53:28.0535 5156 cvhsvc - ok
09:53:28.0613 5156 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
09:53:28.0675 5156 DcomLaunch - ok
09:53:28.0706 5156 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
09:53:28.0769 5156 defragsvc - ok
09:53:28.0800 5156 dfg - ok
09:53:28.0847 5156 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
09:53:28.0909 5156 DfsC - ok
09:53:28.0987 5156 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
09:53:29.0034 5156 Dhcp - ok
09:53:29.0065 5156 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
09:53:29.0112 5156 discache - ok
09:53:29.0174 5156 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
09:53:29.0190 5156 Disk - ok
09:53:29.0221 5156 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
09:53:29.0252 5156 Dnscache - ok
09:53:29.0299 5156 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
09:53:29.0346 5156 dot3svc - ok
09:53:29.0362 5156 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
09:53:29.0424 5156 DPS - ok
09:53:29.0455 5156 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
09:53:29.0486 5156 drmkaud - ok
09:53:29.0611 5156 DrvAgent64 (1ed08a6264c5c92099d6d1dae5e8f530) C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS
09:53:29.0611 5156 DrvAgent64 - ok
09:53:29.0674 5156 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
09:53:29.0705 5156 DXGKrnl - ok
09:53:29.0720 5156 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
09:53:29.0767 5156 EapHost - ok
09:53:29.0923 5156 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
09:53:29.0970 5156 ebdrv - ok
09:53:30.0079 5156 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
09:53:30.0110 5156 EFS - ok
09:53:30.0204 5156 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
09:53:30.0251 5156 ehRecvr - ok
09:53:30.0313 5156 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
09:53:30.0329 5156 ehSched - ok
09:53:30.0438 5156 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
09:53:30.0454 5156 elxstor - ok
09:53:30.0469 5156 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
09:53:30.0500 5156 ErrDev - ok
09:53:30.0563 5156 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
09:53:30.0625 5156 EventSystem - ok
09:53:30.0656 5156 ewusbnet (d83eb7ade99d99a4cd6568ac1261d35e) C:\Windows\system32\DRIVERS\ewusbnet.sys
09:53:30.0875 5156 ewusbnet - ok
09:53:30.0984 5156 ew_hwusbdev (86f7951bbcee4a86e79a97306bd14318) C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
09:53:31.0015 5156 ew_hwusbdev - ok
09:53:31.0093 5156 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
09:53:31.0124 5156 exfat - ok
09:53:31.0156 5156 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
09:53:31.0202 5156 fastfat - ok
09:53:31.0265 5156 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
09:53:31.0327 5156 Fax - ok
09:53:31.0343 5156 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
09:53:31.0374 5156 fdc - ok
09:53:31.0405 5156 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
09:53:31.0452 5156 fdPHost - ok
09:53:31.0483 5156 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
09:53:31.0530 5156 FDResPub - ok
09:53:31.0546 5156 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
09:53:31.0561 5156 FileInfo - ok
09:53:31.0577 5156 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
09:53:31.0624 5156 Filetrace - ok
09:53:31.0655 5156 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
09:53:31.0655 5156 flpydisk - ok
09:53:31.0702 5156 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
09:53:31.0717 5156 FltMgr - ok
09:53:31.0780 5156 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
09:53:31.0826 5156 FontCache - ok
09:53:31.0936 5156 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
09:53:31.0951 5156 FontCache3.0.0.0 - ok
09:53:31.0982 5156 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
09:53:31.0998 5156 FsDepends - ok
09:53:32.0138 5156 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
09:53:32.0154 5156 Fs_Rec - ok
09:53:32.0248 5156 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
09:53:32.0263 5156 fvevol - ok
09:53:32.0310 5156 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
09:53:32.0326 5156 gagp30kx - ok
09:53:32.0419 5156 GameConsoleService (d154305de6090e6e84e525f84bb08a06) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
09:53:32.0435 5156 GameConsoleService - ok
09:53:32.0513 5156 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
09:53:32.0560 5156 gpsvc - ok
09:53:32.0669 5156 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:53:32.0684 5156 gupdate - ok
09:53:32.0700 5156 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
09:53:32.0716 5156 gupdatem - ok
09:53:32.0731 5156 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
09:53:32.0778 5156 hcw85cir - ok
09:53:32.0825 5156 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
09:53:32.0840 5156 HdAudAddService - ok
09:53:32.0872 5156 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
09:53:32.0903 5156 HDAudBus - ok
09:53:32.0934 5156 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
09:53:32.0950 5156 HidBatt - ok
09:53:32.0965 5156 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
09:53:32.0996 5156 HidBth - ok
09:53:33.0043 5156 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
09:53:33.0059 5156 HidIr - ok
09:53:33.0090 5156 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
09:53:33.0137 5156 hidserv - ok
09:53:33.0184 5156 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
09:53:33.0184 5156 HidUsb - ok
09:53:33.0215 5156 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
09:53:33.0277 5156 hkmsvc - ok
09:53:33.0308 5156 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
09:53:33.0340 5156 HomeGroupListener - ok
09:53:33.0386 5156 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
09:53:33.0402 5156 HomeGroupProvider - ok
09:53:33.0527 5156 HPClientSvc (3dc11a802353401332d49c3cbfbbe5fc) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
09:53:33.0542 5156 HPClientSvc - ok
09:53:33.0574 5156 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
09:53:33.0589 5156 HpSAMD - ok
09:53:33.0636 5156 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
09:53:33.0698 5156 HTTP - ok
09:53:33.0745 5156 huawei_enumerator (c2212c930d7a6cc21972b9882683d271) C:\Windows\system32\DRIVERS\ew_jubusenum.sys
09:53:33.0792 5156 huawei_enumerator - ok
09:53:33.0823 5156 hwdatacard (6e05228393cd614b983568ec40c262c3) C:\Windows\system32\DRIVERS\ewusbmdm.sys
09:53:33.0870 5156 hwdatacard - ok
09:53:33.0948 5156 HWDeviceService64.exe - ok
09:53:33.0979 5156 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
09:53:33.0995 5156 hwpolicy - ok
09:53:34.0042 5156 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
09:53:34.0057 5156 i8042prt - ok
09:53:34.0120 5156 iaStor (d469b77687e12fe43e344806740b624d) C:\Windows\system32\DRIVERS\iaStor.sys
09:53:34.0135 5156 iaStor - ok
09:53:34.0182 5156 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
09:53:34.0198 5156 iaStorV - ok
09:53:34.0463 5156 IconMan_R (3cc7b3bb1a9ea201a040883edfaa67a0) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
09:53:34.0541 5156 IconMan_R - ok
09:53:34.0697 5156 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
09:53:34.0697 5156 IDriverT ( UnsignedFile.Multi.Generic ) - warning
09:53:34.0697 5156 IDriverT - detected UnsignedFile.Multi.Generic (1)
09:53:34.0806 5156 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
09:53:34.0837 5156 idsvc - ok
09:53:35.0414 5156 igfx (0089b53f1befd34b7d8ca4ab021335fa) C:\Windows\system32\DRIVERS\igdkmd64.sys
09:53:35.0742 5156 igfx - ok
09:53:35.0882 5156 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
09:53:35.0898 5156 iirsp - ok
09:53:35.0960 5156 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
09:53:36.0007 5156 IKEEXT - ok
09:53:36.0288 5156 IntcAzAudAddService (150ac23f21dbdbf8488408ba944b0d65) C:\Windows\system32\drivers\RTKVHD64.sys
09:53:36.0366 5156 IntcAzAudAddService - ok
09:53:36.0491 5156 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
09:53:36.0506 5156 intelide - ok
09:53:36.0538 5156 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
09:53:36.0569 5156 intelppm - ok
09:53:36.0616 5156 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
09:53:36.0662 5156 IPBusEnum - ok
09:53:36.0694 5156 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
09:53:36.0725 5156 IpFilterDriver - ok
09:53:36.0787 5156 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
09:53:36.0850 5156 iphlpsvc - ok
09:53:36.0881 5156 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
09:53:36.0912 5156 IPMIDRV - ok
09:53:36.0928 5156 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
09:53:36.0974 5156 IPNAT - ok
09:53:36.0990 5156 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
09:53:37.0006 5156 IRENUM - ok
09:53:37.0021 5156 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
09:53:37.0021 5156 isapnp - ok
09:53:37.0052 5156 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
09:53:37.0052 5156 iScsiPrt - ok
09:53:37.0099 5156 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
09:53:37.0099 5156 kbdclass - ok
09:53:37.0130 5156 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
09:53:37.0146 5156 kbdhid - ok
09:53:37.0193 5156 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
09:53:37.0208 5156 KeyIso - ok
09:53:37.0224 5156 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
09:53:37.0224 5156 KSecDD - ok
09:53:37.0271 5156 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
09:53:37.0286 5156 KSecPkg - ok
09:53:37.0318 5156 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
09:53:37.0364 5156 ksthunk - ok
09:53:37.0411 5156 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
09:53:37.0458 5156 KtmRm - ok
09:53:37.0520 5156 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
09:53:37.0567 5156 LanmanServer - ok
09:53:37.0598 5156 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
09:53:37.0645 5156 LanmanWorkstation - ok
09:53:37.0708 5156 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
09:53:37.0754 5156 lltdio - ok
09:53:37.0801 5156 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
09:53:37.0864 5156 lltdsvc - ok
09:53:37.0879 5156 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
09:53:37.0926 5156 lmhosts - ok
09:53:38.0020 5156 LMS (d7e0bed3ea21d7bddd410ade51708d90) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
09:53:38.0035 5156 LMS - ok
09:53:38.0082 5156 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
09:53:38.0098 5156 LSI_FC - ok
09:53:38.0113 5156 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
09:53:38.0129 5156 LSI_SAS - ok
09:53:38.0144 5156 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
09:53:38.0160 5156 LSI_SAS2 - ok
09:53:38.0191 5156 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
09:53:38.0207 5156 LSI_SCSI - ok
09:53:38.0238 5156 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
09:53:38.0285 5156 luafv - ok
09:53:38.0347 5156 mbamchameleon (51914228d4b9610fba24f249c0fdd871) C:\Windows\system32\drivers\mbamchameleon.sys
09:53:38.0347 5156 mbamchameleon - ok
09:53:38.0425 5156 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
09:53:38.0425 5156 MBAMProtector - ok
09:53:38.0503 5156 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
09:53:38.0534 5156 MBAMService - ok
09:53:38.0581 5156 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
09:53:38.0597 5156 Mcx2Svc - ok
09:53:38.0628 5156 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
09:53:38.0628 5156 megasas - ok
09:53:38.0675 5156 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
09:53:38.0690 5156 MegaSR - ok
09:53:38.0722 5156 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
09:53:38.0737 5156 MEIx64 - ok
09:53:38.0784 5156 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
09:53:38.0831 5156 MMCSS - ok
09:53:38.0862 5156 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
09:53:38.0909 5156 Modem - ok
09:53:38.0940 5156 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
09:53:38.0971 5156 monitor - ok
09:53:39.0018 5156 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
09:53:39.0034 5156 mouclass - ok
09:53:39.0065 5156 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
09:53:39.0065 5156 mouhid - ok
09:53:39.0127 5156 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
09:53:39.0127 5156 mountmgr - ok
09:53:39.0158 5156 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
09:53:39.0174 5156 mpio - ok
09:53:39.0190 5156 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
09:53:39.0236 5156 mpsdrv - ok
09:53:39.0283 5156 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
09:53:39.0346 5156 MpsSvc - ok
09:53:39.0377 5156 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
09:53:39.0408 5156 MRxDAV - ok
09:53:39.0439 5156 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
09:53:39.0486 5156 mrxsmb - ok
09:53:39.0517 5156 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
09:53:39.0533 5156 mrxsmb10 - ok
09:53:39.0548 5156 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
09:53:39.0564 5156 mrxsmb20 - ok
09:53:39.0580 5156 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
09:53:39.0595 5156 msahci - ok
09:53:39.0611 5156 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
09:53:39.0626 5156 msdsm - ok
09:53:39.0658 5156 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
09:53:39.0689 5156 MSDTC - ok
09:53:39.0720 5156 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
09:53:39.0767 5156 Msfs - ok
09:53:39.0782 5156 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
09:53:39.0829 5156 mshidkmdf - ok
09:53:39.0845 5156 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
09:53:39.0860 5156 msisadrv - ok
09:53:39.0892 5156 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
09:53:39.0923 5156 MSiSCSI - ok
09:53:39.0923 5156 msiserver - ok
09:53:39.0954 5156 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
09:53:40.0001 5156 MSKSSRV - ok
09:53:40.0032 5156 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
09:53:40.0079 5156 MSPCLOCK - ok
09:53:40.0079 5156 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
09:53:40.0126 5156 MSPQM - ok
09:53:40.0157 5156 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
09:53:40.0188 5156 MsRPC - ok
09:53:40.0219 5156 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
09:53:40.0219 5156 mssmbios - ok
09:53:40.0266 5156 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
09:53:40.0313 5156 MSTEE - ok
09:53:40.0328 5156 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
09:53:40.0344 5156 MTConfig - ok
09:53:40.0375 5156 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
09:53:40.0375 5156 Mup - ok
09:53:40.0422 5156 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
09:53:40.0484 5156 napagent - ok
09:53:40.0547 5156 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
09:53:40.0578 5156 NativeWifiP - ok
09:53:40.0640 5156 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
09:53:40.0672 5156 NDIS - ok
09:53:40.0672 5156 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
09:53:40.0718 5156 NdisCap - ok
09:53:40.0734 5156 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
09:53:40.0781 5156 NdisTapi - ok
09:53:40.0812 5156 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
09:53:40.0859 5156 Ndisuio - ok
09:53:40.0874 5156 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
09:53:40.0921 5156 NdisWan - ok
09:53:40.0952 5156 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
09:53:40.0984 5156 NDProxy - ok
09:53:40.0984 5156 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
09:53:41.0046 5156 NetBIOS - ok
09:53:41.0062 5156 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
09:53:41.0108 5156 NetBT - ok
09:53:41.0140 5156 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
09:53:41.0155 5156 Netlogon - ok
09:53:41.0218 5156 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
09:53:41.0296 5156 Netman - ok
09:53:41.0327 5156 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
09:53:41.0389 5156 netprofm - ok
09:53:41.0467 5156 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:53:41.0483 5156 NetTcpPortSharing - ok
09:53:41.0514 5156 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
09:53:41.0530 5156 nfrd960 - ok
09:53:41.0576 5156 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
09:53:41.0639 5156 NlaSvc - ok
09:53:41.0670 5156 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
09:53:41.0717 5156 Npfs - ok
09:53:41.0717 5156 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
09:53:41.0764 5156 nsi - ok
09:53:41.0779 5156 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
09:53:41.0826 5156 nsiproxy - ok
09:53:41.0935 5156 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
09:53:41.0982 5156 Ntfs - ok
09:53:42.0076 5156 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
09:53:42.0122 5156 Null - ok
09:53:42.0169 5156 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
09:53:42.0200 5156 NVENETFD - ok
09:53:42.0247 5156 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
09:53:42.0263 5156 nvraid - ok
09:53:42.0419 5156 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
09:53:42.0419 5156 nvstor - ok
09:53:42.0450 5156 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
09:53:42.0466 5156 nv_agp - ok
09:53:42.0481 5156 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
09:53:42.0497 5156 ohci1394 - ok
09:53:42.0575 5156 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:53:42.0590 5156 ose - ok
09:53:42.0887 5156 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
09:53:42.0996 5156 osppsvc - ok
09:53:43.0168 5156 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
09:53:43.0214 5156 p2pimsvc - ok
09:53:43.0246 5156 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
09:53:43.0261 5156 p2psvc - ok
09:53:43.0324 5156 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
09:53:43.0324 5156 Parport - ok
09:53:43.0355 5156 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
09:53:43.0370 5156 partmgr - ok
09:53:43.0417 5156 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
09:53:43.0448 5156 PcaSvc - ok
09:53:43.0495 5156 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
09:53:43.0511 5156 pci - ok
09:53:43.0526 5156 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
09:53:43.0542 5156 pciide - ok
09:53:43.0573 5156 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
09:53:43.0573 5156 pcmcia - ok
09:53:43.0589 5156 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
09:53:43.0604 5156 pcw - ok
09:53:43.0667 5156 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
09:53:43.0729 5156 PEAUTH - ok
09:53:43.0823 5156 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
09:53:43.0854 5156 PerfHost - ok
09:53:43.0948 5156 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
09:53:44.0026 5156 pla - ok
09:53:44.0072 5156 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
09:53:44.0119 5156 PlugPlay - ok
09:53:44.0150 5156 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
09:53:44.0166 5156 PNRPAutoReg - ok
09:53:44.0213 5156 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
09:53:44.0228 5156 PNRPsvc - ok
09:53:44.0275 5156 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
09:53:44.0338 5156 PolicyAgent - ok
09:53:44.0369 5156 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
09:53:44.0431 5156 Power - ok
09:53:44.0509 5156 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
09:53:44.0572 5156 PptpMiniport - ok
09:53:44.0603 5156 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
09:53:44.0634 5156 Processor - ok
09:53:44.0665 5156 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
09:53:44.0712 5156 ProfSvc - ok
09:53:44.0743 5156 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
09:53:44.0759 5156 ProtectedStorage - ok
09:53:44.0790 5156 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
09:53:44.0837 5156 Psched - ok
09:53:44.0930 5156 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
09:53:44.0962 5156 ql2300 - ok
09:53:45.0071 5156 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
09:53:45.0071 5156 ql40xx - ok
09:53:45.0118 5156 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
09:53:45.0133 5156 QWAVE - ok
09:53:45.0164 5156 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
09:53:45.0196 5156 QWAVEdrv - ok
09:53:45.0211 5156 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
09:53:45.0258 5156 RasAcd - ok
09:53:45.0305 5156 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
09:53:45.0336 5156 RasAgileVpn - ok
09:53:45.0352 5156 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
09:53:45.0398 5156 RasAuto - ok
09:53:45.0430 5156 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
09:53:45.0476 5156 Rasl2tp - ok
09:53:45.0539 5156 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
09:53:45.0586 5156 RasMan - ok
09:53:45.0601 5156 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
09:53:45.0664 5156 RasPppoe - ok
09:53:45.0695 5156 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
09:53:45.0742 5156 RasSstp - ok
09:53:45.0773 5156 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
09:53:45.0835 5156 rdbss - ok
09:53:45.0866 5156 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
09:53:45.0882 5156 rdpbus - ok
09:53:45.0913 5156 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
09:53:45.0960 5156 RDPCDD - ok
09:53:45.0960 5156 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
09:53:46.0022 5156 RDPENCDD - ok
09:53:46.0038 5156 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
09:53:46.0085 5156 RDPREFMP - ok
09:53:46.0116 5156 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
09:53:46.0163 5156 RDPWD - ok
09:53:46.0194 5156 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
09:53:46.0210 5156 rdyboost - ok
09:53:46.0241 5156 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
09:53:46.0303 5156 RemoteAccess - ok
09:53:46.0350 5156 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
09:53:46.0397 5156 RemoteRegistry - ok
09:53:46.0412 5156 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
09:53:46.0459 5156 RpcEptMapper - ok
09:53:46.0475 5156 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
09:53:46.0490 5156 RpcLocator - ok
09:53:46.0522 5156 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\System32\rpcss.dll
09:53:46.0568 5156 RpcSs - ok
09:53:46.0631 5156 RSPCIESTOR (33404b769915388be7162d9ed58422ac) C:\Windows\system32\DRIVERS\RtsPStor.sys
09:53:46.0646 5156 RSPCIESTOR - ok
09:53:46.0693 5156 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
09:53:46.0724 5156 rspndr - ok
09:53:46.0771 5156 RTL8167 (3372196f61af48503656ef6aa3e92d1b) C:\Windows\system32\DRIVERS\Rt64win7.sys
09:53:46.0787 5156 RTL8167 - ok
09:53:46.0896 5156 RTL8192Ce (177963a6eebaa9ef3b56a2dbe9d5d0fc) C:\Windows\system32\DRIVERS\rtl8192Ce.sys
09:53:46.0927 5156 RTL8192Ce - ok
09:53:46.0958 5156 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
09:53:46.0974 5156 SamSs - ok
09:53:46.0990 5156 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
09:53:47.0005 5156 sbp2port - ok
09:53:47.0052 5156 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
09:53:47.0083 5156 SCardSvr - ok
09:53:47.0099 5156 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
09:53:47.0146 5156 scfilter - ok
09:53:47.0208 5156 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
09:53:47.0286 5156 Schedule - ok
09:53:47.0317 5156 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
09:53:47.0348 5156 SCPolicySvc - ok
09:53:47.0442 5156 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys
09:53:47.0473 5156 sdbus - ok
09:53:47.0489 5156 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
09:53:47.0536 5156 SDRSVC - ok
09:53:47.0567 5156 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
09:53:47.0614 5156 secdrv - ok
09:53:47.0629 5156 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
09:53:47.0660 5156 seclogon - ok
09:53:47.0692 5156 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
09:53:47.0738 5156 SENS - ok
09:53:47.0785 5156 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
09:53:47.0816 5156 SensrSvc - ok
09:53:47.0832 5156 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
09:53:47.0863 5156 Serenum - ok
09:53:47.0894 5156 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
09:53:47.0910 5156 Serial - ok
09:53:47.0941 5156 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
09:53:47.0972 5156 sermouse - ok
09:53:48.0004 5156 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
09:53:48.0050 5156 SessionEnv - ok
09:53:48.0082 5156 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
09:53:48.0097 5156 sffdisk - ok
09:53:48.0113 5156 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
09:53:48.0144 5156 sffp_mmc - ok
09:53:48.0160 5156 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
09:53:48.0191 5156 sffp_sd - ok
09:53:48.0222 5156 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
09:53:48.0253 5156 sfloppy - ok
09:53:48.0316 5156 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
09:53:48.0347 5156 Sftfs - ok
09:53:48.0472 5156 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
09:53:48.0487 5156 sftlist - ok
09:53:48.0534 5156 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
09:53:48.0550 5156 Sftplay - ok
09:53:48.0565 5156 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
09:53:48.0565 5156 Sftredir - ok
09:53:48.0612 5156 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
09:53:48.0612 5156 Sftvol - ok
09:53:48.0659 5156 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
09:53:48.0674 5156 sftvsa - ok
09:53:48.0721 5156 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
09:53:48.0768 5156 SharedAccess - ok
09:53:48.0815 5156 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
09:53:48.0877 5156 ShellHWDetection - ok
09:53:48.0908 5156 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
09:53:48.0908 5156 SiSRaid2 - ok
09:53:48.0940 5156 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
09:53:48.0955 5156 SiSRaid4 - ok
09:53:49.0002 5156 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
09:53:49.0033 5156 Smb - ok
09:53:49.0096 5156 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
09:53:49.0111 5156 SNMPTRAP - ok
09:53:49.0127 5156 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
09:53:49.0142 5156 spldr - ok
09:53:49.0174 5156 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
09:53:49.0220 5156 Spooler - ok
09:53:49.0376 5156 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
09:53:49.0486 5156 sppsvc - ok
09:53:49.0595 5156 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
09:53:49.0642 5156 sppuinotify - ok
09:53:49.0688 5156 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
09:53:49.0735 5156 srv - ok
09:53:49.0766 5156 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
09:53:49.0798 5156 srv2 - ok
09:53:49.0844 5156 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
09:53:49.0876 5156 SrvHsfHDA - ok
09:53:49.0938 5156 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
09:53:49.0985 5156 SrvHsfV92 - ok
09:53:50.0156 5156 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
09:53:50.0172 5156 SrvHsfWinac - ok
09:53:50.0219 5156 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
09:53:50.0234 5156 srvnet - ok
09:53:50.0281 5156 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
09:53:50.0344 5156 SSDPSRV - ok
09:53:50.0359 5156 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
09:53:50.0390 5156 SstpSvc - ok
09:53:50.0406 5156 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
09:53:50.0422 5156 stexstor - ok
09:53:50.0484 5156 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
09:53:50.0515 5156 stisvc - ok
09:53:50.0546 5156 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
09:53:50.0562 5156 swenum - ok
09:53:50.0609 5156 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
09:53:50.0671 5156 swprv - ok
09:53:50.0780 5156 SynTP (ec4dca6539eb97376f1a1743d209d842) C:\Windows\system32\DRIVERS\SynTP.sys
09:53:50.0812 5156 SynTP - ok
09:53:51.0046 5156 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
09:53:51.0092 5156 SysMain - ok
09:53:51.0233 5156 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
09:53:51.0248 5156 TabletInputService - ok
09:53:51.0280 5156 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
09:53:51.0326 5156 TapiSrv - ok
09:53:51.0342 5156 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
09:53:51.0389 5156 TBS - ok
09:53:51.0529 5156 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
09:53:51.0560 5156 Tcpip - ok
09:53:51.0794 5156 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
09:53:51.0826 5156 TCPIP6 - ok
09:53:51.0904 5156 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
09:53:51.0950 5156 tcpipreg - ok
09:53:51.0966 5156 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
09:53:51.0982 5156 TDPIPE - ok
09:53:51.0997 5156 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
09:53:52.0028 5156 TDTCP - ok
09:53:52.0060 5156 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
09:53:52.0091 5156 tdx - ok
09:53:52.0122 5156 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
09:53:52.0138 5156 TermDD - ok
09:53:52.0200 5156 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
09:53:52.0247 5156 TermService - ok
09:53:52.0278 5156 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
09:53:52.0294 5156 Themes - ok
09:53:52.0325 5156 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
09:53:52.0356 5156 THREADORDER - ok
09:53:52.0372 5156 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
09:53:52.0434 5156 TrkWks - ok
09:53:52.0496 5156 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
09:53:52.0543 5156 TrustedInstaller - ok
09:53:52.0574 5156 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
09:53:52.0621 5156 tssecsrv - ok
09:53:52.0652 5156 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
09:53:52.0668 5156 TsUsbFlt - ok
09:53:52.0699 5156 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
09:53:52.0715 5156 TsUsbGD - ok
09:53:52.0762 5156 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
09:53:52.0808 5156 tunnel - ok
09:53:52.0840 5156 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
09:53:52.0855 5156 uagp35 - ok
09:53:52.0886 5156 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
09:53:52.0933 5156 udfs - ok
09:53:52.0964 5156 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
09:53:52.0980 5156 UI0Detect - ok
09:53:53.0011 5156 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
09:53:53.0011 5156 uliagpkx - ok
09:53:53.0042 5156 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
09:53:53.0074 5156 umbus - ok
09:53:53.0105 5156 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
09:53:53.0136 5156 UmPass - ok
09:53:53.0308 5156 UNS (a678e5ddd974903dd71f503bdcaca218) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
09:53:53.0370 5156 UNS - ok
09:53:53.0495 5156 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
09:53:53.0557 5156 upnphost - ok
09:53:53.0620 5156 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
09:53:53.0635 5156 usbccgp - ok
09:53:53.0666 5156 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
09:53:53.0682 5156 usbcir - ok
09:53:53.0713 5156 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
09:53:53.0729 5156 usbehci - ok
09:53:53.0791 5156 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
09:53:53.0822 5156 usbhub - ok
09:53:53.0854 5156 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
09:53:53.0869 5156 usbohci - ok
09:53:53.0916 5156 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
09:53:53.0947 5156 usbprint - ok
09:53:53.0978 5156 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
09:53:53.0994 5156 usbscan - ok
09:53:54.0010 5156 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
09:53:54.0056 5156 USBSTOR - ok
09:53:54.0072 5156 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
09:53:54.0103 5156 usbuhci - ok
09:53:54.0150 5156 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
09:53:54.0166 5156 usbvideo - ok
09:53:54.0197 5156 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
09:53:54.0244 5156 UxSms - ok
09:53:54.0275 5156 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
09:53:54.0290 5156 VaultSvc - ok
09:53:54.0322 5156 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
09:53:54.0337 5156 vdrvroot - ok
09:53:54.0384 5156 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
09:53:54.0431 5156 vds - ok
09:53:54.0462 5156 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
09:53:54.0478 5156 vga - ok
09:53:54.0493 5156 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
09:53:54.0540 5156 VgaSave - ok
09:53:54.0587 5156 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
09:53:54.0602 5156 vhdmp - ok
09:53:54.0602 5156 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
09:53:54.0618 5156 viaide - ok
09:53:54.0634 5156 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
09:53:54.0649 5156 volmgr - ok
09:53:54.0680 5156 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
09:53:54.0696 5156 volmgrx - ok
09:53:54.0743 5156 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
09:53:54.0758 5156 volsnap - ok
09:53:54.0790 5156 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
09:53:54.0805 5156 vsmraid - ok
09:53:54.0899 5156 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
09:53:54.0977 5156 VSS - ok
09:53:55.0133 5156 vToolbarUpdater10.2.0 (3080f1f093869a19fb3d1f0226c73809) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
09:53:55.0164 5156 vToolbarUpdater10.2.0 - ok
09:53:55.0273 5156 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
09:53:55.0304 5156 vwifibus - ok
09:53:55.0336 5156 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
09:53:55.0367 5156 vwififlt - ok
09:53:55.0398 5156 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
09:53:55.0414 5156 vwifimp - ok
09:53:55.0460 5156 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
09:53:55.0507 5156 W32Time - ok
09:53:55.0632 5156 W3SVC (b32009db1972e7f2c227499289c4384a) C:\Windows\system32\inetsrv\iisw3adm.dll
09:53:55.0648 5156 W3SVC - ok
09:53:55.0679 5156 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
09:53:55.0679 5156 WacomPen - ok
09:53:55.0741 5156 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
09:53:55.0788 5156 WANARP - ok
09:53:55.0804 5156 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
09:53:55.0835 5156 Wanarpv6 - ok
09:53:55.0850 5156 WAS (b32009db1972e7f2c227499289c4384a) C:\Windows\system32\inetsrv\iisw3adm.dll
09:53:55.0866 5156 WAS - ok
09:53:55.0960 5156 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
09:53:55.0991 5156 WatAdminSvc - ok
09:53:56.0069 5156 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
09:53:56.0131 5156 wbengine - ok
09:53:56.0256 5156 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
09:53:56.0272 5156 WbioSrvc - ok
09:53:56.0318 5156 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
09:53:56.0334 5156 wcncsvc - ok
09:53:56.0350 5156 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
09:53:56.0365 5156 WcsPlugInService - ok
09:53:56.0396 5156 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
09:53:56.0412 5156 Wd - ok
09:53:56.0474 5156 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
09:53:56.0490 5156 Wdf01000 - ok
09:53:56.0506 5156 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
09:53:56.0599 5156 WdiServiceHost - ok
09:53:56.0599 5156 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
09:53:56.0615 5156 WdiSystemHost - ok
09:53:56.0662 5156 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
09:53:56.0693 5156 WebClient - ok
09:53:56.0740 5156 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
09:53:56.0786 5156 Wecsvc - ok
09:53:56.0802 5156 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
09:53:56.0849 5156 wercplsupport - ok
09:53:56.0880 5156 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
09:53:56.0927 5156 WerSvc - ok
09:53:57.0020 5156 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
09:53:57.0052 5156 WfpLwf - ok
09:53:57.0067 5156 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
09:53:57.0083 5156 WIMMount - ok
09:53:57.0114 5156 WinDefend - ok
09:53:57.0114 5156 WinHttpAutoProxySvc - ok
09:53:57.0176 5156 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
09:53:57.0223 5156 Winmgmt - ok
09:53:57.0488 5156 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
09:53:57.0582 5156 WinRM - ok
09:53:57.0738 5156 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
09:53:57.0754 5156 WinUsb - ok
09:53:57.0816 5156 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
09:53:57.0863 5156 Wlansvc - ok
09:53:57.0956 5156 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
09:53:57.0972 5156 wlcrasvc - ok
09:53:58.0159 5156 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
09:53:58.0206 5156 wlidsvc - ok
09:53:58.0346 5156 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
09:53:58.0362 5156 WmiAcpi - ok
09:53:58.0440 5156 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
09:53:58.0456 5156 wmiApSrv - ok
09:53:58.0502 5156 WMPNetworkSvc - ok
09:53:58.0534 5156 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
09:53:58.0549 5156 WPCSvc - ok
09:53:58.0580 5156 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
09:53:58.0612 5156 WPDBusEnum - ok
09:53:58.0643 5156 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
09:53:58.0674 5156 ws2ifsl - ok
09:53:58.0721 5156 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
09:53:58.0752 5156 wscsvc - ok
09:53:58.0752 5156 WSearch - ok
09:53:58.0892 5156 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
09:53:58.0986 5156 wuauserv - ok
09:53:59.0095 5156 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
09:53:59.0142 5156 WudfPf - ok
09:53:59.0189 5156 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
09:53:59.0236 5156 WUDFRd - ok
09:53:59.0267 5156 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
09:53:59.0298 5156 wudfsvc - ok
09:53:59.0329 5156 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
09:53:59.0360 5156 WwanSvc - ok
09:53:59.0407 5156 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
09:53:59.0516 5156 \Device\Harddisk0\DR0 - ok
09:53:59.0516 5156 Boot (0x1200) (5be3743f1a621b7fe2385633be836b41) \Device\Harddisk0\DR0\Partition0
09:53:59.0516 5156 \Device\Harddisk0\DR0\Partition0 - ok
09:53:59.0548 5156 Boot (0x1200) (750b71e6c5f61015b4696073d38acc57) \Device\Harddisk0\DR0\Partition1
09:53:59.0548 5156 \Device\Harddisk0\DR0\Partition1 - ok
09:53:59.0563 5156 Boot (0x1200) (40e33a8f7b732a7e7de16c94c88507f1) \Device\Harddisk0\DR0\Partition2
09:53:59.0563 5156 \Device\Harddisk0\DR0\Partition2 - ok
09:53:59.0579 5156 Boot (0x1200) (e695e19f488f68cd5cad1eba17a1ede0) \Device\Harddisk0\DR0\Partition3
09:53:59.0579 5156 \Device\Harddisk0\DR0\Partition3 - ok
09:53:59.0579 5156 ============================================================
09:53:59.0579 5156 Scan finished
09:53:59.0579 5156 ============================================================
09:53:59.0594 5144 Detected object count: 2
09:53:59.0594 5144 Actual detected object count: 2
09:54:42.0604 5144 BrYNSvc ( UnsignedFile.Multi.Generic ) - skipped by user
09:54:42.0604 5144 BrYNSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:54:42.0604 5144 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
09:54:42.0604 5144 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:55:24.0583 5428 Deinitialize success


ComboFix 12-04-27.02 - Melinda 28/04/2012 10:07:12.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.3948.2748 [GMT 9.5:30]
Running from: c:\users\Melinda\Desktop\ComboFix.exe
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Melinda\AppData\Local\TempDIR
c:\windows\SysWow64\drivers\dfg.sys
.
.
((((((((((((((((((((((((( Files Created from 2012-03-28 to 2012-04-28 )))))))))))))))))))))))))))))))
.
.
2012-04-28 00:42 . 2012-04-28 00:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-27 08:59 . 2012-04-27 08:59 -------- dc----w- C:\_OTL
2012-04-16 02:26 . 2010-11-04 05:52 93696 ----a-w- c:\windows\system32\drivers\ew_jucdcacm.sys
2012-04-16 02:26 . 2010-10-09 02:49 85504 ----a-w- c:\windows\system32\drivers\ew_jubusenum.sys
2012-04-16 02:26 . 2010-09-26 06:01 29184 ----a-w- c:\windows\system32\drivers\ew_juextctrl.sys
2012-04-16 02:26 . 2010-09-26 06:01 55296 ----a-w- c:\windows\system32\drivers\ew_jucdcecm.sys
2012-04-16 02:26 . 2010-09-03 05:36 196608 ----a-w- c:\windows\system32\drivers\ew_juwwanecm.sys
2012-04-16 02:23 . 2010-08-31 06:09 256000 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2012-04-16 02:23 . 2010-08-07 05:49 121600 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2012-04-16 02:23 . 2010-05-10 02:22 999936 ----a-w- c:\windows\system32\drivers\mod7700.sys
2012-04-16 02:23 . 2010-03-20 00:06 13952 ----a-w- c:\windows\system32\drivers\ew_usbenumfilter.sys
2012-04-16 02:23 . 2010-01-18 06:48 32768 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2012-04-16 02:20 . 2010-07-26 21:52 117248 ----a-w- c:\windows\system32\drivers\ew_hwusbdev.sys
2012-04-14 05:04 . 2012-04-14 05:04 -------- d-----w- c:\windows\en
2012-04-14 04:59 . 2012-04-14 04:59 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\5cd0e2b21cd19fb01\DSETUP.dll
2012-04-14 04:59 . 2012-04-14 04:59 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\5cd0e2b21cd19fb01\DXSETUP.exe
2012-04-14 04:59 . 2012-04-14 04:59 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\5cd0e2b21cd19fb01\dsetup32.dll
2012-04-14 04:59 . 2012-04-14 04:59 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\5d47e77f1cd19fb02\MeshBetaRemover.exe
2012-04-11 02:51 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 02:51 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-11 02:51 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-11 02:50 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 02:50 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-11 02:50 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-11 02:50 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-11 02:50 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-11 02:50 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-11 02:50 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-05 15:34 . 2012-04-05 15:34 -------- d-----w- c:\programdata\Playrix Entertainment
2012-04-05 14:55 . 2012-04-05 14:55 -------- d-----w- c:\program files (x86)\MyPlayCity.com
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2012-03-31 01:28 . 2012-04-01 12:42 -------- d-----w- c:\users\Melinda\Video
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-04 06:26 . 2012-01-05 04:22 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-14 23:22 . 2012-01-04 01:23 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2012-03-14 23:22 . 2012-01-04 01:23 336208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-03-08 09:20 . 2012-03-08 09:20 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
2012-03-08 09:07 . 2012-03-08 09:07 302448 ----a-w- c:\windows\WLXPGSS.SCR
2012-03-07 00:47 . 2012-01-04 23:23 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2012-03-05 03:58 . 2011-04-09 23:51 525544 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-05 03:42 . 2012-02-04 00:09 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-05 03:21 . 2012-01-10 00:07 336208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-02-21 06:49 . 2012-02-21 06:49 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-02-21 06:49 . 2012-02-21 06:49 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-02-21 06:49 . 2012-02-21 06:49 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-02-21 06:49 . 2012-02-21 06:49 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-02-21 06:49 . 2012-02-21 06:49 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-02-21 06:49 . 2012-02-21 06:49 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-02-21 06:49 . 2012-02-21 06:49 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-02-21 06:49 . 2012-02-21 06:49 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-02-21 06:49 . 2012-02-21 06:49 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-02-21 06:49 . 2012-02-21 06:49 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-02-21 06:49 . 2012-02-21 06:49 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-02-21 06:49 . 2012-02-21 06:49 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-02-21 06:49 . 2012-02-21 06:49 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-02-21 06:49 . 2012-02-21 06:49 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-02-21 06:49 . 2012-02-21 06:49 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-02-21 06:49 . 2012-02-21 06:49 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-02-21 06:49 . 2012-02-21 06:49 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-02-21 06:49 . 2012-02-21 06:49 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-02-21 06:49 . 2012-02-21 06:49 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-02-21 06:49 . 2012-02-21 06:49 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-02-21 06:49 . 2012-02-21 06:49 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-02-21 06:49 . 2012-02-21 06:49 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-02-21 06:49 . 2012-02-21 06:49 448512 ----a-w- c:\windows\system32\html.iec
2012-02-21 06:49 . 2012-02-21 06:49 222208 ----a-w- c:\windows\system32\msls31.dll
2012-02-21 06:49 . 2012-02-21 06:49 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-02-21 06:49 . 2012-02-21 06:49 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-02-21 06:49 . 2012-02-21 06:49 12288 ----a-w- c:\windows\system32\mshta.exe
2012-02-21 06:49 . 2012-02-21 06:49 114176 ----a-w- c:\windows\system32\admparse.dll
2012-02-21 06:49 . 2012-02-21 06:49 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-02-21 06:49 . 2012-02-21 06:49 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-02-21 06:49 . 2012-02-21 06:49 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-02-21 06:49 . 2012-02-21 06:49 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-02-21 06:49 . 2012-02-21 06:49 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-02-21 06:49 . 2012-02-21 06:49 160256 ----a-w- c:\windows\system32\wextract.exe
2012-02-17 06:38 . 2012-03-14 06:30 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 06:30 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 06:30 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 06:30 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 06:36 . 2012-03-14 06:31 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 06:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-08 11:43 . 2012-02-06 02:10 25160 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys
2012-02-08 07:13 . 2012-02-24 06:03 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A5C578E5-219B-4E78-8F9E-6C4FF2703E9A}\mpengine.dll
2012-02-04 02:18 . 2012-01-12 02:19 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-03 23:01 . 2012-02-03 23:01 21712 ----a-w- c:\windows\SysWow64\drivers\DrvAgent64.SYS
2012-02-03 04:34 . 2012-03-14 06:31 3145728 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-03-14 11:17 1869152 ----a-w- c:\program files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [2012-03-14 1869152]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spy Protector"="c:\program files (x86)\Security Task Manager\SpyProtector.exe" [2010-11-09 140616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2010-02-09 2621440]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-23 114688]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-03-14 982880]
"ROC_roc_dec12"="c:\program files (x86)\AVG Secure Search\ROC_roc_dec12.exe" [2012-02-24 928096]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 1 (0x1)
"DisplayLastLogonInfo"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-08 136176]
R2 HP Support Assistant Service;HP Support Assistant Service; [x]
R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe [2010-01-24 245760]
R3 dfg;dfg;c:\windows\system32\drivers\dfg.sys [x]
R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [2012-02-03 21712]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-08 136176]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-17 98208]
S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2012\avgfws.exe [2011-11-22 2391832]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-11 4433248]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-01 192776]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896]
S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [2010-11-16 339456]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-01-28 2429544]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-09-30 508776]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-31 2656280]
S2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [2012-03-14 918880]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-09-30 219496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
2010-11-21 03:24 302592 ----a-w- c:\windows\System32\cmd.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-08 08:21]
.
2012-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-08 08:21]
.
2012-04-20 c:\windows\Tasks\HPCeeScheduleForMelinda.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-21 416024]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-21 167704]
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.com.au/
IE: &ieSpell Options - c:\program files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: Lookup on Merriam Webster - file://c:\program files (x86)\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files (x86)\ieSpell\wikipedia.HTM
TCP: DhcpNameServer = 10.1.1.1
TCP: Interfaces\{9B2B64CB-6CEB-4628-B274-81517F023C55}: NameServer = 198.142.0.51 61.88.88.88
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\AVG\AVG PC Tuneup\BoostSpeed.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-04-28 10:20:19 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-28 00:50
ComboFix2.txt 2012-02-03 13:20
.
Pre-Run: 421,739,130,880 bytes free
Post-Run: 421,717,897,216 bytes free
.
- - End Of File - - 688EFC1EADC538FDAD51CAB00CC8E891


Thanks again for all that your helping me with :)
  • 0

#8
CompCav
Posted 30 April 2012 - 05:43 AM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Download AVPTool from Here to your desktop

Run the program you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow AVP to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post


Now the Analysis

Rerun AVP and select the Manual Disinfection tab and press Start Gathering System Information

Posted Image

On completion click the link to locate the zip file to upload and attach to your next post

Posted Image
  • 1

#9
NoobMel
Posted 30 April 2012 - 09:58 AM

NoobMel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Hi CompCav,
I just downloaded Kaspersky tool and saved to my desktop, then ran setup but it seemed to only get 2/3 of the way through then asked if it could run on start up (yes) and then that was it now I can find where it is set up to? I have looked all through desktop for any thing on todays date and the only thing that is there is the Kaspersky Setup? Help needed to find it, thanks, NoobMel :/
  • 0

#10
CompCav
Posted 30 April 2012 - 10:09 AM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Just rerun setup.
  • 1

Advertisements

#11
NoobMel
Posted 30 April 2012 - 10:20 AM

NoobMel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Thanks for replying so quick. I had rerun set up twice and just now again the green bar gets about 2/3 of the way across then the whole box disappears off the screen and thats it nothing else happens no new program/icon on desktop. Went to C:\program data as it now has todays date opened it found Kaspersky folder (with todays date) and its empty? Also laptop seems very slow now opening folders and when I ran set up again the desktop went dark the setup permission box appeared and then about 3 seconds later the beep sound affect.

Edited by NoobMel, 30 April 2012 - 10:25 AM.

  • 0

#12
CompCav
Posted 30 April 2012 - 12:37 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Delete the setup and rerun MalwareBytes' on quick scan and post the results.
  • 0

#13
NoobMel
Posted 30 April 2012 - 10:20 PM

NoobMel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Hi CompCav, when I started my computer this morning the Kaspersky tool started so I did all the scans that you reqested. When 1st scan finished there was no Detected "threads" but there was a detected "threats" report but it blank as were all the other reports, however I did notice that there was quiet a few Rar password protected files that popped up during scan (I never installed Rar, this was another program that the tech added to my system but I have since deleted). I ran the Start Gathering System Information from the Manual Disinfection tab. After which I clicked on the link "Anti-virus service 911" and the link took meto a page with the following on it....
eng / rus
THE KASPERSKY 911 SERVICE IS NO LONGER AVAILABLE
Information on virus-related issues can be found on the Kaspersky Lab Forum
Information on how to use Kaspersky Virus Removal Tool can be found on the Kaspersky Lab Forum
and on the dedicated support page.
© 1997-2011 Kaspersky Lab

Maybe this too has changed since the last time it was used or I did something wrong. I did copy what was availible in the report box though;

Gathering system information: completed 22 minutes ago (events: 20, time: 00:01:31)
1/05/2012 1:19:50 PM Task started Gathering system information
1/05/2012 1:19:51 PM Main script of analysis
1/05/2012 1:19:51 PM Windows version: Windows 7 Home Premium, Build=7601, SP="Service Pack 1"
1/05/2012 1:19:51 PM System Restore: enabled
1/05/2012 1:20:24 PM >> Services: potentially dangerous service allowed: SSDPSRV (@%systemroot%\system32\ssdpsrv.dll,-100)
1/05/2012 1:20:24 PM >> Services: potentially dangerous service allowed: Schedule (@%SystemRoot%\system32\schedsvc.dll,-100)
1/05/2012 1:20:24 PM > Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
1/05/2012 1:20:24 PM >> Security: disk drives' autorun is enabled
1/05/2012 1:20:24 PM >> Security: administrative shares (C$, D$ ...) are enabled
1/05/2012 1:20:24 PM >> Security: anonymous user access is enabled
1/05/2012 1:20:27 PM >> Process termination timeout is out of admissible values
1/05/2012 1:20:27 PM >> Service termination timeout is out of admissible values
1/05/2012 1:20:27 PM >> Disable CD/DVD autorun
1/05/2012 1:20:28 PM >> Windows Explorer - show extensions of known file types
1/05/2012 1:20:29 PM System Analysis in progress
1/05/2012 1:21:21 PM System Analysis - complete
1/05/2012 1:21:21 PM Deleting service/driver: utqxnduy
1/05/2012 1:21:21 PM Deleting service/driver: ujqxnduy
1/05/2012 1:21:21 PM Main script of analysis
1/05/2012 1:21:21 PM Task completed Gathering system information

I did notice in the above that is says "anonymous user access is enabled" is this what Optus told me about?
  • 0

#14
CompCav
Posted 30 April 2012 - 10:28 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Thanks for staying with it until you got the first part done! :thumbsup:


I did notice in the above that is says "anonymous user access is enabled" is this what Optus told me about?

The setting is correct.

Please find the file from the manual disinfection analysis and attach it to your next post. The name of the file is avptool_sysinfo.zip

If you cannot find it please rerun that part in post #8 under Now the Analysis

Regards,

CompCav
  • 1

#15
NoobMel
Posted 30 April 2012 - 11:21 PM

NoobMel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Thanks for your patients CompCav, I'm still very much a beginer when it comes to computing :notworthy: Attached File  avptool_sysinfo.zip   11.95KB   109 downloads. I couldn't find the file so I had to reboot to get the tool to rerun but at least I found the file. Please find it attached.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP