Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

windows 7 wont boot following malware removal (inc hitman pro)

Started by nightporter , May 06 2012 05:44 PM

Please log in to reply

#16
nightporter

Posted 11 May 2012 - 09:55 AM

Member

Topic Starter
Member
17 posts

OTL log after Fix (I'll post the Scan result in a new reply in a moment)

========== SERVICES/DRIVERS ==========
Service HitmanProScheduler stopped successfully!
Service HitmanProScheduler deleted successfully!
Error: No service named Boot was found to stop!
Service\Driver key Boot not found.
Error: Unable to stop service bProtector!
Service bProtector deleted successfully!
Service Lbd stopped successfully!
Service Lbd deleted successfully!
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ deleted successfully.
C:\Program Files (x86)\Vuze_Remote\tbVuze.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\bProtector Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchDefaultBranded| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{20a0be68-8fd9-4539-8712-ce3d1c1fdfc6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20a0be68-8fd9-4539-8712-ce3d1c1fdfc6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{26c9e18c-3717-4be1-a225-04e4471f5b6e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26c9e18c-3717-4be1-a225-04e4471f5b6e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ deleted successfully.
C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found.
File C:\Program Files (x86)\Vuze_Remote\tbVuze.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C8748F11-F4AD-47AF-AB50-C7DF5792096B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C8748F11-F4AD-47AF-AB50-C7DF5792096B}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{26c9e18c-3717-4be1-a225-04e4471f5b6e} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26c9e18c-3717-4be1-a225-04e4471f5b6e}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found.
File C:\Program Files (x86)\Vuze_Remote\tbVuze.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{66BD2442-241B-44CD-8C7A-B51037053CDB} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66BD2442-241B-44CD-8C7A-B51037053CDB}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{742E70CF-7770-412D-86CB-230B322E807C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{742E70CF-7770-412D-86CB-230B322E807C}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BA14329E-9550-4989-B3F2-9732E92D17CC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC}\ not found.
File C:\Program Files (x86)\Vuze_Remote\tbVuze.dll not found.
C:\Users\pcwt5\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Recovery\ deleted successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\hitromi\ deleted successfully.
C:\Users\Public\Desktop\Vuze.lnk moved successfully.
C:\Users\pcwt5\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk moved successfully.
C:\Windows\SysNative\dds_trash_log.cmd moved successfully.
C:\Windows\SysWOW64\TempWmicBatchFile.bat moved successfully.
Mount Point C:\Windows\system64 removed successfully!
========== FILES ==========
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
0 File(s) copied
C:\Users\pcwt5\Desktop\cmd.bat deleted successfully.
C:\Users\pcwt5\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
0 File(s) copied
C:\Users\pcwt5\Desktop\cmd.bat deleted successfully.
C:\Users\pcwt5\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
0 File(s) copied
C:\Users\pcwt5\Desktop\cmd.bat deleted successfully.
C:\Users\pcwt5\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
0 File(s) copied
C:\Users\pcwt5\Desktop\cmd.bat deleted successfully.
C:\Users\pcwt5\Desktop\cmd.txt deleted successfully.
File\Folder C:\Program Files (x86)\blekkotb not found.
C:\Program Files (x86)\Vuze_Remote folder moved successfully.
Folder move failed. C:\ProgramData\bProtector scheduled to be moved on reboot.
C:\Users\pcwt5\AppData\Local\Temp\b3ac04aa-9413-4ecb-ac45-ed44495e62a6 folder moved successfully.
File\Folder C:\Program Files\HitmanPro not found.
C:\ProgramData\HitmanPro folder moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro folder moved successfully.
File\Folder C:\Windows\system64 not found.
C:\Windows\SysWow64\(null)AAWService__2012_02_05_03_51_31.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_05_03_52_35.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_05_03_52_43.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_05_04_01_12.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_05_04_02_38.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_05_04_02_45.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_05_05_22_08.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_05_05_22_27.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_05_05_22_34.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_05_05_46_40.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_05_05_46_59.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_05_05_47_06.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_05_07_52_16.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_05_07_52_48.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_05_07_52_55.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_05_17_55_32.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_05_17_55_51.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_05_17_55_59.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_06_01_55_41.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_06_01_56_04.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_06_01_56_11.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_06_14_18_12.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_06_14_20_20.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_06_14_20_37.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_07_14_11_51.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_07_14_12_08.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_07_14_12_16.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_08_13_59_15.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_08_13_59_34.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_08_13_59_41.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_09_07_17_17.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_09_07_17_58.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_09_07_18_08.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_09_13_55_49.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_09_13_56_08.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_09_13_56_16.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_10_13_45_34.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_10_13_45_50.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_10_13_45_59.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_11_00_23_37.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_11_00_23_56.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_11_00_24_04.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_11_01_54_12.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_11_01_54_36.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_11_01_54_44.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_11_16_23_03.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_11_16_23_20.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_11_16_23_28.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_11_18_55_27.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_11_18_55_44.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_11_18_55_59.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_12_02_32_02.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_12_02_36_43.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_12_02_36_50.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_12_18_05_46.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_12_18_08_10.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_12_18_08_23.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_13_00_04_55.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_13_00_05_16.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_13_00_05_27.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_13_13_56_17.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_13_13_56_32.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_13_13_56_41.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_14_00_56_13.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_14_00_56_36.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_14_00_56_47.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_14_14_14_25.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_14_14_14_42.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_14_14_14_51.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_15_00_32_11.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_15_00_32_27.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_15_00_32_36.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_15_13_56_53.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_15_13_57_13.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_15_13_57_20.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_15_21_18_29.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_15_21_19_09.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_15_21_19_18.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_16_05_38_30.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_16_05_39_00.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_16_05_39_08.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_16_14_23_01.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_16_14_24_13.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_16_14_24_24.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_17_03_39_35.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_17_03_39_58.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_17_03_40_09.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_17_14_01_53.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_17_14_04_06.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_17_14_04_24.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_18_17_01_58.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_18_17_03_44.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_18_17_03_53.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_19_04_35_05.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_19_04_36_02.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_19_04_36_11.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_19_15_27_38.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_19_15_28_07.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_19_15_28_15.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_19_22_27_43.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_19_22_28_28.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_19_22_28_35.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_20_01_42_45.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_20_01_43_05.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_20_01_43_13.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_20_14_41_36.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_20_14_41_55.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_20_14_42_02.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_21_01_14_06.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_21_01_14_30.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_21_01_14_40.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_21_13_54_37.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_21_13_55_21.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_21_13_55_32.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_21_22_59_52.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_21_23_00_16.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_21_23_00_25.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_22_13_17_53.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_22_13_18_17.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_22_13_18_25.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_23_14_08_45.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_23_14_09_08.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_23_14_09_17.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_24_00_28_23.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_24_00_28_58.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_24_00_29_07.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_24_02_13_13.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_24_02_13_38.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_24_02_13_48.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_24_13_55_35.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_24_13_56_00.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_24_13_56_10.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_25_04_01_46.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_25_04_02_14.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_25_04_02_24.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_25_08_34_49.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_25_08_36_06.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_25_08_36_15.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_25_18_51_56.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_25_18_52_28.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_25_18_52_37.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_26_04_43_22.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_26_04_44_00.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_26_04_44_09.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_26_15_01_16.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_26_15_04_23.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_26_15_04_31.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_26_18_58_38.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_26_18_59_02.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_26_18_59_13.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_26_20_35_11.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_26_20_35_40.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_26_20_35_49.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_27_06_03_44.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_27_06_04_58.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_27_06_05_06.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_27_13_59_48.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_27_14_00_15.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_27_14_00_25.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_27_21_30_46.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_27_21_31_08.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_27_21_31_18.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_28_14_14_49.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_28_14_15_16.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_02_28_14_15_25.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_01_02_29_02.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_01_02_29_23.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_01_02_29_31.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_01_13_51_54.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_01_13_52_23.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_01_13_52_31.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_02_13_54_55.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_02_13_55_21.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_02_13_55_32.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_03_16_51_24.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_03_16_51_54.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_03_16_52_02.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_04_04_53_31.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_04_04_54_01.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_04_04_54_10.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_04_15_54_12.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_04_15_56_49.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_04_15_57_01.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_05_04_11_31.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_05_04_11_56.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_05_04_12_05.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_05_13_57_07.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_05_13_57_40.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_05_13_57_53.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_05_20_32_47.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_05_20_33_15.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_05_20_33_23.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_06_05_45_32.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_06_05_45_52.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_06_05_46_00.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_06_13_49_04.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_06_13_49_36.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_06_13_49_46.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_07_13_58_32.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_07_14_01_29.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_07_14_01_51.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_08_14_00_23.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_08_14_00_49.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_08_14_01_00.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_08_22_11_13.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_08_22_11_42.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_08_22_11_51.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_08_22_22_18.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_08_22_22_55.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_08_22_23_05.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_09_02_43_39.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_09_02_44_09.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_09_02_44_18.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_09_14_04_45.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_09_14_05_16.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_09_14_05_23.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_10_01_24_42.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_10_01_25_14.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_10_01_25_24.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_10_03_29_39.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_10_03_30_00.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_10_03_30_11.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_10_18_11_40.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_10_18_13_00.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_10_18_13_19.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_10_19_06_51.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_10_19_08_41.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_10_19_11_53.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_10_19_12_05.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_11_16_51_50.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_11_16_52_29.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_11_16_52_38.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_11_17_15_37.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_11_17_16_04.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_11_17_16_12.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_11_22_46_08.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_11_22_46_31.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_11_22_46_42.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_12_01_30_59.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_12_01_31_21.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_12_01_31_33.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_12_13_55_32.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_12_13_55_51.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_12_13_56_00.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_13_00_44_11.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_13_00_52_22.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_13_00_57_23.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_13_00_57_36.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_13_08_19_52.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_13_08_22_49.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_13_08_22_58.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_13_14_08_16.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_13_14_08_40.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_13_14_08_50.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_13_14_16_47.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_13_14_17_19.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_13_14_17_27.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_13_14_24_56.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_13_14_25_25.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_13_14_25_35.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_13_14_58_47.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_13_14_59_14.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_13_14_59_23.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_13_17_59_19.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_13_18_01_37.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_13_18_01_50.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_13_19_01_15.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_13_19_01_57.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_13_19_02_05.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_13_21_08_11.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_13_21_09_57.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_13_21_10_12.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_14_03_01_59.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_14_03_02_36.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_14_03_02_44.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_14_14_15_35.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_14_14_16_07.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_14_14_16_15.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_14_16_26_23.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_14_16_27_13.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_14_16_27_24.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_14_22_45_00.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_14_22_46_22.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_14_22_46_32.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_15_00_25_27.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_15_00_25_59.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_15_00_26_10.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_15_01_00_13.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_15_01_00_47.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_15_01_01_00.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_15_01_19_23.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_15_01_19_51.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_15_01_20_04.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_15_02_45_03.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_15_02_45_39.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_15_02_45_51.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_15_14_16_44.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_15_14_17_11.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_15_14_17_24.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_15_23_05_40.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_15_23_06_09.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_15_23_06_19.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_16_13_51_18.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_16_13_51_48.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_16_13_51_58.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_17_03_49_28.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_17_03_49_52.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_17_03_50_04.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_17_17_14_19.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_17_17_14_41.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_17_17_14_52.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_17_18_48_14.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_17_18_50_36.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_17_18_50_43.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_18_03_19_35.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_18_03_20_01.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_18_03_20_13.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_18_20_33_56.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_18_20_34_18.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_18_20_34_27.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_19_02_28_39.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_19_02_29_08.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_19_02_29_19.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_19_04_56_20.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_19_04_56_46.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_19_04_56_55.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_19_14_21_28.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_19_14_21_56.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_19_14_22_06.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_20_03_12_39.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_20_03_13_03.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_20_03_13_13.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_20_14_02_52.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_20_14_05_15.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_20_14_05_25.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_20_22_52_59.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_20_22_53_28.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_20_22_53_38.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_21_06_30_12.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_21_06_30_43.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_21_06_30_53.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_21_13_16_20.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_21_13_16_54.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_21_13_17_06.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_21_23_01_01.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_21_23_01_45.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_21_23_01_56.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_22_00_55_50.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_22_00_56_26.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_22_00_56_36.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_22_01_11_51.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_22_01_12_25.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_22_01_12_36.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_22_02_22_49.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_22_02_23_27.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_22_02_23_37.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_22_14_08_38.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_22_14_11_17.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_22_14_11_39.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_22_22_10_23.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_22_22_13_54.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_22_22_14_05.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_23_14_05_07.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_23_14_08_12.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_23_14_08_20.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_24_16_11_31.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_24_16_12_27.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_24_16_12_43.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_25_00_33_07.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_25_00_35_25.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_25_00_35_35.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_25_05_26_09.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_25_05_27_24.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_25_05_27_32.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_25_18_25_59.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_25_18_26_23.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_25_18_26_30.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_26_07_17_07.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_26_07_17_42.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_26_07_17_53.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_26_16_14_10.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_26_16_14_35.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_26_16_14_43.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_27_00_10_12.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_27_00_10_47.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_27_00_10_57.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_27_03_18_48.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_27_03_19_12.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_27_03_19_21.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_27_15_33_27.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_27_15_33_52.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_27_15_34_03.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_27_20_38_06.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_27_20_38_30.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_27_20_38_39.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_27_22_57_21.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_27_22_57_52.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_27_22_58_00.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_27_23_16_30.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_27_23_17_05.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_27_23_17_16.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_28_02_52_27.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_28_02_53_03.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_28_02_53_14.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_28_15_04_03.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_28_15_04_38.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_28_15_04_50.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_29_15_07_35.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_29_15_07_58.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_29_15_08_08.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_30_15_10_21.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_30_15_10_57.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_30_15_11_05.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_30_23_15_04.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_30_23_15_35.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_03_30_23_15_44.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_01_06_05_55.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_01_06_06_27.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_01_06_06_39.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_01_20_11_42.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_01_20_12_09.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_01_20_12_21.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_01_21_30_33.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_01_21_30_58.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_01_21_31_09.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_01_23_35_34.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_01_23_37_54.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_01_23_38_04.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_02_02_13_54.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_02_02_14_22.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_02_02_14_35.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_02_05_39_27.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_02_05_39_54.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_02_05_40_04.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_02_14_11_45.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_02_14_12_16.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_02_14_12_26.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_02_22_29_11.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_02_22_29_56.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_02_22_30_04.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_03_03_53_54.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_03_03_54_23.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_03_03_54_31.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_03_14_09_49.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_03_14_10_19.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_03_14_10_29.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_04_14_10_04.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_04_14_10_36.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_04_14_10_45.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_04_23_41_25.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_04_23_44_22.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_04_23_44_30.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_05_14_23_21.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_05_14_23_50.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_05_14_23_59.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_05_16_16_53.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_05_16_17_26.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_05_16_17_37.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_05_21_18_08.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_05_21_18_45.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_05_21_18_54.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_05_22_37_47.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_05_22_38_21.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_05_22_38_31.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_06_17_37_15.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_06_17_37_41.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_06_17_37_52.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_06_17_50_14.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_06_17_53_05.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_06_17_53_18.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_07_17_30_57.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_07_17_31_29.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_07_17_31_36.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_08_02_32_05.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_08_02_32_37.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_08_02_32_46.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_08_17_05_59.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_08_17_06_26.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_08_17_06_34.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_09_03_37_03.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_09_03_37_20.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_09_03_37_29.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_09_22_53_23.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_09_22_53_45.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_09_22_53_52.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_09_23_09_55.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_09_23_10_22.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_09_23_10_31.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_10_14_12_27.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_10_14_12_44.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_10_14_12_52.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_11_02_57_27.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_11_02_57_44.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_11_02_57_56.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_11_14_42_55.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_11_14_43_13.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_11_14_43_24.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_12_00_38_37.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_12_00_40_01.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_12_00_40_15.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_12_03_47_53.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_12_03_48_10.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_12_03_48_19.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_12_04_34_22.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_12_04_34_41.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_12_04_34_50.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_12_04_44_10.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_12_04_45_01.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_12_04_45_16.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_12_15_07_57.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_12_15_08_13.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_12_15_08_21.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_12_20_35_14.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_12_20_36_26.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_12_20_36_36.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_12_21_19_42.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_12_21_19_57.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_12_21_20_07.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_13_03_29_39.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_13_03_29_57.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_13_03_30_05.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_13_14_30_54.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_13_14_31_13.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_13_14_31_21.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_13_18_30_39.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_13_18_31_00.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_13_18_31_08.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_14_15_19_20.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_14_15_19_44.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_14_15_19_53.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_14_18_38_41.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_14_18_40_24.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_14_18_40_35.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_15_04_45_47.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_15_04_46_08.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_15_04_46_17.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_15_16_14_30.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_15_16_14_47.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_15_16_14_58.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_16_14_14_11.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_16_14_14_30.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_16_14_14_40.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_17_14_10_00.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_17_14_10_20.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_17_14_10_31.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_18_00_50_26.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_18_00_50_43.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_18_00_50_51.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_18_05_10_06.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_18_05_10_20.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_18_05_10_28.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_18_14_11_13.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_18_14_11_35.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_18_14_11_43.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_18_23_23_09.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_18_23_23_33.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_18_23_23_42.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_19_03_42_09.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_19_03_43_47.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_19_03_44_02.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_19_14_20_26.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_19_14_22_35.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_19_14_22_49.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_19_22_57_00.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_19_22_57_24.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_19_22_57_32.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_24_14_42_51.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_24_14_43_44.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_24_14_43_53.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_25_00_53_54.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_25_00_54_13.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_25_00_54_20.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_25_14_11_58.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_25_14_12_14.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_25_14_12_21.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_26_01_03_33.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_26_01_03_53.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_26_01_04_01.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_26_13_57_48.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_26_13_58_05.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_26_13_58_14.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_26_22_51_59.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_26_22_52_16.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_26_22_52_25.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_27_04_13_23.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_27_04_13_37.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_27_04_13_47.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_27_06_46_29.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_27_06_46_43.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_27_06_46_51.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_27_14_02_03.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_27_14_02_22.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_27_14_02_33.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_27_16_21_24.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_27_16_21_45.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_27_16_21_53.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_27_16_30_27.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_27_16_30_45.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_27_16_30_53.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_28_04_33_27.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_28_04_33_41.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_28_04_33_50.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_28_16_28_30.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_28_16_30_18.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_28_16_30_26.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_28_16_32_31.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_28_16_32_48.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_28_16_32_58.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_28_17_03_49.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_28_17_04_09.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_28_17_04_18.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_28_17_24_54.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_28_17_25_14.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_28_17_25_23.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_29_16_32_06.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_29_16_32_32.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_29_16_32_41.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_29_20_22_35.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_29_20_22_57.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_29_20_23_06.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_30_02_23_38.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_30_02_24_02.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_30_02_24_11.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_30_02_40_04.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_30_02_40_24.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_30_02_40_32.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_30_04_59_03.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_30_04_59_34.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_30_04_59_42.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_30_14_08_56.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_30_14_09_12.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_30_14_09_20.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_30_16_25_19.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_30_16_25_37.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_30_16_25_44.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_30_18_51_00.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_30_18_51_15.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_04_30_18_51_22.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_05_01_03_50_03.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_05_01_03_50_19.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_05_01_03_50_28.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_05_01_14_07_33.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_05_01_14_07_50.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_05_01_14_07_57.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_05_01_16_12_28.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_05_01_16_12_45.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_05_01_16_12_52.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_05_01_16_49_37.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_05_01_16_49_59.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_05_01_16_50_06.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_05_01_20_08_26.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_05_01_20_08_42.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_05_01_20_08_50.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_05_01_20_18_19.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_05_01_20_18_33.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_05_01_20_18_40.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_05_01_20_42_39.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_05_01_20_42_58.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_05_01_20_43_06.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_05_01_20_50_46.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_05_01_20_51_00.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_05_01_20_51_07.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_05_01_21_27_12.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_05_01_21_27_28.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_05_01_21_27_35.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_05_01_21_32_53.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_05_01_21_35_19.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_05_01_21_35_32.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_05_01_21_38_27.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_05_01_21_38_52.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_05_01_21_39_01.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_05_01_21_41_34.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_05_01_21_41_46.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_05_01_21_41_53.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_05_01_21_52_27.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_05_01_21_52_48.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_05_01_21_52_55.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_05_01_22_39_30.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_05_01_22_39_51.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_05_01_22_39_58.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_05_01_23_18_09.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_05_01_23_18_28.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_05_01_23_18_36.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_05_02_02_07_24.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_05_02_02_07_39.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_05_02_02_07_47.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_05_02_02_21_08.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_05_02_02_21_18.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_05_02_02_21_25.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_05_07_06_51_00.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_05_07_06_53_37.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_05_07_06_53_52.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_05_07_07_25_52.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_05_07_07_29_11.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_05_07_07_29_30.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_05_07_14_13_22.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_05_07_14_13_43.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_05_07_14_13_50.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_05_07_15_33_22.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_05_07_15_33_57.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_05_07_15_34_06.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_05_07_16_44_18.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_05_07_16_44_44.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_05_07_16_44_52.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_05_07_17_32_22.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_05_07_17_32_49.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_05_07_17_32_57.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_05_07_19_34_32.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_05_07_19_34_50.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_05_07_19_34_56.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_05_07_23_30_53.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_05_07_23_33_25.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_05_07_23_33_37.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_05_08_00_39_25.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_05_08_00_41_18.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_05_08_00_41_24.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_05_08_02_51_14.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_05_08_02_54_28.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_05_08_02_54_42.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_05_08_03_22_19.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_05_08_03_23_45.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_05_08_03_24_13.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_05_08_03_26_44.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_05_08_03_28_13.dmp moved successfully.
C:\Windows\SysWow64\(null)AAWService__2012_05_08_03_28_21.dmp moved successfully.
C:\Users\pcwt5\Application Data\Microsoft\Internet Explorer\Quick Launch\Data_Recovery.lnk moved successfully.
< sc delete HitmanProScheduler /c >
[SC] OpenService FAILED 1060:
The specified service does not exist as an installed service.
C:\Users\pcwt5\Desktop\cmd.bat deleted successfully.
C:\Users\pcwt5\Desktop\cmd.txt deleted successfully.
< sc delete Boot /c >
[SC] OpenService FAILED 1060:
The specified service does not exist as an installed service.
C:\Users\pcwt5\Desktop\cmd.bat deleted successfully.
C:\Users\pcwt5\Desktop\cmd.txt deleted successfully.
< sc delete bProtector /c >
[SC] OpenService FAILED 1060:
The specified service does not exist as an installed service.
C:\Users\pcwt5\Desktop\cmd.bat deleted successfully.
C:\Users\pcwt5\Desktop\cmd.txt deleted successfully.
< sc delete Lbd /c >
[SC] OpenService FAILED 1060:
The specified service does not exist as an installed service.
C:\Users\pcwt5\Desktop\cmd.bat deleted successfully.
C:\Users\pcwt5\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: AppData

User: Binki
->Flash cache emptied: 3290 bytes

User: Default
->Flash cache emptied: 56475 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Guest
->Flash cache emptied: 58632 bytes

User: Kev
->Flash cache emptied: 2834 bytes

User: Mcx1-PCWT5-VAIO
->Flash cache emptied: 41620 bytes

User: pcwt5
->Flash cache emptied: 58699 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

[EMPTYJAVA]

User: All Users

User: AppData

User: Binki

User: Default

User: Default User

User: Guest
->Java cache emptied: 463 bytes

User: Kev

User: Mcx1-PCWT5-VAIO

User: pcwt5
->Java cache emptied: 13896842 bytes

User: Public

Total Java Files Cleaned = 13.00 mb

OTL by OldTimer - Version 3.2.42.3 log created on 05112012_164307

Files\Folders moved on Reboot...
C:\ProgramData\bProtector folder moved successfully.

Registry entries deleted on Reboot...

#17
nightporter

Posted 11 May 2012 - 10:23 AM

Member

Topic Starter
Member
17 posts

Orcas Island look idylic. I'm originally from the green and pleasant Isle of Wight, lived half my life in London and now in Queretaro Mexico. I wish I could have the countryside and the sun, here its quite desert like. http://g.co/maps/q6btd 'A', is where I am.

The OTL Quick Scan Results:-

OTL logfile created on: 5/11/2012 4:56:47 PM - Run 4
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\pcwt5\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.84 Gb Total Physical Memory | 2.11 Gb Available Physical Memory | 55.01% Memory free
7.68 Gb Paging File | 5.84 Gb Available in Paging File | 76.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 288.66 Gb Total Space | 126.99 Gb Free Space | 43.99% Space Free | Partition Type: NTFS
Drive D: | 100.00 Mb Total Space | 61.87 Mb Free Space | 61.87% Space Free | Partition Type: NTFS

Computer Name: PCWT5-VAIO | User Name: pcwt5 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2012/05/07 17:11:16 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\pcwt5\Desktop\OTL.exe
PRC - [2012/03/11 14:48:36 | 001,652,536 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
PRC - [2012/03/11 14:48:36 | 000,931,640 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2012/02/07 20:17:42 | 000,065,448 | ---- | M] (Raptr, Inc) -- C:\Program Files (x86)\Raptr\raptr.exe
PRC - [2012/02/07 20:17:42 | 000,043,944 | ---- | M] (Raptr, Inc) -- C:\Program Files (x86)\Raptr\raptr_im.exe
PRC - [2012/01/07 02:45:30 | 000,653,640 | ---- | M] () -- C:\Program Files (x86)\Expat Shield\bin\openvpntray.exe
PRC - [2012/01/06 19:32:46 | 000,331,608 | ---- | M] () -- C:\Program Files (x86)\Expat Shield\bin\openvpnas.exe
PRC - [2012/01/05 00:02:02 | 000,329,544 | ---- | M] () -- C:\Program Files (x86)\Expat Shield\bin\hsswd.exe
PRC - [2012/01/05 00:01:58 | 000,363,336 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Expat Shield\HssWPR\hsssrv.exe
PRC - [2011/12/21 23:13:46 | 000,206,504 | ---- | M] (Visicom Media Inc. (Powered by Panda Security)) -- C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
PRC - [2011/11/02 17:52:06 | 000,021,392 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2011/11/02 17:51:54 | 003,508,624 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2011/01/30 16:45:14 | 000,821,144 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2010/10/25 14:59:40 | 000,057,344 | ---- | M] (Apache Software Foundation) -- c:\Smsltd\Sam\platform\tomcat\bin\tomcat5.exe
PRC - [2010/08/18 18:04:14 | 000,101,376 | ---- | M] (Simpo Technologies) -- C:\Program Files (x86)\Simpo PDF Creator Lite\SpcLiteSrv.exe
PRC - [2009/12/03 02:57:52 | 000,026,624 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe
PRC - [2009/07/28 01:58:36 | 000,099,624 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe
PRC - [2009/07/02 02:54:04 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2009/07/01 20:49:34 | 000,204,648 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
PRC - [2009/07/01 20:49:34 | 000,112,488 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2009/06/26 23:35:04 | 000,468,264 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
PRC - [2009/06/05 03:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/05 03:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/05/26 18:23:14 | 000,317,288 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
PRC - [2008/09/18 19:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
PRC - [2007/10/17 16:22:56 | 000,352,256 | ---- | M] () -- C:\Program Files (x86)\InstantEyedropper\InstantEyedropper.exe

========== Modules (No Company Name) ==========

MOD - [2012/05/11 16:51:02 | 000,115,137 | ---- | M] () -- C:\Users\pcwt5\AppData\Local\Temp\b3ac04aa-9413-4ecb-ac45-ed44495e62a6\CliSecureRT.dll
MOD - [2012/05/09 19:09:53 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\888be382c48887c830026806a9587e31\System.Management.ni.dll
MOD - [2012/05/09 19:07:29 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\1378a1c9290882206f4d5a6561bfc5d7\System.Runtime.Remoting.ni.dll
MOD - [2012/05/09 19:07:14 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\a07e3882af9ea368a54742fc19c86662\System.Xaml.ni.dll
MOD - [2012/05/09 07:46:42 | 018,019,328 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\aceee343625b7f4576e6d48fb91977e3\PresentationFramework.ni.dll
MOD - [2012/05/09 07:46:41 | 013,197,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\33d45f88d59de3b84f2ed79095e29f41\System.Windows.Forms.ni.dll
MOD - [2012/05/09 07:46:23 | 001,665,536 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5654b44c3d45f7863f6d3d218a87967a\System.Drawing.ni.dll
MOD - [2012/05/09 07:46:02 | 011,469,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\5eb81f84116fecd08f3acf0603204457\PresentationCore.ni.dll
MOD - [2012/05/09 07:45:51 | 007,070,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\22d54437cf1de9478f5c2c23f07eb9d6\System.Core.ni.dll
MOD - [2012/05/09 07:45:40 | 003,881,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\8729094857a3f3185deec237ef30b087\WindowsBase.ni.dll
MOD - [2012/05/09 07:45:36 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\1084708d3872b8e64f7ec88145298b2d\System.Xml.ni.dll
MOD - [2012/05/09 07:45:29 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\eaeaf5f980c23f6075820513748695d9\PresentationFramework.Aero.ni.dll
MOD - [2012/05/09 07:45:26 | 009,092,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff7c4aa829c327b186ef85cff3289bdf\System.ni.dll
MOD - [2012/05/09 07:45:14 | 014,415,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\90842cf922c71c82718ba71d5801c30c\mscorlib.ni.dll
MOD - [2012/05/08 20:35:47 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll
MOD - [2012/05/08 05:06:18 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\075d9c27aa02085fef8983b5f5f85834\System.ServiceProcess.ni.dll
MOD - [2012/05/08 05:04:25 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll
MOD - [2012/05/08 05:03:59 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012/05/08 05:03:54 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012/05/08 05:03:53 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2012/05/08 05:03:46 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2012/01/07 02:45:30 | 000,653,640 | ---- | M] () -- C:\Program Files (x86)\Expat Shield\bin\openvpntray.exe
MOD - [2012/01/06 19:38:32 | 000,009,544 | ---- | M] () -- C:\Program Files (x86)\Expat Shield\bin\lang\gui-eng.dll
MOD - [2011/11/22 01:47:46 | 000,468,992 | ---- | M] () -- C:\Program Files (x86)\Raptr\PyQt4.QtNetwork.pyd
MOD - [2011/11/22 01:47:44 | 001,609,728 | ---- | M] () -- C:\Program Files (x86)\Raptr\PyQt4.QtCore.pyd
MOD - [2011/11/22 01:47:44 | 000,302,592 | ---- | M] () -- C:\Program Files (x86)\Raptr\PyQt4.QtWebKit.pyd
MOD - [2011/11/22 01:47:42 | 005,694,976 | ---- | M] () -- C:\Program Files (x86)\Raptr\PyQt4.QtGui.pyd
MOD - [2011/11/22 01:46:28 | 000,067,072 | ---- | M] () -- C:\Program Files (x86)\Raptr\sip.pyd
MOD - [2011/11/10 17:11:00 | 000,557,056 | ---- | M] () -- C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
MOD - [2011/11/02 17:52:06 | 000,021,392 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/10/24 19:50:38 | 000,079,360 | ---- | M] () -- C:\Program Files (x86)\Raptr\easyhook32.dll
MOD - [2011/10/24 19:49:56 | 002,717,595 | ---- | M] () -- C:\Program Files (x86)\Raptr\heliotrope._purple.pyd
MOD - [2011/09/09 00:47:40 | 001,183,699 | ---- | M] () -- C:\Program Files (x86)\Raptr\liboscar.dll
MOD - [2011/09/09 00:47:36 | 001,640,221 | ---- | M] () -- C:\Program Files (x86)\Raptr\libjabber.dll
MOD - [2011/09/09 00:47:32 | 001,052,194 | ---- | M] () -- C:\Program Files (x86)\Raptr\libymsg.dll
MOD - [2011/09/09 00:47:22 | 000,495,680 | ---- | M] () -- C:\Program Files (x86)\Raptr\plugins\libaim.dll
MOD - [2011/09/09 00:47:22 | 000,483,306 | ---- | M] () -- C:\Program Files (x86)\Raptr\plugins\libicq.dll
MOD - [2011/09/09 00:47:16 | 000,655,356 | ---- | M] () -- C:\Program Files (x86)\Raptr\plugins\libirc.dll
MOD - [2011/09/09 00:47:16 | 000,603,326 | ---- | M] () -- C:\Program Files (x86)\Raptr\plugins\ssl-nss.dll
MOD - [2011/09/09 00:47:14 | 000,497,782 | ---- | M] () -- C:\Program Files (x86)\Raptr\plugins\libyahoojp.dll
MOD - [2011/09/09 00:47:14 | 000,474,199 | ---- | M] () -- C:\Program Files (x86)\Raptr\plugins\ssl.dll
MOD - [2011/09/09 00:47:10 | 001,306,387 | ---- | M] () -- C:\Program Files (x86)\Raptr\plugins\libmsn.dll
MOD - [2011/09/09 00:47:04 | 000,565,461 | ---- | M] () -- C:\Program Files (x86)\Raptr\plugins\libxmpp.dll
MOD - [2011/09/09 00:46:56 | 000,506,276 | ---- | M] () -- C:\Program Files (x86)\Raptr\plugins\libyahoo.dll
MOD - [2011/08/07 17:47:27 | 000,516,368 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\28896\RapportMS.dll
MOD - [2011/02/15 19:17:28 | 001,213,633 | ---- | M] () -- C:\Program Files (x86)\Raptr\libxml2-2.dll
MOD - [2011/02/15 19:17:28 | 000,417,501 | ---- | M] () -- C:\Program Files (x86)\Raptr\sqlite3.dll
MOD - [2010/11/23 00:06:22 | 000,055,808 | ---- | M] () -- C:\Program Files (x86)\Raptr\zlib1.dll
MOD - [2010/11/22 23:57:36 | 002,042,368 | ---- | M] () -- C:\Program Files (x86)\Raptr\libtorrent.pyd
MOD - [2010/11/22 23:57:34 | 000,167,936 | ---- | M] () -- C:\Program Files (x86)\Raptr\win32gui.pyd
MOD - [2010/11/22 23:57:34 | 000,111,104 | ---- | M] () -- C:\Program Files (x86)\Raptr\win32file.pyd
MOD - [2010/11/22 23:57:34 | 000,096,256 | ---- | M] () -- C:\Program Files (x86)\Raptr\win32api.pyd
MOD - [2010/11/22 23:57:34 | 000,036,352 | ---- | M] () -- C:\Program Files (x86)\Raptr\win32process.pyd
MOD - [2010/11/22 23:57:18 | 000,141,312 | ---- | M] () -- C:\Program Files (x86)\Raptr\gobject._gobject.pyd
MOD - [2010/11/22 23:57:06 | 000,263,168 | ---- | M] () -- C:\Program Files (x86)\Raptr\win32com.shell.shell.pyd
MOD - [2010/11/22 23:56:56 | 000,354,304 | ---- | M] () -- C:\Program Files (x86)\Raptr\pythoncom26.dll
MOD - [2010/11/22 23:56:56 | 000,110,592 | ---- | M] () -- C:\Program Files (x86)\Raptr\pywintypes26.dll
MOD - [2010/11/22 23:56:26 | 000,324,608 | ---- | M] () -- C:\Program Files (x86)\Raptr\PIL._imaging.pyd
MOD - [2010/11/22 23:56:02 | 000,805,376 | ---- | M] () -- C:\Program Files (x86)\Raptr\_ssl.pyd
MOD - [2010/11/22 23:56:02 | 000,583,680 | ---- | M] () -- C:\Program Files (x86)\Raptr\unicodedata.pyd
MOD - [2010/11/22 23:56:02 | 000,356,864 | ---- | M] () -- C:\Program Files (x86)\Raptr\_hashlib.pyd
MOD - [2010/11/22 23:56:02 | 000,127,488 | ---- | M] () -- C:\Program Files (x86)\Raptr\pyexpat.pyd
MOD - [2010/11/22 23:56:02 | 000,087,040 | ---- | M] () -- C:\Program Files (x86)\Raptr\_ctypes.pyd
MOD - [2010/11/22 23:56:02 | 000,044,544 | ---- | M] () -- C:\Program Files (x86)\Raptr\_sqlite3.pyd
MOD - [2010/11/22 23:56:02 | 000,043,008 | ---- | M] () -- C:\Program Files (x86)\Raptr\_socket.pyd
MOD - [2010/11/22 23:56:02 | 000,009,216 | ---- | M] () -- C:\Program Files (x86)\Raptr\winsound.pyd
MOD - [2008/09/03 23:55:38 | 004,478,680 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2007/10/17 16:22:56 | 000,352,256 | ---- | M] () -- C:\Program Files (x86)\InstantEyedropper\InstantEyedropper.exe

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/08/12 00:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/24 05:34:31 | 000,189,984 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe -- (RtkAudioService)
SRV:64bit: - [2009/07/16 18:36:56 | 000,411,496 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/02 02:54:02 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/06/26 23:56:10 | 000,357,672 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr)
SRV:64bit: - [2009/06/26 23:35:04 | 000,468,264 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV:64bit: - [2009/06/18 03:50:30 | 000,110,888 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
SRV - [2012/05/02 03:27:17 | 008,252,840 | ---- | M] (SurfRight B.V.) [Auto | Stopped] -- C:\Users\pcwt5\Desktop\HitmanPro36_x64.exe -- (HitmanPro36CrusaderBoot) HitmanPro 3.6 Crusader (Boot)
SRV - [2012/03/11 14:48:36 | 000,931,640 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2012/02/15 14:30:18 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/06 19:39:16 | 000,077,520 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Expat Shield\bin\ExpatTrayService.exe -- (ExpatTrayService)
SRV - [2012/01/06 19:32:46 | 000,331,608 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Expat Shield\bin\openvpnas.exe -- (ExpatShieldService)
SRV - [2012/01/05 00:02:02 | 000,329,544 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Expat Shield\bin\hsswd.exe -- (ExpatWd)
SRV - [2012/01/05 00:01:58 | 000,363,336 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files (x86)\Expat Shield\HssWPR\hsssrv.exe -- (ExpatSrv)
SRV - [2011/10/15 03:33:52 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/10/25 14:59:40 | 000,057,344 | ---- | M] (Apache Software Foundation) [Auto | Running] -- c:\Smsltd\Sam\platform\tomcat\bin\tomcat5.exe -- (smsltdsam)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/07/31 21:09:12 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Stopped] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)
SRV - [2009/07/28 01:58:40 | 000,091,432 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe -- (SOHPlMgr)
SRV - [2009/07/28 01:58:38 | 000,427,304 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)
SRV - [2009/07/28 01:58:38 | 000,075,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2009/07/28 01:58:38 | 000,070,952 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe -- (SOHDBSvr)
SRV - [2009/07/28 01:58:36 | 000,120,104 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2009/07/23 19:39:38 | 000,313,264 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2009/07/23 00:03:04 | 000,642,920 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2009/07/01 20:49:34 | 000,204,648 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/05 03:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/09/18 19:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/08 02:33:50 | 000,065,600 | ---- | M] (microOLAP Technologies LTD) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pssdklbf.sys -- (PSSDKLBF)
DRV:64bit: - [2012/04/08 02:33:46 | 000,053,312 | ---- | M] (microOLAP Technologies LTD) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pssdk42.sys -- (PSSDK42)
DRV:64bit: - [2012/03/11 14:48:52 | 000,063,760 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\RapportKE64.sys -- (RapportKE64)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/27 02:25:54 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.)
DRV:64bit: - [2011/10/27 02:25:54 | 000,095,928 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV:64bit: - [2011/08/02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/07/22 17:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 22:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/05 02:19:52 | 000,034,040 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\DrmRAudio.sys -- (DrmRAudio)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/16 12:26:38 | 000,046,112 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tbhsd.sys -- (tbhsd)
DRV:64bit: - [2010/09/23 01:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/09/22 20:19:02 | 000,056,832 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HssDrv.sys -- (HssDrv)
DRV:64bit: - [2010/09/22 20:19:02 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2009/08/05 02:22:40 | 000,139,264 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV:64bit: - [2009/08/05 02:20:51 | 007,345,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/08/03 21:06:34 | 000,250,928 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009/07/31 21:29:11 | 001,484,800 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/07/31 21:14:14 | 000,076,288 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsn64.sys -- (risdptsk)
DRV:64bit: - [2009/07/31 21:13:51 | 000,086,528 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimssn64.sys -- (rimsptsk)
DRV:64bit: - [2009/07/31 21:09:12 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2009/07/31 21:09:08 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV:64bit: - [2009/07/31 21:02:03 | 000,393,216 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/07/30 21:41:17 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/07/30 21:41:16 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/07/30 21:41:16 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/07/30 21:40:45 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009/07/27 21:27:10 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/24 06:24:03 | 000,201,472 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/11 21:19:09 | 000,011,392 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV:64bit: - [2009/06/10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 21:04:10 | 005,435,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/05 02:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/26 23:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV:64bit: - [2009/05/20 11:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/06/27 07:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2008/04/08 10:53:10 | 000,022,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\semcreserved64.sys -- (SEMCReserved)
DRV:64bit: - [2008/04/08 10:52:58 | 000,023,040 | ---- | M] (Sony Ericsson) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\seu4scard64.sys -- (Sony_EricssonWWSC)
DRV:64bit: - [2008/04/08 10:51:52 | 000,362,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sembwwan.sys -- (sembwwan) Sony Ericsson PC300 Mobile Broadband Ethernet Control Drivers (WDM)
DRV:64bit: - [2008/04/08 10:51:48 | 000,396,800 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sembunic.sys -- (sembunic) Sony Ericsson PC300 Mobile Broadband Network Adapter SENECA (WDM)
DRV:64bit: - [2008/04/08 10:51:46 | 000,033,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sembnd5.sys -- (sembnd5) Sony Ericsson PC300 Mobile Broadband Network Adapter SENECA (NDIS)
DRV:64bit: - [2008/04/08 10:51:44 | 000,370,176 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sembmgmt.sys -- (sembmgmt) Sony Ericsson PC300 Mobile Broadband Device Management Drivers (WDM)
DRV:64bit: - [2008/04/08 10:51:42 | 000,445,952 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sembmdm2.sys -- (sembmdm2)
DRV:64bit: - [2008/04/08 10:51:38 | 000,019,456 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sembmdfl2.sys -- (sembmdfl2)
DRV:64bit: - [2008/04/08 10:51:32 | 000,362,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sembcard.sys -- (sembcard) Sony Ericsson PC300 Mobile Broadband Command Interface Drivers (WDM)
DRV:64bit: - [2008/04/08 10:51:30 | 000,302,080 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sembbus.sys -- (sembbus) SEMC WMC Composite Device driver (WDM)
DRV - [2012/03/11 14:48:52 | 000,061,712 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64)
DRV - [2012/03/11 14:48:52 | 000,055,056 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64)
DRV - [2011/12/15 18:00:06 | 000,397,520 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys -- (RapportCerberus_34302)
DRV - [2009/09/18 01:03:56 | 000,019,544 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Users\pcwt5\Downloads\PeerBlock_r162__x64_Release_(Vista)\pbfilter.sys -- (pbfilter)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008/08/14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.732: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\pcwt5\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/01/25 17:14:55 | 000,000,000 | ---D | M]

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U23 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\pcwt5\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\pcwt5\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\pcwt5\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Skype Click to Call = C:\Users\pcwt5\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
CHR - Extension: Gmail = C:\Users\pcwt5\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/05/07 15:34:54 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Expat Shield Class) - {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - C:\Program Files (x86)\Expat Shield\HssIE\ExpatIE_64.dll (AnchorFree Inc.)
O2 - BHO: (Expat Shield Class) - {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - C:\Program Files (x86)\Expat Shield\HssIE\ExpatIE.dll (AnchorFree Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [BbInstallUser] C:\Program Files\Bluebeam Software\Pushbutton PDF\Bluebeam Admin User.exe (Bluebeam Software, Inc.)
O4:64bit: - HKLM..\Run: [BbPrintMonitor] C:\Program Files\Common Files\Bluebeam Software\Brewery\V45\Printer Support\BBPrint.exe (Bluebeam Software, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PrintDisp] C:\Windows\SysNative\PrintDisp.exe (ActMask Co.,Ltd - http://www.all2pdf.com)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [Anti-phishing Domain Advisor] C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [MarketingTools] C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe (Sony Corporation)
O4 - HKLM..\Run: [SHTtray.exe] C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe (Sony Corporation)
O4 - HKLM..\Run: [Simpo PDF Creator Lite Server] C:\Program Files (x86)\Simpo PDF Creator Lite\SpcLiteSrv.exe (Simpo Technologies)
O4 - HKCU..\Run: [instanteyedropper] C:\Program Files (x86)\InstantEyedropper\InstantEyedropper.exe ()
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [Raptr] C:\Program Files (x86)\Raptr\raptrstub.exe (Raptr, Inc)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 4
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} http://mlvessel:8085...ms2/js/smsx.cab (MeadCo ScriptX)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1C3DE665-D259-4C72-9D7D-C51FCB4CCFB9} http://81.130.200.130/SysCamInst.cab (Panasonic Network Camera)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {96816368-C1E3-414D-A193-63C3CC921990} http://driftwoodbeac...MJPEGRender.ocx (MJPEGRender Control)
O16 - DPF: {C32FE9F1-A857-48B0-B7BF-065B5792F28D} http://82.153.20.10:...l_mpeg4_dec.cab (CAxMP4Dec Class)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://smslimited.w...ex/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=724 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F6C6BA11-BA8F-404F-A447-49C76C73EE3E}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FA9DA235-FB7C-44AE-9483-1F2F3870663E}: DhcpNameServer = 10.205.8.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/11 16:52:10 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{2DA76606-F037-4DA8-8834-B513A9F55D87}
[2012/05/11 16:51:47 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{30EB493C-44DE-4D64-9C4F-8EFB3B2D2788}
[2012/05/11 16:46:08 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/05/11 13:59:43 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{5170F865-FC72-4836-83A8-942B73F559B2}
[2012/05/11 13:59:27 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{B705D484-59F8-450C-B5F7-1723875218FD}
[2012/05/11 04:36:33 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/05/11 03:24:02 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{1A497A37-F485-4973-891E-BE6B72E777A9}
[2012/05/11 03:23:34 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{00009F41-9C42-40DF-A218-8DC056CDF9A0}
[2012/05/11 03:02:00 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{5A999999-3D5F-46C1-8E21-D721B3D92826}
[2012/05/11 03:01:34 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{220AE71B-8D9B-4C8E-B519-9A9FE7AC82C5}
[2012/05/11 00:56:17 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{C5CD9AAA-F16B-4B04-8A79-F60BA713CFD6}
[2012/05/11 00:55:55 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{B4CBB598-B0E2-483C-B425-B849A473FB7E}
[2012/05/10 14:08:11 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{67A43324-26B0-4500-B72C-39572CCC26AD}
[2012/05/10 14:06:10 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{9D053D07-8F93-4205-B0DF-075B86C2ADEA}
[2012/05/10 01:51:39 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{54A7239B-BCE7-4F82-ADEA-62B746566C56}
[2012/05/10 01:51:01 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{CC353AAE-CB99-4F55-993D-B07704B9C13B}
[2012/05/09 23:06:13 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{CAAC2C61-A498-4596-8319-7602DBA691A6}
[2012/05/09 23:05:43 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{D80CACFF-0682-4F91-A2D5-51F9EB545CE0}
[2012/05/09 18:05:02 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\Apartments in Queretaro2
[2012/05/09 14:10:48 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{66446E92-3559-4369-A0AA-7A6DC8FC032E}
[2012/05/09 14:10:19 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{F4EEB084-9E6A-4802-90A1-15591BE38648}
[2012/05/09 07:40:15 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/05/09 07:38:05 | 000,000,000 | ---D | C] -- C:\4b4e1c05f1034865dd8c26be
[2012/05/09 05:51:23 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{2B177418-36BA-462D-92D9-177D943484C6}
[2012/05/09 05:51:09 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{B9CE8A29-6419-480B-BBCE-21935CB15581}
[2012/05/09 04:50:59 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{C3FE33D1-E838-4E1B-AA32-258887EE3A64}
[2012/05/09 04:50:24 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{3BCFAA96-4110-4968-82DD-39CE34684825}
[2012/05/08 22:39:06 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{67FF33F5-1C6B-4890-9F6F-80104C8991EA}
[2012/05/08 22:38:33 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{DAB78AD8-8862-40EC-89ED-38282681FA40}
[2012/05/08 19:48:29 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Roaming\Roxio Log Files
[2012/05/08 17:48:51 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{279E30A1-B237-4D56-A20C-EEBAC08D4AB5}
[2012/05/08 17:48:35 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{AE902CE2-87F1-4D9E-8B2A-61AB553AA50E}
[2012/05/08 14:17:31 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{B4ED3829-C62C-4657-89F9-75D0FA838265}
[2012/05/08 05:34:01 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{5194DD5B-E8FD-4B2E-9AEE-177CED146925}
[2012/05/08 05:33:43 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{1316EDE3-0026-4DA4-8560-84CD122000A0}
[2012/05/08 05:16:32 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{FECEB89E-20BF-4813-A4A4-D258AABD71E3}
[2012/05/08 05:16:17 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{005580A7-37F9-4E3D-AC92-E8C0403F7145}
[2012/05/08 04:03:50 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/05/08 02:04:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/05/08 02:04:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012/05/08 02:02:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012/05/08 00:14:17 | 003,255,248 | ---- | C] (Javacool Software LLC ) -- C:\Users\pcwt5\Desktop\spywareblastersetup46.exe
[2012/05/07 23:47:15 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2012/05/07 23:45:27 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2012/05/07 19:33:04 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/05/07 18:35:46 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{622035EC-FE47-400A-8998-0CA1BBA3BC7E}
[2012/05/07 18:35:35 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{7796F4C2-4BD5-467D-BE3E-7E762F5F1674}
[2012/05/07 17:19:32 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{74299221-BF3E-4DD3-BE7C-2C53C8EDC886}
[2012/05/07 17:19:18 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{B0D59B8A-D900-476F-959D-A6EBD4CE8164}
[2012/05/07 17:11:23 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\pcwt5\Desktop\OTL.exe
[2012/05/07 16:54:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/07 16:54:09 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/05/07 16:54:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/05/07 16:52:28 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\pcwt5\Desktop\mbam-setup-1.61.0.1400.exe
[2012/05/07 16:37:12 | 002,075,184 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\pcwt5\Desktop\tdsskiller.exe
[2012/05/07 15:35:59 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/05/07 14:52:04 | 004,486,979 | R--- | C] (Swearware) -- C:\Users\pcwt5\Documents\ComboFix.exe
[2012/05/07 14:17:10 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{8D9763BE-35C8-443F-898E-CBCD216E556F}
[2012/05/07 14:16:42 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{49535924-86CB-4CA1-8ED3-73221B603CA9}
[2012/05/07 07:57:25 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\pcwt5\Desktop\aswMBR.exe
[2012/05/07 07:29:51 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{1A780A6D-3F7D-47A1-87C5-3E153F89F024}
[2012/05/07 07:29:22 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{F93A5862-B9D5-41C0-9320-A8BA7625F96C}
[2012/05/07 06:53:51 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{11BEC418-E75C-4DE0-B54B-B1BCC265EE25}
[2012/05/06 15:33:32 | 000,000,000 | ---D | C] -- C:\FRST
[2012/05/02 05:43:38 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2012/05/02 03:26:12 | 008,252,840 | ---- | C] (SurfRight B.V.) -- C:\Users\pcwt5\Desktop\HitmanPro36_x64.exe
[2012/05/02 02:12:17 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{F5353179-622E-47AA-9532-7FD204C7B70C}
[2012/05/02 02:11:56 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{933A7BA7-EA40-4E13-9414-F3E2E90F3588}
[2012/05/01 23:22:55 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{E85104C4-2416-430E-BAE8-FF63DD741C55}
[2012/05/01 23:02:23 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{05F87219-D93B-418A-BEEC-9D2CACF2503E}
[2012/05/01 22:25:07 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{AB0E2318-2FD3-4888-92CE-51BE7B0E5478}
[2012/05/01 21:35:29 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{1E9708A6-62C2-47A0-A8BF-D4111CAE3C12}
[2012/05/01 21:30:31 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{A2975F85-EFFA-4B75-B6EB-38911A3DE0A5}
[2012/05/01 20:49:39 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{D18AF664-8FB8-4D02-BF01-B78A88226172}
[2012/05/01 20:49:36 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Recovery
[2012/05/01 20:49:18 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{021B4ECB-56E3-4844-B9EA-43E59C6576F6}
[2012/05/01 16:53:20 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{E78D314A-0FF3-45F2-AD60-640F565F4906}
[2012/05/01 16:52:42 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{1ADA076C-41D3-42E4-B40A-4D9EFF4CA05A}
[2012/05/01 16:15:43 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{3B207406-5269-40F8-BFCB-F0B8BB77D266}
[2012/05/01 16:14:55 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{075CAA42-8CEA-4FBB-BDFB-1ED928DE1D1F}
[2012/05/01 14:10:41 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{32B36069-735D-4CCA-A776-29B3565FE3DA}
[2012/05/01 14:10:15 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{AB03D844-CA98-4B74-BB32-D3D70394EE8B}
[2012/05/01 03:53:19 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{64FD770E-160E-4BBA-A849-9CB159B9659F}
[2012/05/01 03:52:54 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{52FF098F-2F01-4B83-834C-A9FDCDDDC138}
[2012/04/30 18:55:30 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{03FA506E-9631-44BD-85BD-A1A27E16823E}
[2012/04/30 18:55:04 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{2EDE731F-374B-403F-8E55-0241F8E58F86}
[2012/04/30 16:32:32 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{33600838-AA50-4D26-969E-1E4F5C46B515}
[2012/04/30 16:32:08 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{2FEEE62A-78AF-4546-B0C0-16D9AE495017}
[2012/04/30 15:29:47 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{C2CF7053-C654-42C5-B309-866771921306}
[2012/04/30 15:29:34 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{79B31A9F-FCD1-472C-A50D-7A3904E78E2B}
[2012/04/30 14:11:52 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{D3F65FE2-0574-47C8-8C19-FB662CF90ED6}
[2012/04/30 14:11:26 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{9EDF099C-70C3-4236-B234-870275134302}
[2012/04/30 05:02:57 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{2FBE040E-C82D-4463-ACD4-D9124F0D8E1E}
[2012/04/30 05:02:29 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{4CD64D5C-8771-458B-BCCF-D175B872D2EE}
[2012/04/30 02:43:49 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{CC418A48-DD5A-486B-A7F4-CE0D2B83E4E8}
[2012/04/30 02:43:10 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{D6AEC580-1A07-4B3A-BCE8-DD7E41DE6790}
[2012/04/30 02:28:31 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{576A53C0-CCD3-4BD2-A9C9-5B858017D6F8}
[2012/04/30 02:28:01 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{5FC3AE8E-E727-4BB0-921A-DEEF8FFE49AB}
[2012/04/29 20:26:14 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{553F0817-2044-4627-9F0D-B308963417A9}
[2012/04/29 20:25:41 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{CF5C11B9-00A8-4DF1-9A2B-9C6093128BAD}
[2012/04/29 17:19:05 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{558FE5DB-7EB1-4562-A264-12AB3C6BE863}
[2012/04/29 17:18:53 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{57F5021F-AB92-49D3-BD9C-2B24A4315BCF}
[2012/04/28 17:27:42 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{A47945CB-A781-4E5D-8B7D-C4BA3C9A749A}
[2012/04/28 17:27:10 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{B282FABB-52D9-4910-B8E2-9DFB3B0A3107}
[2012/04/28 17:06:46 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{1B382B8F-87EA-4636-BC81-CBD65E17A27D}
[2012/04/28 17:06:16 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{531B8A56-6C79-4811-AC81-94A7B9D88AFE}
[2012/04/28 16:35:46 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{2F80ECB8-52B9-4301-A1E4-6C4D9B6D586D}
[2012/04/28 16:35:13 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{9F9FEF7D-0527-45C4-AC87-6AEEE7184FC5}
[2012/04/28 04:37:56 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{E6872542-D5F7-47CE-BD23-36F9DCF97098}
[2012/04/28 04:37:32 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{108705A9-1A2B-48C7-8C74-AAABD8AC6BD9}
[2012/04/27 18:59:21 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{1F3721B6-A781-472F-83C7-9D27CBB578F9}
[2012/04/27 18:59:06 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{FB38EC1A-6AB6-4353-B878-388C7ADE7B96}
[2012/04/27 18:57:20 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{B426DF39-4D50-4388-BE99-03CF16ED7379}
[2012/04/27 18:57:04 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{C5188DF6-F7BA-4E8B-8821-A60698DA82CB}
[2012/04/27 18:39:35 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{2D581EFE-4700-4CAA-9158-676BD12A40AB}
[2012/04/27 18:39:19 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{3E7DAE22-3ED5-4B4E-AF3E-EB59A4DFF1BC}
[2012/04/27 16:33:35 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{D4BAF2C8-0F63-4CF9-97D4-1876CC0AED1E}
[2012/04/27 16:33:13 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{41F2DFE5-C6A2-421C-9EB2-3BDF470232C5}
[2012/04/27 14:54:11 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{A8FEA25A-B4C5-4029-BA6D-14B2BA8B80F9}
[2012/04/27 14:53:50 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{5B1EEF44-10B1-4D58-AE44-908835AA8397}
[2012/04/27 14:04:47 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{CD6A5E9D-A60B-4FF1-ACD4-A961812B18B6}
[2012/04/27 14:04:16 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{8ED8CBAA-63EE-423E-B9A1-5526E88DE3A4}
[2012/04/27 06:51:25 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{51E57184-713E-4E71-A8A2-1BA267E61EBD}
[2012/04/27 06:51:05 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{95DFD585-DA13-428F-B394-2688CBAA8F88}
[2012/04/27 04:16:12 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{5DFEB043-46D2-4D8D-9863-77F088DA354A}
[2012/04/27 04:15:44 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{D4FAEB01-F5EC-48DC-B88B-D0B90E307E26}
[2012/04/27 00:52:48 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{55DA07C6-E1F0-4E99-8DCC-132FB5D09D4A}
[2012/04/27 00:52:29 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{DFE1E5DF-D3A5-4447-8C60-F843DF81158C}
[2012/04/26 22:57:55 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{424DACEE-60F0-4829-B2C9-840C98C7738C}
[2012/04/26 22:57:41 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{C1C7A6EC-701E-41CC-88A1-162ACB714D1E}
[2012/04/26 22:54:36 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{7505BF48-DE75-4B24-A3D1-8C66AE470666}
[2012/04/26 22:54:07 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{04D8B1B1-16C2-4C26-BB7D-E457CA34D198}
[2012/04/26 16:25:25 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{46A188E6-A9CD-4819-A40B-588063915CE9}
[2012/04/26 16:25:11 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{CA922E3E-9C56-4BFD-B052-034CAB5CA1CE}
[2012/04/26 14:00:53 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{0A9DAF1E-4D2B-4AFE-BB38-015559D64F2E}
[2012/04/26 14:00:23 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{DCFAB97E-8821-465F-BB25-0E5C25000104}
[2012/04/26 02:29:51 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{8A7C4930-DF62-4A1E-BE63-18DA113D706E}
[2012/04/26 02:29:36 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{B207130E-BE6F-4F84-99EC-D00D0D36EAD2}
[2012/04/26 01:48:21 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{A4EA1576-8793-4475-A05B-C42EB59C6489}
[2012/04/26 01:48:08 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{20612B03-EF2B-4E63-A563-1E1CFFCBDE4A}
[2012/04/26 01:07:08 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{859EAD84-BF9A-443F-8086-6AD1B44038D4}
[2012/04/26 01:06:42 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{811A91E9-233A-4944-B2E8-103A75AF0BB7}
[2012/04/25 16:38:08 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{D1CA7815-275C-4288-8C42-5DAD0D8A3F3D}
[2012/04/25 14:22:29 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{33D6AC9C-7D95-4B5B-95C5-5BBE9475A908}
[2012/04/25 14:22:13 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{B4B205DC-3D03-4B8F-BBDA-66795296BF89}
[2012/04/25 00:58:54 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{D097A033-CFCB-4251-8AEE-22FAF638C6F2}
[2012/04/25 00:56:42 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{E83F3566-3329-492C-9ED5-A2516B66BE04}
[2012/04/24 14:48:40 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{32B105ED-CE6C-4BF2-AD4D-09A76BFEC0B6}
[2012/04/24 14:48:24 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{4D5E7009-355F-4DC5-9B62-34906DC4B5E2}
[2012/04/24 07:46:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GridinSoft Trojan Killer
[2012/04/24 04:24:27 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{97F48C24-A033-46DC-9CD8-ADCC8147FF21}
[2012/04/24 04:24:13 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{43AE9C61-05DE-4C91-853E-302F29661CCA}
[2012/04/24 04:23:57 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{C219EA38-300B-49BB-8F6F-9EC74DAB2307}
[2012/04/24 04:23:41 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{52996862-9F5F-4364-8E7A-2B9AF6018770}
[2012/04/23 16:23:10 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{69164B96-39E7-4A76-80E2-026A0B147615}
[2012/04/23 16:22:57 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{D6077CBC-A654-41DA-994E-592FD328ED83}
[2012/04/23 04:22:27 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{735FDAC4-2A2C-43EE-BA84-7A7399097F23}
[2012/04/23 04:22:15 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{288B7964-2EFA-43AF-93CA-28D15B4C3392}
[2012/04/23 04:22:02 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{89D02B0C-C3DD-486B-A895-D2945C76DED4}
[2012/04/23 04:21:48 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{29FF4DF6-8736-4AE0-AD15-062A7F1A748E}
[2012/04/22 16:21:19 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{C56441E2-8276-4920-85FB-0D31FD66FBD7}
[2012/04/22 16:21:02 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{722040FF-6460-45D1-8E32-7894DF0D9CCD}
[2012/04/21 17:28:49 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{199DE0D8-5874-43F0-8F47-76CBE3BACD1E}
[2012/04/21 17:28:04 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{5442258D-A63F-4949-8E15-DA761F238855}
[2012/04/21 02:18:25 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{A4934BAF-31E7-4B74-B910-8AD120F4EC23}
[2012/04/21 02:18:11 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{A1F149BD-6A28-4455-8460-7D1187E091F4}
[2012/04/20 14:17:18 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{4EA12E26-5A23-4697-A9EB-879467545178}
[2012/04/20 14:16:57 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{560730B6-ED93-48C1-ACE3-3594F6D781BD}
[2012/04/19 23:25:33 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{BF1DE36E-7F1C-45D1-839B-63F88C58528A}
[2012/04/19 23:24:59 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{91295554-F56C-4BE5-91FA-6C404F8567E2}
[2012/04/19 23:02:40 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{44C99892-68F9-4F98-83B7-D0B80B3F3FE1}
[2012/04/19 23:02:12 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{BF156C13-8B85-4654-A790-6F4D5A5C13C7}
[2012/04/19 22:38:20 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{0CB1BC80-E6B3-46D1-9779-C0996C454200}
[2012/04/19 22:38:05 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{D43A8419-CABA-4A29-A1BC-CA0E948AD6ED}
[2012/04/19 22:36:35 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{08F5D69C-7901-4EA1-98F6-430B2A2A0090}
[2012/04/19 22:36:19 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{18FF0A2E-8C82-42A7-BE9E-70AE7A2E5A04}
[2012/04/19 17:29:09 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{22374D4D-7C80-4349-A0B0-810A102FBAA4}
[2012/04/19 17:28:55 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{8DC38F73-3245-4E8C-8520-8EA3D8E01718}
[2012/04/19 17:05:15 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{57DE47CF-F98C-410A-ADE5-621D3CCF8804}
[2012/04/19 17:05:01 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{CE54D447-7509-4B67-B89D-02B40C894469}
[2012/04/19 14:52:36 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{1F8F429B-0543-4311-944D-FC66DFFC77CA}
[2012/04/19 14:52:21 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{70D9BC37-A4C0-4621-81EA-BE7152FC10BA}
[2012/04/19 14:28:28 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{61C5B988-DA83-4CFF-9CF7-E85D312B28C1}
[2012/04/19 14:27:40 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{BDAE4FCC-714F-4B4C-A51F-E76F39F072C2}
[2012/04/19 14:23:53 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{03C8D5CD-2DCF-4CD6-9B0E-337EC43B7D4B}
[2012/04/19 14:23:09 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{D9C5E915-63DA-4DFF-BCD0-B801B13F1323}
[2012/04/19 03:45:23 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{E2678831-FABB-4C75-A42E-7102B09F3A98}
[2012/04/19 03:44:46 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{82BBDDD2-A80A-4DD3-9255-AA985EEB91B6}
[2012/04/19 01:55:16 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{A53C9D78-AF14-4259-9481-FE19169F680A}
[2012/04/19 01:55:02 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{DA57205D-14AF-4E5A-8696-15769F382670}
[2012/04/19 00:19:41 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{1580ED82-76E1-4691-9FF8-0BDDDA1B5E38}
[2012/04/19 00:19:26 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{FA0BE2EC-3860-4287-9113-6F7A1E2785A5}
[2012/04/18 23:26:36 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{1B0B7B5F-8DDB-485F-8E1C-5FFE30CDCE10}
[2012/04/18 23:25:57 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{434C05BB-2966-4200-9BE4-7A2EB7C036FA}
[2012/04/18 14:45:05 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{87391CD7-E608-4341-BD74-FC3F999C0638}
[2012/04/18 14:20:19 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{B1C53AB1-B108-4FFB-8701-E86449390611}
[2012/04/18 14:19:55 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{A67D1F11-FE4B-4F67-9F70-666689508F63}
[2012/04/18 14:14:55 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{210A9212-1CB2-404E-95EB-A560BAA7E532}
[2012/04/18 14:14:14 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{58C575D5-4FC9-4DDA-BD09-3555E8BBE601}
[2012/04/18 06:31:30 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{8C07C826-F6A0-485D-AFF7-1DF31D64F785}
[2012/04/18 06:31:16 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{AD848781-E807-4088-9396-E91826AAD135}
[2012/04/18 05:15:01 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{B2EFE5D9-FBB7-4843-8964-0FAB9F2822EE}
[2012/04/18 05:14:31 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{C4398CE3-91B5-42FA-8050-FAB92BE703C5}
[2012/04/18 04:26:44 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{C45CA3AA-5444-4611-AA4E-21287E16D560}
[2012/04/18 04:26:26 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{58B8A91A-DC0F-4FCF-9DAD-EB2B7AC1D5F5}
[2012/04/18 00:54:40 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{F4A00506-46BF-43AC-8B61-71EDEDEBDAD2}
[2012/04/18 00:54:00 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{F02C6E1F-1F2A-465D-B7E7-03190852C68F}
[2012/04/17 15:49:12 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{3F96A602-47B6-4B85-BFBF-54550569C44C}
[2012/04/17 15:48:57 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{7EEA07A1-22C7-4BAE-926B-21AAFA611CFE}
[2012/04/17 14:18:41 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{2DACD392-0E0F-4446-9FE2-96CDABD918EF}
[2012/04/17 14:18:23 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{E18B719F-10C4-472B-9EFB-032FA7A63EFC}
[2012/04/17 14:15:07 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{A32B6CDD-863D-40EE-95CB-33F06DEA0D44}
[2012/04/17 14:14:44 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{F176C6E3-46CE-46A0-B510-7010FDD1DE4D}
[2012/04/17 14:11:57 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{F3A19CE7-9943-44CF-832A-1FFCCC18FC72}
[2012/04/17 06:49:50 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{E8001B5E-8B40-4597-9340-307654384186}
[2012/04/17 06:49:35 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{ABE57913-591E-46DF-AE23-7918AE6E8E39}
[2012/04/16 15:03:00 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{1489A46E-E4A1-427A-92D0-021AAA7D907A}
[2012/04/16 15:02:44 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{45365696-A885-4A1D-8B86-829555F8F299}
[2012/04/16 14:17:08 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{94DFC8FC-ED4D-4BC1-BCC8-1EF65E016879}
[2012/04/16 14:16:25 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{F0F60063-0DBF-4E48-B92E-348A294104CB}
[2012/04/16 04:23:02 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{D4B70738-FE3E-4827-A789-AE711623858B}
[2012/04/16 03:10:48 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{2CB0EE03-B12D-4BCB-9196-805CF535872F}
[2012/04/16 03:10:31 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{491945EF-E879-40B7-8EE8-AA17301D70F5}
[2012/04/15 16:23:09 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{2748E8F8-0D87-4266-88FF-5921A7D0990A}
[2012/04/15 16:22:06 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{68CEE430-B38E-405B-8AC4-55A1C7B0C317}
[2012/04/15 16:17:50 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{AF10622C-DBA9-48A2-B281-0572241D7946}
[2012/04/15 16:17:01 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{5FF3E234-1531-4C6B-87EB-983894087982}
[2012/04/15 07:50:12 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{E0D0AA84-6462-4F1B-A8D0-5574DFCF3007}
[2012/04/15 07:49:57 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{1E0D43D8-1EC0-4E4F-9F63-3CEB28890198}
[2012/04/15 04:49:41 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{9A484E71-F550-451B-A73B-E86739E27EBD}
[2012/04/15 04:49:03 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{67E0F8EA-7860-4AA6-8937-FE1DB5FCC905}
[2012/04/14 18:41:46 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{CB7FE5B6-6AD3-4E38-B371-6894CE3B287D}
[2012/04/14 18:41:02 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{ABEBD130-82C7-4C49-A985-F3E48C1C6183}
[2012/04/14 17:09:33 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{0B556D15-FD19-438D-8B94-6E6D61B41BCA}
[2012/04/14 17:09:20 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{0FC923E6-D953-44D5-B39F-9FFDADC407A5}
[2012/04/14 15:52:27 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{72A92459-7926-4922-BF6B-4463F8F80DC0}
[2012/04/14 15:52:11 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{5D47B65F-2F72-4B05-8D4D-48E8FD528978}
[2012/04/14 15:23:58 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{313F7EDF-4DF2-42A2-B895-0DA5AEDD31CC}
[2012/04/14 15:23:23 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{313D4C30-E78E-407A-920D-BBD688050117}
[2012/04/14 06:22:02 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{BF521969-D467-4031-A912-F52C09F8BDB3}
[2012/04/14 06:21:42 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{9840A383-5F1E-438D-9077-305671440D13}
[2012/04/14 00:06:12 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{81C5D2F1-0148-44C4-A76E-7C06AC1E192A}
[2012/04/14 00:05:53 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{9606C1EB-455B-4263-8ACE-2469480A4E09}
[2012/04/13 18:41:26 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{653DD3B9-D5AD-4AE9-9636-7C8FF0016088}
[2012/04/13 18:41:08 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{0067F58B-BB7D-4921-8415-A956CA5B91C2}
[2012/04/13 18:36:43 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{F3965CFE-5CCE-438F-B5DF-B1439CF3E79B}
[2012/04/13 18:36:14 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{A847926F-8746-4F4D-8509-DF3D811FD8C0}
[2012/04/13 14:35:08 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{E4DF7679-72FF-4292-8A85-FEF50CE70334}
[2012/04/13 14:34:32 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{828CCF63-AD4B-49B0-B936-BA2B43234980}
[2012/04/13 03:55:05 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{A4AB0C19-B51B-426E-83BB-08D24A444C79}
[2012/04/12 20:25:33 | 000,000,000 | ---D | C] -- C:\53d69b7d3999c7df3d785d5d
[2012/04/12 15:54:37 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{9BED58FD-B02C-4C85-8924-70F1E62D2FCD}
[2012/04/12 03:53:59 | 000,000,000 | ---D | C] -- C:\Users\pcwt5\AppData\Local\{0A0DBCC2-1F4A-4CC9-B8A7-91036D32088E}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/11 16:58:21 | 000,010,096 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/11 16:58:21 | 000,010,096 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/11 16:48:46 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/11 16:46:35 | 000,000,437 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2012/05/11 16:46:17 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2012/05/11 16:46:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/11 16:45:58 | 3094,622,208 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/11 16:35:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/11 06:31:16 | 000,002,074 | ---- | M] () -- C:\Users\pcwt5\Documents\Default.rdp
[2012/05/09 07:41:46 | 000,732,510 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/05/09 07:41:46 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/05/09 07:41:46 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/05/08 19:50:07 | 000,000,181 | ---- | M] () -- C:\Windows\WININIT.INI
[2012/05/08 03:28:03 | 002,375,560 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/05/08 02:48:23 | 000,002,560 | ---- | M] () -- C:\Windows\_MSRSTRT.EXE
[2012/05/08 01:04:24 | 000,013,923 | ---- | M] () -- C:\Users\pcwt5\Desktop\iexplore.exe - Shortcut.lnk
[2012/05/08 00:13:39 | 003,255,248 | ---- | M] (Javacool Software LLC ) -- C:\Users\pcwt5\Desktop\spywareblastersetup46.exe
[2012/05/07 18:16:51 | 000,061,440 | ---- | M] ( ) -- C:\Users\pcwt5\Desktop\VEW.exe
[2012/05/07 17:32:34 | 000,001,051 | ---- | M] () -- C:\Windows\SysWow64\tversity.cookies
[2012/05/07 17:11:16 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\pcwt5\Desktop\OTL.exe
[2012/05/07 16:54:10 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/07 16:53:28 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\pcwt5\Desktop\mbam-setup-1.61.0.1400.exe
[2012/05/07 16:37:20 | 002,075,184 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\pcwt5\Desktop\tdsskiller.exe
[2012/05/07 15:34:54 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/05/07 15:33:49 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/05/07 14:53:09 | 004,486,979 | R--- | M] (Swearware) -- C:\Users\pcwt5\Documents\ComboFix.exe
[2012/05/07 08:07:33 | 000,000,512 | ---- | M] () -- C:\Users\pcwt5\Desktop\MBR.dat
[2012/05/07 07:57:53 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\pcwt5\Desktop\aswMBR.exe
[2012/05/02 05:43:38 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2012/05/02 03:27:17 | 008,252,840 | ---- | M] (SurfRight B.V.) -- C:\Users\pcwt5\Desktop\HitmanPro36_x64.exe
[2012/04/20 08:57:58 | 000,002,641 | ---- | M] () -- C:\Users\pcwt5\.xmlcopyeditor
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/08 19:50:07 | 000,000,181 | ---- | C] () -- C:\Windows\WININIT.INI
[2012/05/08 02:48:23 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2012/05/08 01:04:24 | 000,013,923 | ---- | C] () -- C:\Users\pcwt5\Desktop\iexplore.exe - Shortcut.lnk
[2012/05/07 18:17:01 | 000,061,440 | ---- | C] ( ) -- C:\Users\pcwt5\Desktop\VEW.exe
[2012/05/07 16:54:10 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/05/07 15:16:01 | 000,000,834 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
[2012/05/07 15:15:47 | 000,002,486 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2012/05/07 15:15:47 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012/05/07 15:15:47 | 000,001,458 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2012/05/07 15:15:47 | 000,001,374 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2012/05/07 15:15:47 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
[2012/05/07 15:15:47 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/05/07 15:15:47 | 000,001,305 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2012/05/07 15:15:47 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2012/05/07 15:15:47 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2012/05/07 15:15:46 | 000,002,557 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk
[2012/05/07 15:15:46 | 000,002,266 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PMB.lnk
[2012/05/07 15:15:46 | 000,002,254 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Control Center.lnk
[2012/05/07 15:15:46 | 000,002,057 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Content Exporter.lnk
[2012/05/07 15:15:46 | 000,002,028 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Media plus.lnk
[2012/05/07 15:15:46 | 000,001,848 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk
[2012/05/07 15:15:46 | 000,001,823 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TextPad.lnk
[2012/05/07 15:15:46 | 000,001,817 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Gate.lnk
[2012/05/07 15:15:46 | 000,001,758 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Movie Story.lnk
[2012/05/07 15:15:46 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/05/07 15:15:46 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2012/05/07 15:15:46 | 000,001,129 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Transfer Support.lnk
[2012/05/07 15:15:46 | 000,001,069 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Recovery Center.lnk
[2012/05/07 15:15:46 | 000,000,988 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Data Restore Tool.lnk
[2012/05/07 15:15:46 | 000,000,923 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MusicStation.lnk
[2012/05/07 15:15:46 | 000,000,869 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sendoid.lnk
[2012/05/07 15:15:45 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/05/07 15:15:45 | 000,002,327 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Pixel Bender Toolkit.lnk
[2012/05/07 15:15:45 | 000,002,097 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Click to Disc.lnk
[2012/05/07 15:15:45 | 000,001,877 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
[2012/05/07 15:15:45 | 000,001,223 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Stock Photos CS3.lnk
[2012/05/07 15:15:45 | 000,001,215 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder CS4.lnk
[2012/05/07 15:15:45 | 000,001,137 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS3.lnk
[2012/05/07 15:15:45 | 000,001,097 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Widget Browser.lnk
[2012/05/07 15:15:45 | 000,001,085 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Flash CS4 Professional.lnk
[2012/05/07 15:15:45 | 000,001,037 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Click to Disc Editor.lnk
[2012/05/07 15:15:45 | 000,001,018 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Infix PDF Editor.lnk
[2012/05/07 15:15:45 | 000,000,997 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2012/05/07 15:15:45 | 000,000,993 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BBC iPlayer Desktop.lnk
[2012/05/07 15:15:44 | 000,001,551 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.5.lnk
[2012/05/07 15:15:44 | 000,001,407 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS4.lnk
[2012/05/07 15:15:44 | 000,001,379 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.5.lnk
[2012/05/07 15:15:44 | 000,001,283 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS4.lnk
[2012/05/07 15:15:44 | 000,001,257 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Flash CS3 Video Encoder.lnk
[2012/05/07 15:15:44 | 000,001,205 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS3.lnk
[2012/05/07 15:15:44 | 000,001,085 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Flash CS3 Professional.lnk
[2012/05/07 15:15:43 | 000,002,465 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk
[2012/05/07 15:15:43 | 000,002,453 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk
[2012/05/07 15:15:43 | 000,001,436 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Drive CS4.lnk
[2012/05/07 15:15:43 | 000,001,403 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit 2.lnk
[2012/05/07 15:15:43 | 000,001,278 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.5.lnk
[2012/05/07 15:15:43 | 000,001,247 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Dreamweaver CS5.5.lnk
[2012/05/07 15:15:43 | 000,001,192 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS4.lnk
[2012/05/07 15:15:43 | 000,001,192 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS3.lnk
[2012/05/07 15:15:43 | 000,001,161 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Dreamweaver CS3.lnk
[2012/05/07 15:15:43 | 000,001,099 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS4.lnk
[2012/05/07 15:15:43 | 000,001,099 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS3.lnk
[2012/05/07 15:15:42 | 000,002,174 | ---- | C] () -- C:\Users\Public\Desktop\Wireless Manager 5.lnk
[2012/05/07 15:15:42 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\Tunebite 7.lnk
[2012/05/07 15:15:42 | 000,001,066 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012/05/07 15:15:41 | 000,002,633 | ---- | C] () -- C:\Users\Public\Desktop\Disk Scrubber.lnk
[2012/05/07 15:15:41 | 000,002,043 | ---- | C] () -- C:\Users\Public\Desktop\Bluebeam PDF Revu.lnk
[2012/05/07 15:15:41 | 000,002,026 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
[2012/05/07 15:15:41 | 000,001,953 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
[2012/05/07 15:15:41 | 000,001,865 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2012/05/07 15:15:41 | 000,001,849 | ---- | C] () -- C:\Users\Public\Desktop\DrmRemoval.lnk
[2012/05/07 15:15:41 | 000,001,835 | ---- | C] () -- C:\Users\Public\Desktop\DrmRemoval CDRipper.lnk
[2012/05/07 15:15:41 | 000,001,819 | ---- | C] () -- C:\Users\Public\Desktop\Buy DrmRemoval Now.lnk
[2012/05/07 15:15:41 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/05/07 15:15:41 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/05/07 15:15:41 | 000,001,750 | ---- | C] () -- C:\Users\Public\Desktop\Browser Choice.lnk
[2012/05/07 15:15:41 | 000,001,687 | ---- | C] () -- C:\Users\Public\Desktop\Cheetah DVD Burner.lnk
[2012/05/07 15:15:41 | 000,001,273 | ---- | C] () -- C:\Users\Public\Desktop\Media Player Classic.lnk
[2012/05/07 15:15:41 | 000,001,264 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer SP.lnk
[2012/05/07 15:15:41 | 000,001,128 | ---- | C] () -- C:\Users\Public\Desktop\Expat Shield Launch.lnk
[2012/05/07 15:15:41 | 000,001,049 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/05/07 15:15:41 | 000,001,006 | ---- | C] () -- C:\Users\Public\Desktop\Infix PDF Editor.lnk
[2012/05/07 15:15:41 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\Beyond Compare 3.lnk
[2012/05/07 15:15:41 | 000,000,981 | ---- | C] () -- C:\Users\Public\Desktop\BBC iPlayer Desktop.lnk
[2012/05/07 15:15:41 | 000,000,968 | ---- | C] () -- C:\Users\Public\Desktop\RAR Password Unlocker.lnk
[2012/05/07 15:15:41 | 000,000,930 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2012/05/07 15:15:41 | 000,000,857 | ---- | C] () -- C:\Users\Public\Desktop\Sendoid.lnk
[2012/05/07 15:15:41 | 000,000,823 | ---- | C] () -- C:\Users\Public\Desktop\ROME.lnk
[2012/05/07 08:07:33 | 000,000,512 | ---- | C] () -- C:\Users\pcwt5\Desktop\MBR.dat
[2012/03/22 01:32:18 | 000,790,520 | ---- | C] () -- C:\Windows\SysWow64\protector.dll
[2012/02/05 07:09:22 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/02/05 07:09:22 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/02/05 07:09:22 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/02/05 07:09:22 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/02/05 07:09:22 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/11/12 19:26:45 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\cd.dat
[2011/10/31 12:22:42 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011/10/31 12:22:40 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011/10/31 12:22:40 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011/10/31 12:22:40 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011/10/31 12:22:38 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011/09/20 23:51:22 | 002,463,976 | ---- | C] () -- C:\Windows\SysWow64\NPSWF32.dll
[2011/09/13 17:10:48 | 000,001,374 | ---- | C] () -- C:\Windows\SysWow64\bash.exe.stackdump
[2011/07/31 19:31:38 | 003,854,848 | ---- | C] () -- C:\Windows\SysWow64\ffmpeg.dll
[2011/07/22 18:04:43 | 000,000,000 | ---- | C] () -- C:\Users\pcwt5\AppData\Local\{208D71D6-AA30-4F05-8E4E-A30C5855FED5}
[2011/07/19 20:08:04 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/07/19 20:06:48 | 000,259,584 | ---- | C] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll
[2011/07/19 20:06:36 | 000,158,208 | ---- | C] () -- C:\Windows\SysWow64\ff_unrar.dll
[2011/07/19 20:06:34 | 001,524,224 | ---- | C] () -- C:\Windows\SysWow64\ff_samplerate.dll
[2011/07/19 20:06:34 | 000,096,768 | ---- | C] () -- C:\Windows\SysWow64\ff_wmv9.dll
[2011/07/19 20:06:32 | 000,145,920 | ---- | C] () -- C:\Windows\SysWow64\ff_libmad.dll
[2011/07/19 20:06:30 | 000,136,704 | ---- | C] () -- C:\Windows\SysWow64\libmpeg2_ff.dll
[2011/07/19 20:06:30 | 000,113,664 | ---- | C] () -- C:\Windows\SysWow64\ff_liba52.dll
[2011/07/19 20:06:28 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\ff_libfaad2.dll
[2011/07/19 20:06:28 | 000,211,456 | ---- | C] () -- C:\Windows\SysWow64\ff_libdts.dll
[2011/06/27 14:52:44 | 000,000,000 | ---- | C] () -- C:\Users\pcwt5\AppData\Local\Lsalahalev.bin
[2011/06/27 14:52:43 | 000,000,120 | ---- | C] () -- C:\Users\pcwt5\AppData\Local\Szajejariv.dat
[2011/05/30 14:42:50 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/05/23 08:46:30 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/05/14 02:50:11 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/05/14 02:50:11 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/05/10 01:20:54 | 000,172,032 | ---- | C] () -- C:\Windows\SysWow64\viscomgifenc.dll
[2011/05/10 01:20:54 | 000,159,744 | ---- | C] () -- C:\Windows\SysWow64\viscomtran.dll
[2011/05/10 01:20:53 | 006,963,712 | ---- | C] () -- C:\Windows\SysWow64\videotrans.dll
[2011/05/10 01:20:53 | 000,452,608 | ---- | C] () -- C:\Windows\SysWow64\videoformat.dll
[2011/05/10 01:20:53 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\FoxImager.dll
[2011/05/10 01:20:53 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2011/05/10 01:20:53 | 000,154,624 | ---- | C] () -- C:\Windows\SysWow64\imgscaler.dll
[2011/05/10 01:20:53 | 000,028,160 | ---- | C] () -- C:\Windows\SysWow64\img_utils.dll
[2011/05/10 01:20:53 | 000,019,456 | ---- | C] () -- C:\Windows\SysWow64\videocore.dll
[2011/04/12 05:36:48 | 000,000,000 | ---- | C] () -- C:\Windows\winfile.ini
[2011/03/08 15:03:26 | 000,000,317 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2011/03/03 12:40:08 | 000,150,528 | ---- | C] () -- C:\Windows\SysWow64\mkx.dll
[2011/03/03 12:39:56 | 000,109,568 | ---- | C] () -- C:\Windows\SysWow64\avi.dll
[2011/03/03 12:39:46 | 000,141,824 | ---- | C] () -- C:\Windows\SysWow64\mp4.dll
[2011/03/03 12:39:34 | 000,123,392 | ---- | C] () -- C:\Windows\SysWow64\ogm.dll
[2011/03/03 12:39:02 | 000,113,152 | ---- | C] () -- C:\Windows\SysWow64\dsmux.exe
[2011/03/03 12:38:54 | 000,154,112 | ---- | C] () -- C:\Windows\SysWow64\ts.dll
[2011/03/03 12:38:40 | 000,249,856 | ---- | C] () -- C:\Windows\SysWow64\dxr.dll
[2011/03/03 12:38:10 | 000,097,792 | ---- | C] () -- C:\Windows\SysWow64\avs.dll
[2011/03/03 12:38:04 | 000,137,728 | ---- | C] () -- C:\Windows\SysWow64\mkv2vfr.exe
[2011/03/03 12:37:50 | 000,093,184 | ---- | C] () -- C:\Windows\SysWow64\avss.dll
[2011/03/03 12:37:40 | 000,358,400 | ---- | C] () -- C:\Windows\SysWow64\gdsmux.exe
[2011/03/03 12:35:32 | 000,080,384 | ---- | C] () -- C:\Windows\SysWow64\mkzlib.dll
[2011/03/03 12:35:26 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\mkunicode.dll
[2011/02/25 04:17:36 | 000,001,103 | ---- | C] () -- C:\Windows\APDFPRP.INI
[2011/02/18 01:48:42 | 001,391,616 | ---- | C] () -- C:\Windows\SysWow64\ActPDF.dll
[2010/12/25 23:52:44 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/10/28 21:22:36 | 000,000,164 | ---- | C] () -- C:\Windows\SysWow64\psconv.ini
[2010/09/08 18:09:06 | 000,120,832 | ---- | C] () -- C:\Windows\PreConvertLite.dll
[2010/08/18 20:56:38 | 000,000,151 | ---- | C] () -- C:\Windows\SysWow64\Registration.ini
[2010/05/17 16:05:56 | 000,004,096 | ---- | C] () -- C:\Users\pcwt5\AppData\Local\keyfile3.drm
[2010/05/15 01:56:58 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI

========== LOP Check ==========

[2012/04/24 14:40:33 | 000,000,000 | ---D | M] -- C:\Users\pcwt5\AppData\Roaming\AVG10
[2012/04/28 08:22:32 | 000,000,000 | ---D | M] -- C:\Users\pcwt5\AppData\Roaming\Azureus
[2012/03/22 01:32:20 | 000,000,000 | ---D | M] -- C:\Users\pcwt5\AppData\Roaming\Babylon
[2012/04/24 14:26:43 | 000,000,000 | ---D | M] -- C:\Users\pcwt5\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2011/03/01 03:13:20 | 000,000,000 | ---D | M] -- C:\Users\pcwt5\AppData\Roaming\C2OutlookExport
[2012/05/11 04:36:33 | 000,000,000 | ---D | M] -- C:\Users\pcwt5\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/09/20 05:26:03 | 000,000,000 | ---D | M] -- C:\Users\pcwt5\AppData\Roaming\com.adobe.newhope.NHProject.prod.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1
[2011/10/13 03:16:06 | 000,000,000 | ---D | M] -- C:\Users\pcwt5\AppData\Roaming\com.caffeinatedmind.Sendoid
[2011/05/25 03:17:19 | 000,000,000 | ---D | M] -- C:\Users\pcwt5\AppData\Roaming\Helios
[2012/02/05 01:46:42 | 000,000,000 | ---D | M] -- C:\Users\pcwt5\AppData\Roaming\Huok
[2012/04/24 14:40:34 | 000,000,000 | ---D | M] -- C:\Users\pcwt5\AppData\Roaming\Iceni
[2011/09/18 19:53:07 | 000,000,000 | ---D | M] -- C:\Users\pcwt5\AppData\Roaming\ImgBurn
[2012/03/22 05:59:36 | 000,000,000 | ---D | M] -- C:\Users\pcwt5\AppData\Roaming\PerformerSoft
[2012/05/11 16:52:44 | 000,000,000 | ---D | M] -- C:\Users\pcwt5\AppData\Roaming\Raptr
[2012/04/24 14:26:57 | 000,000,000 | ---D | M] -- C:\Users\pcwt5\AppData\Roaming\Samsung
[2011/05/10 07:28:03 | 000,000,000 | ---D | M] -- C:\Users\pcwt5\AppData\Roaming\Scooter Software
[2010/12/29 07:29:11 | 000,000,000 | ---D | M] -- C:\Users\pcwt5\AppData\Roaming\Subtitle Edit
[2010/04/11 17:25:45 | 000,000,000 | ---D | M] -- C:\Users\pcwt5\AppData\Roaming\Template
[2010/03/02 18:10:12 | 000,000,000 | ---D | M] -- C:\Users\pcwt5\AppData\Roaming\The Creative Engine Ltd
[2012/04/24 14:26:58 | 000,000,000 | ---D | M] -- C:\Users\pcwt5\AppData\Roaming\Trusteer
[2012/02/05 00:59:05 | 000,000,000 | ---D | M] -- C:\Users\pcwt5\AppData\Roaming\Usaqy
[2011/03/01 13:19:27 | 000,000,000 | ---D | M] -- C:\Users\pcwt5\AppData\Roaming\Windows Live Writer
[2012/04/29 20:22:35 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

#18
RKinner

Posted 11 May 2012 - 11:06 AM

Malware Expert

Expert
24,625 posts

Orcas is pretty nice. Since we are surrounded by water the temperatures are really nice in the summer and not very cold in winter. We are in the rain shadows of both the Olympic Mountains and the Vancouver Island Mountains so get a lot less rain than you would expect in the Pacific Northwest.

Mexico City is about as close as I've come to where you live. Used to work for DirecTV Latin America and we had a big satellite facility there. Just there on jobs so never got out of the city to play tourist. Used to work in Germany so I made it to London several times but never made it to Wight.

Does that Expat Shield program work OK for you? I have a UK friend who lives in the Greek Islands and that might be something they could use.

Things are looking better in your logs tho I did miss a couple of the HitmanPro stuff. Also we have one secret process which I don't care for:
PRC - File not found --
The last time I had one of these it wasn't anything important but you never know.

Copy the next line:

sc delete HitmanPro36CrusaderBoot

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then paste and the line should appear. Hit Enter.

If you don't get an error then it worked. That should get rid of the last HitmanPro service. There is still something in the registry.

Download the attached bootexecute.zip file and save it. Right click on it and Extract All. Find the bootexecute.reg file and right click on it and MERGE. That should get rid of the registry entry.

Let's see if Precess Explorer can see the hidden program:

Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures

Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.

Wait a minute for things to settle down.

File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.

#19
nightporter

Posted 11 May 2012 - 12:00 PM

Member

Topic Starter
Member
17 posts

Talking of TV another issue here is broadband speed, we have a pathetic 1Mbps (and that not all the time) for the last 4 years but there is hope we'll soon have 20Mbps, (Megacable) there are even fibre optic cables outside on poles hanging tantalisingly close. A friend in Belgium has 100Mbps already.

I dont use expat sheild, I was just trying it. http://www.unotelly.com/unodns/ might be good. You can try for free, I did. I changed my DNS settings and could watch BBC iplayer which is geographically restricted on my laptop but what I really wanted was to watch it streaming via X-box (my son's) on the big TV but the iplayer app will not load on X-box due to some other checking process that UNOTELLY are trying to overcome allegedly. Channel4 I could watch, Channel5 server not available (both are uk channels). With 1Mbps its a bit academic anyway, its just not fast enough for anything intensive.

The Hitman thing worked with message "[SC] DeleteService SUCCESS"
I dont see any attached bootexecute.zip file so I have stopped there in case the order is important.

#20
RKinner

Posted 11 May 2012 - 12:19 PM

Malware Expert

Expert
24,625 posts

OOPS.

#21
nightporter

Posted 11 May 2012 - 12:38 PM

Member

Topic Starter
Member
17 posts

Here is Procexp.txt:-

Process PID CPU Private Bytes Working Set Description Company Name Verified Signer
System Idle Process 0 51.93 0 K 24 K
raptr.exe 5360 12.21 80,404 K 21,488 K Raptr Client Raptr, Inc (Verified) Raptr, Inc
procexp64.exe 880 10.39 27,844 K 50,500 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Sysinternals
dwm.exe 3680 7.38 72,636 K 45,256 K Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 1016 3.74 31,980 K 36,028 K Google Chrome Google Inc. (Verified) Google Inc
Interrupts n/a 3.27 0 K 0 K Hardware Interrupts and DPCs
csrss.exe 564 1.89 3,408 K 10,464 K Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
msnmsgr.exe 3748 1.17 88,240 K 112,060 K Windows Live Messenger Microsoft Corporation (Verified) Microsoft Corporation
ApntEx.exe 1224 1.03 2,164 K 5,860 K Alps Pointing-device Driver for Windows NT/2000/XP/Vista Alps Electric Co., Ltd. (Verified) Microsoft Windows Hardware Compatibility Publisher
RapportService.exe 3096 1.03 33,956 K 35,664 K RapportService Trusteer Ltd. (Verified) Trusteer
System 4 0.99 264 K 9,616 K
RapportMgmtService.exe 912 0.95 15,012 K 19,044 K RapportMgmtService Trusteer Ltd. (Verified) Trusteer
explorer.exe 3740 0.74 92,912 K 81,984 K Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
Apoint.exe 1572 0.73 3,156 K 10,092 K Alps Pointing-device Driver Alps Electric Co., Ltd. (Verified) Microsoft Windows Hardware Compatibility Publisher
BTStackServer.exe 4776 0.44 30,560 K 19,300 K Bluetooth Stack COM Server Broadcom Corporation. (Verified) Broadcom Corporation
Skype.exe 264 0.44 86,820 K 110,240 K Skype Skype Technologies S.A. (Verified) Skype Technologies SA
iexplore.exe 5380 0.36 172,440 K 249,296 K Internet Explorer Microsoft Corporation (Verified) Microsoft Windows
ApMsgFwd.exe 2584 0.30 1,812 K 5,300 K ApMsgFwd Alps Electric Co., Ltd. (Verified) Microsoft Windows Hardware Compatibility Publisher
VESMgrSub.exe 2576 0.17 5,336 K 10,992 K VAIO Event Service(Service Sub Module) Sony Corporation (Verified) Sony Corporation
AppleMobileDeviceService.exe 1888 0.14 3,136 K 9,408 K MobileDeviceService Apple Inc. (Verified) Apple Inc.
hsswd.exe 1144 0.10 2,840 K 5,728 K (Unable to verify)
raptr_im.exe 5972 0.08 14,328 K 4,160 K Raptr Client Raptr, Inc (Verified) Raptr, Inc
BTTray.exe 4288 0.07 6,660 K 13,972 K Bluetooth Tray Application Broadcom Corporation. (Verified) Broadcom Corporation
visicom_antiphishing.exe 4916 0.06 2,152 K 8,104 K Visicom Media Anti-phishing Domain Advisor (Powered by Panda Security) Visicom Media Inc. (Powered by Panda Security) (Verified) Visicom Media Inc.
tomcat5.exe 1768 0.04 173,424 K 170,028 K Service Runner Apache Software Foundation (Unable to verify) Apache Software Foundation
svchost.exe 1432 0.04 11,484 K 26,912 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
iPodService.exe 2296 0.03 2,680 K 6,976 K iPodService Module (64-bit) Apple Inc. (Verified) Apple Inc.
hsssrv.exe 1028 0.02 3,128 K 7,400 K AnchorFree Inc. (Verified) AnchorFree Inc
wmpnetwk.exe 2108 0.02 12,736 K 12,768 K Windows Media Player Network Sharing Service Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 444 0.02 23,136 K 24,576 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
csrss.exe 504 0.02 2,148 K 4,504 K Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 624 0.02 29,576 K 48,384 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 5720 0.02 12,988 K 16,360 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1084 0.02 11,580 K 18,724 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
wlcomm.exe 6020 0.02 16,240 K 25,088 K Windows Live Communications Platform Microsoft Corporation (Verified) Microsoft Corporation
SASCore64.exe 1856 0.02 1,312 K 3,752 K Core Service SUPERAntiSpyware.com (Verified) SuperAdBlocker.com
SearchIndexer.exe 320 0.01 50,840 K 25,092 K Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
VcmIAlzMgr.exe 2304 0.01 4,612 K 9,612 K VCM Intelligent Analyzing Manager Sony Corporation (Verified) Sony Corporation
svchost.exe 1280 0.01 17,156 K 19,032 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
conhost.exe 2060 0.01 952 K 2,788 K Console Window Host Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 4060 0.01 38,920 K 59,924 K Google Chrome Google Inc. (Verified) Google Inc
WLIDSVC.EXE 2348 0.01 6,252 K 15,036 K Microsoft® Windows Live ID Service Microsoft Corp. (Verified) Microsoft Corporation
Apvfb.exe 3424 0.01 2,004 K 5,440 K APVFB ALPS (Verified) Microsoft Windows Hardware Compatibility Publisher
openvpnas.exe 2020 < 0.01 2,184 K 5,896 K (Unable to verify)
OTL.exe 5320 < 0.01 13,088 K 28,924 K OldTimer Tools (Unable to verify) OldTimer Tools
SearchProtocolHost.exe 6636 < 0.01 2,380 K 7,776 K Microsoft Windows Search Protocol Host Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 520 < 0.01 137,424 K 145,256 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
iTunesHelper.exe 4852 < 0.01 3,784 K 11,612 K iTunesHelper Apple Inc. (Verified) Apple Inc.
notepad.exe 2052 < 0.01 15,324 K 32,812 K Notepad Microsoft Corporation (Verified) Microsoft Windows
WUDFHost.exe 3256 1,972 K 5,952 K Windows Driver Foundation - User-mode Driver Framework Host Process Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 5640 2,648 K 5,976 K WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
WLIDSVCM.EXE 2472 1,208 K 3,176 K Microsoft® Windows Live ID Service Monitor Microsoft Corp. (Verified) Microsoft Corporation
winlogon.exe 820 2,844 K 7,000 K Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
wininit.exe 552 1,448 K 4,344 K Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows
VESMgr.exe 2268 5,420 K 10,700 K VAIO Event Service (Service Module) Sony Corporation (Verified) Sony Corporation
VAIOUpdt.exe 3948 2,716 K 1,000 K VAIO Update Sony Corporation (Verified) Sony Corporation
uCamMonitor.exe 2220 1,416 K 4,464 K MgiSvr ArcSoft, Inc. (Verified) ArcSoft, Inc.
taskhost.exe 3524 3,496 K 8,460 K Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
taskeng.exe 3580 1,872 K 5,248 K Task Scheduler Engine Microsoft Corporation (Verified) Microsoft Windows
taskeng.exe 3872 2,508 K 7,188 K Task Scheduler Engine Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 860 6,552 K 10,256 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 752 4,912 K 9,864 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2084 1,868 K 4,940 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1464 12,948 K 16,900 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2100 1,840 K 5,460 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1816 2,316 K 5,708 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
spoolsv.exe 1392 8,040 K 14,284 K Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
SpcLiteSrv.exe 4596 820 K 2,860 K Simpo Print Server Simpo Technologies (Unable to verify) Simpo Technologies
smss.exe 288 448 K 1,104 K Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows
SHTtray.exe 4564 2,064 K 6,936 K SHTtray Sony Corporation (Verified) Sony Corporation
services.exe 600 7,008 K 10,872 K Services and Controller app Microsoft Corporation (Verified) Microsoft Windows
SearchFilterHost.exe 7120 2,492 K 6,152 K Microsoft Windows Search Filter Host Microsoft Corporation (Verified) Microsoft Windows
RtkAudioService64.exe 1176 1,924 K 5,892 K Realtek Audio Service Realtek Semiconductor (Verified) Microsoft Windows Hardware Compatibility Publisher
raptr_ep64.exe 5844 2,088 K 5,616 K Elevation Proxy Raptr Inc. (Verified) Raptr, Inc
procexp.exe 6644 2,028 K 6,680 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
PrintDisp.exe 424 1,960 K 6,676 K PrintDisp ActMask Co.,Ltd - http://www.all2pdf.com (Unable to verify) ActMask Co.,Ltd - http://www.all2pdf.com
prevhost.exe 3828 2,648 K 8,796 K Preview Handler Surrogate Host Microsoft Corporation (Verified) Microsoft Windows
openvpntray.exe 2332 2,300 K 8,204 K (Unable to verify)
notepad.exe 488 2,360 K 7,004 K Notepad Microsoft Corporation (Verified) Microsoft Windows
notepad.exe 3692 2,472 K 7,452 K Notepad Microsoft Corporation (Verified) Microsoft Windows
mDNSResponder.exe 1928 2,228 K 5,608 K Bonjour Service Apple Inc. (Verified) Apple Inc.
MDM.EXE 1628 2,740 K 6,096 K Machine Debug Manager Microsoft Corporation (Verified) Microsoft Corporation
MarketingTools.exe 4492 17,104 K 5,988 K Marketing Tools Sony Corporation (Unable to verify) Sony Corporation
lsm.exe 632 3,500 K 6,252 K Local Session Manager Service Microsoft Corporation (Verified) Microsoft Windows
lsass.exe 620 6,568 K 14,500 K Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
KiesTrayAgent.exe 4724 4,348 K 13,252 K Kies TrayAgent Application Samsung Electronics Co., Ltd. (Verified) Samsung Electronics CO., LTD.
KiesPDLR.exe 1784 30,144 K 28,012 K KiesPDLR (Unable to verify)
jusched.exe 4972 1,224 K 4,696 K Java™ Update Scheduler Sun Microsystems, Inc. (Verified) Oracle America, Inc.
ISBMgr.exe 4468 1,960 K 6,616 K Sony Corporation (Verified) Sony Corporation
InstantEyedropper.exe 2848 1,568 K 5,656 K (Unable to verify)
igfxsrvc.exe 2940 2,044 K 6,016 K igfxsrvc Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
igfxpers.exe 3656 2,224 K 6,820 K persistence Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
IAANTmon.exe 2500 2,128 K 6,200 K RAID Monitor Intel Corporation (Verified) Intel Corporation
IAAnotif.exe 3480 2,204 K 7,260 K Event Monitor User Notification Tool Intel Corporation (Verified) Intel Corporation
hkcmd.exe 3964 2,248 K 6,664 K hkcmd Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
dllhost.exe 3472 2,556 K 6,992 K COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
dllhost.exe 2440 3,752 K 7,320 K COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
conhost.exe 2800 1,788 K 5,532 K Console Window Host Microsoft Corporation (Verified) Microsoft Windows
conhost.exe 1900 1,872 K 6,148 K Console Window Host Microsoft Corporation (Verified) Microsoft Windows
cmd.exe 2324 1,940 K 2,784 K Windows Command Processor Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 5776 15,464 K 18,816 K Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 6412 11,560 K 12,448 K Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 4900 8,724 K 17,112 K Google Chrome Google Inc. (Verified) Google Inc
btwdins.exe 1948 2,044 K 5,848 K Bluetooth Support Server Broadcom Corporation. (Verified) Broadcom Corporation
BluetoothHeadsetProxy.exe 3408 1,468 K 5,172 K Bluetooth Headset Skype Proxy Broadcom Corporation. (Verified) Broadcom Corporation
BBPrint.exe 592 1,784 K 5,000 K BBPrint Application Bluebeam Software, Inc. (Verified) Bluebeam Software, Inc.
audiodg.exe 6808 17,056 K 17,068 K Windows Audio Device Graph Isolation Microsoft Corporation (Verified) Microsoft Windows
alg.exe 1232 1,412 K 4,704 K Application Layer Gateway Service Microsoft Corporation (Verified) Microsoft Windows
AdobeARM.exe 4536 3,852 K 11,244 K Adobe Reader and Acrobat Manager Adobe Systems Incorporated (Verified) Adobe Systems, Incorporated
acrotray.exe 4636 1,444 K 5,372 K AcroTray Adobe Systems Inc. (Verified) Adobe Systems, Incorporated

#22
RKinner

Posted 11 May 2012 - 12:56 PM

Malware Expert

Expert
24,625 posts

If you are not using Expat Shield then uninstall it.

Do you really need this Raptr? It's taking a lot of CPU time.

Are you using Tomcat/Apache Server for anything?

This line:
Interrupts n/a 3.27 0 K 0 K Hardware Interrupts and DPCs

is using too much CPU. Normally it's about 1.10. Could be a bad battery on a laptop or a bad driver.

I'm not seeing anything obvious. Perhaps we should try ESET and Bitdefender:

Use IE and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time (hours).
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.

Let's also try the bitdefender quickscan.

http://quickscan.bitdefender.com/

When it finishes there is a report option. Click on it and copy and paste the report (even if it says nothing found).

#23
nightporter

Posted 12 May 2012 - 01:15 AM

Member

Topic Starter
Member
17 posts

1. Uninstalled expat shield
2. Tomcat I use to run an app for work.
3. I dont have a battery, the Sony battery no longer holds charge, I bought another, its not genuine sony and doesn't work. My old adapter got as hot as a stove so I bought another (genuine sony) same problem so I keep it on ice, I plan to make a usb powered fan and cool the brick with that. The power connection is a bit sensitve, if I press it in it will cut out. Could any of that account for the interupt thing you mentioned?

4, 3 logs below as requested.

ESET online scan results

\FRST\Quarantine\oVQukyH52o8jiV.exe_1336347353.arl a variant of Win32/Kryptik.AEZK trojan
C:\FRST\Quarantine\XWE3mXJBRcdem8.exe_1336347353.arl a variant of Win32/Kryptik.AEZK trojan
C:\Qoobox\Quarantine\C\Users\pcwt5\AppData\Local\dplayx.dll.vir_1336348051.arl a variant of Win32/Kryptik.ZQR trojan
C:\Qoobox\Quarantine\C\Windows\System32\consrv.dll.vir_1336348051.arl Win64/Sirefef.G trojan
C:\TDSSKiller_Quarantine\07.05.2012_19.29.24\tdlfs0000\tsk0006.dta Win64/Olmasco.W trojan
C:\TDSSKiller_Quarantine\07.05.2012_19.29.24\tdlfs0000\tsk0007.dta Win32/Olmasco.O trojan
C:\TDSSKiller_Quarantine\07.05.2012_19.29.24\tdlfs0000\tsk0008.dta Win64/Olmasco.X trojan
C:\TDSSKiller_Quarantine\07.05.2012_19.29.24\tdlfs0000\tsk0009.dta Win32/Olmasco.O trojan
C:\TDSSKiller_Quarantine\07.05.2012_19.29.24\tdlfs0000\tsk0010.dta Win64/Olmasco.R trojan
C:\TDSSKiller_Quarantine\07.05.2012_19.29.24\tdlfs0000\tsk0011.dta a variant of Win32/Olmasco.Q trojan
C:\TDSSKiller_Quarantine\07.05.2012_19.29.24\tdlfs0000\tsk0012.dta Win64/Olmasco.X trojan
C:\TDSSKiller_Quarantine\07.05.2012_19.29.24\tdlfs0000\tsk0017.dta probably a variant of Win32/Agent.BPXBSHJ trojan
C:\TDSSKiller_Quarantine\07.05.2012_19.29.24\tdlfs0000\tsk0023.dta probably a variant of Win32/Agent.JXRMWBC trojan
C:\Users\pcwt5\AppData\Local\VirtualStore\Windows\SysWOW64\winbys32.rom_1336347352.arl a variant of Win32/Nebuler.BZ trojan
C:\Users\pcwt5\AppData\Local\VirtualStore\Windows\SysWOW64\wincsc32.rom_1336347352.arl a variant of Win32/Nebuler.BZ trojan
C:\Users\pcwt5\AppData\Local\VirtualStore\Windows\SysWOW64\windnv32.rom_1336347352.arl a variant of Win32/Nebuler.BZ trojan
C:\Users\pcwt5\AppData\Local\VirtualStore\Windows\SysWOW64\winkcz32.rom_1336347352.arl a variant of Win32/Nebuler.BZ trojan
C:\Users\pcwt5\AppData\Local\VirtualStore\Windows\SysWOW64\winnhn32.rom_1336347352.arl a variant of Win32/Nebuler.BZ trojan
C:\Users\pcwt5\AppData\Local\VirtualStore\Windows\SysWOW64\winvqy32.rom_1336347352.arl a variant of Win32/Nebuler.BZ trojan
C:\Users\pcwt5\AppData\Local\VirtualStore\Windows\SysWOW64\winwac32.rom_1336347352.arl a variant of Win32/Nebuler.BZ trojan
C:\Users\pcwt5\Downloads\cnet2_rar_password_unlocker_trial_exe.exe a variant of Win32/InstallCore.D application
C:\Users\pcwt5\Downloads\unlocker1.9.0.exe Win32/Adware.ADON application
C:\Users\pcwt5\Downloads\Removable Disk\ms office 2k3\Office2003.iso probably a variant of Win32/Agent.CNVAOQK trojan
C:\Users\pcwt5\Videos\Everything and nothing\windows.7.codec.pack.v3.3.0.setup.exe a variant of Win32/Toolbar.Widgi application
C:\Users\Public\Downloads\DRM_Free_Video_Converter_2_crack.zip_1336347353.arl a variant of Win32/Nebuler.CT trojan
C:\Windows\Installer\63603.msi a variant of Win32/Toolbar.Widgi application
C:\Windows\System32\protector.dll a variant of Win32/bProtector application
C:\Windows\SysWOW64\protector.dll a variant of Win32/bProtector application
C:\_OTL\MovedFiles\05112012_164307\C_ProgramData\bProtector\bProtect.exe a variant of Win32/bProtector application

========================================================================
ESET log:-

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=53251

========================================================================

bitdefender log (nothing found):
QuickScan 32-bit v0.9.9.114
---------------------------
Scan date: Sat May 12 08:03:23 2012
Machine ID: F41C442D

C:\Windows\System32\PrintDisp.exe - could not be accessed
--> Process PrintDisp.exe (3740)

No infection found.
-------------------

Processes
---------
AcroTray - Adobe Acrobat Distiller help 4144 C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
Adobe Reader and Acrobat Manager 1924 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Anti-phishing Domain Advisor 4592 C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
Bluetooth Software 5044 C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
InstantEyedropper.exe 312 C:\Program Files (x86)\InstantEyedropper\InstantEyedropper.exe
ISB Utility 3344 C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
iTunes 4528 C:\Program Files (x86)\iTunes\iTunesHelper.exe
Java™ Platform SE Auto Updater 2 0 4976 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
Kies TrayAgent 4324 C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
KiesPDLR 3544 C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
Marketing Tools 2904 C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe
RAID Event Monitor 3424 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
Raptr 1236 C:\PROGRA~2\Raptr\raptr_im.exe
Simpo PDF Creator Lite 3984 C:\Program Files (x86)\Simpo PDF Creator Lite\SpcLiteSrv.exe
Skype 3696 C:\Program Files (x86)\Skype\Phone\Skype.exe
VAIO Media plus 220 C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe
Vuze 1756 C:\Program Files (x86)\Vuze\Azureus.exe
Windows Live Communications Platform 2808 C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
Windows Live Messenger 3888 C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
Windows® Internet Explorer 5676 C:\Program Files (x86)\Internet Explorer\iexplore.exe

Network activity
----------------
Process raptr_im.exe (1236) connected on port 5222 (XMPP/Jabber) --> 205.158.153.153
Process Azureus.exe (1756) connected on port 52379 --> 72.231.16.121
Process Azureus.exe (1756) connected on port 63832 --> 24.94.245.85
Process Azureus.exe (1756) connected on port 59953 --> 190.183.45.118
Process Azureus.exe (1756) connected on port 63777 --> 85.250.81.230
Process Azureus.exe (1756) connected on port 59386 --> 41.135.158.39
Process Azureus.exe (1756) connected on port 1794 --> 68.224.109.217
Process Azureus.exe (1756) connected on port 55568 --> 71.77.226.210
Process Azureus.exe (1756) connected on port 3488 --> 187.56.20.122
Process Azureus.exe (1756) connected on port 12248 --> 190.152.205.130
Process Azureus.exe (1756) connected on port 64145 --> 75.177.25.183
Process Azureus.exe (1756) connected on port 63105 --> 76.65.17.108
Process Azureus.exe (1756) connected on port 49433 --> 110.174.167.136
Process Azureus.exe (1756) connected on port 65265 --> 46.20.103.109
Process Azureus.exe (1756) connected on port 51040 --> 67.164.2.39
Process Azureus.exe (1756) connected on port 63707 --> 41.248.149.166
Process Azureus.exe (1756) connected on port 54950 --> 108.65.244.9
Process Azureus.exe (1756) connected on port 28282 --> 2.224.107.19
Process wlcomm.exe (2808) connected on port 1863 (MSN) --> 65.55.71.221
Process Skype.exe (3696) connected on port 40037 --> 65.55.223.38
Process Skype.exe (3696) connected on port 12350 --> 213.146.189.205
Process Skype.exe (3696) connected on port 3950 --> 67.168.185.211
Process Skype.exe (3696) connected on port 57850 --> 128.68.43.8
Process iexplore.exe (5676) connected on port 80 (HTTP) --> 184.29.159.139
Process iexplore.exe (5676) connected on port 80 (HTTP) --> 148.243.245.233
Process iexplore.exe (5676) connected on port 80 (HTTP) --> 148.245.203.111
Process iexplore.exe (5676) connected on port 80 (HTTP) --> 148.245.203.111

Process Azureus.exe (1756) listens on ports: 12128, 53977, 54836
Process Skype.exe (3696) listens on ports: 80 (HTTP), 443 (HTTP over SSL), 11557

Autoruns and critical files
---------------------------
AcroTray - Adobe Acrobat Distiller help C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
Adobe Acrobat C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe
Adobe CS4 Service Manager C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
Adobe CS5.5 Service Manager C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe
Adobe Reader and Acrobat Manager C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Anti-phishing Domain Advisor C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
Apple Push C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
GrooveMonitor Utility C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe
GrooveShellExtensions Module C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
InstantEyedropper.exe C:\Program Files (x86)\InstantEyedropper\InstantEyedropper.exe
ISB Utility C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
iTunes C:\Program Files (x86)\iTunes\iTunesHelper.exe
Java™ Platform SE Auto Updater 2 0 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
Kies C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe
Kies TrayAgent C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
KiesPDLR C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
Marketing Tools C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe
Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
Raptr C:\PROGRA~2\Raptr\raptrstub.exe
Simpo PDF Creator Lite C:\Program Files (x86)\Simpo PDF Creator Lite\SpcLiteSrv.exe
Skype C:\Program Files (x86)\Skype\Phone\Skype.exe
VAIO Event Service C:\Windows\system32\VESWinlogon.dll
VAIO Media plus C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe
Windows Live Device Manager C:\Program Files (x86)\Windows Live\Device Manager\msgrdvmn.exe
Windows Live Messenger C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
Windows® Internet Explorer c:\windows\syswow64\webcheck.dll

Browser plugins
---------------
AcroIEHelperShim Library c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll
Adobe PDF Toolbar for IE c:\program files (x86)\common files\adobe\acrobat\activex\acroiefavclient.dll
AxMP4Dec Module C:\Windows\Downloaded Program Files\AxMP4Dec.dll
Bitdefender QuickScan C:\Windows\Downloaded Program Files\qsax.dll
Bonjour C:\Program Files (x86)\Bonjour\mdnsNSP.dll
Bonjour C:\Program Files\Bonjour\mdnsNSP.dll
Facebook Photo Uploader 5 C:\Windows\Downloaded Program Files\PhotoUploader55.ocx
Google Update C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
GrooveShellExtensions Module C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
Java Deployment Toolkit 7.0.40.255 C:\Windows\SysWOW64\npDeployJava1.dll
Java™ Platform SE 7 U4 C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
LMIGuardianDll C:\Windows\Downloaded Program Files\LMIGuardianDll.dll
LMIGuardianEvt C:\Windows\Downloaded Program Files\LMIGuardianEvt.dll
LMIGuardianSvc C:\Windows\Downloaded Program Files\LMIGuardian.exe
LMIProxyHelper.exe C:\Windows\Downloaded Program Files\LMIProxyHelper.exe
LogMeIn, Inc. Remote Access Components C:\Windows\Downloaded Program Files\avutil-51.dll
LogMeIn, Inc. Remote Access Components C:\Windows\Downloaded Program Files\swscale-2.dll
LogMeIn, Inc. Remote Access Components C:\Windows\Downloaded Program Files\LMIBroker.exe
Microsoft Office Live Plug-in for Firef C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
Microsoft® CoReXT c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll
Microsoft® CoReXT C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
Microsoft® CoReXT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
Microsoft® Windows® Operating System C:\Windows\system32\MSWSOCK.DLL
Microsoft® Windows® Operating System C:\Windows\system32\wshbth.dll
MJPEGRender ActiveX Control Module C:\Windows\Downloaded Program Files\MJPEGRender.ocx
npitunes.dll C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
NPSWF32.dll C:\Windows\system32\Macromed\Flash\NPSWF32.dll
Panasonic Network Camera C:\Windows\Downloaded Program Files\AudioClient.ocx
Panasonic Network Camera C:\Windows\Downloaded Program Files\ipv6cam.ocx
QuickTime Plug-in 6.0 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin.dll
QuickTime Plug-in 6.0 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin2.dll
QuickTime Plug-in 6.0 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin3.dll
QuickTime Plug-in 6.0 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin4.dll
QuickTime Plug-in 6.0 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin5.dll
QuickTime Plug-in 6.0 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin6.dll
RACtrl.dll C:\Windows\Downloaded Program Files\RACtrl.dll
RealPlayer™ HTML5VideoShim Plug-In ( C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
Shockwave for Director C:\Windows\system32\Adobe\Director\np32dsw.dll
Silverlight Plug-In c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
Skype Toolbars C:\Users\pcwt5\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
Unity Player C:\Users\pcwt5\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
WebEx Download Module C:\Windows\Downloaded Program Files\ieatgpc.dll
Windows Live Messenger Companion c:\program files (x86)\windows live\companion\companioncore.dll
Windows Live™ Photo Gallery C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
Windows® Internet Explorer C:\Windows\SysWOW64\ieframe.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\napinsp.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\pnrpnsp.dll
(verified) Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll
(verified) RealJukebox NS Plugin C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll
(verified) RealPlayer Version Plugin C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll
(verified) RealPlayer™ G2 LiveConnect-Enabled P C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll

Scan
----
MD5: f4f798968467c5763906c4cacc737b69 C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe
MD5: 7e5d896604b2d9b7081681cd432118cd C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
MD5: 40947436a70e0034e41123df5a0a7702 C:\Program Files (x86)\Bonjour\mdnsNSP.dll
MD5: d6e20d676e78e73241ebad787195bc7c c:\program files (x86)\common files\adobe\acrobat\activex\acroiefavclient.dll
MD5: f31208835709a62ecc5d45211d89c772 c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll
MD5: 185d50da1832a734dc9826037e82be40 C:\Program Files (x86)\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
MD5: b8e421c0890356cd4a793d8a346d9096 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
MD5: e43a851f7b12de589424d6c656155cfc C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
MD5: e1636f57581cab5d995fd54d2991ef57 C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe
MD5: 1f3ff6c062b311fe410ec89f6bfac213 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
MD5: 37cf2461cb5e40c4cfab82c8fc79a2bc C:\Program Files (x86)\Common Files\Apple\Apple Application Support\ASL.dll
MD5: 5d76c8cc87d0efbe0b4a3bef6b67ebf0 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\CFNetwork.dll
MD5: 6fe3e3a215e55c76a811b9b56a5aeb09 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\CoreFoundation.dll
MD5: 149d74e1128a86dc9cfb2851fbea11eb C:\Program Files (x86)\Common Files\Apple\Apple Application Support\icudt46.dll
MD5: 250bf888ddbe88d61eb19a9d4957c794 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libdispatch.dll
MD5: 5a963c340de1a01ba6e24945ce05d16a C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libicuin.dll
MD5: f4bc62990e7e5c29799a895b80fc3177 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libicuuc.dll
MD5: 5e33c164dc7fa74728d8a83036c438bb C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MD5: 794950db77aa590c2964eca0a5874a09 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\objc.dll
MD5: 638c7596b493f5f77db9ef6bad8fe46c C:\Program Files (x86)\Common Files\Apple\Apple Application Support\pthreadVC2.dll
MD5: 8ba9851e671e8b5e49e303748ffd530c C:\Program Files (x86)\Common Files\Apple\Apple Application Support\SQLite3.dll
MD5: 2e14406e05789f91c9282ae7cfca3a07 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MD5: 3debbecf665dcdde3a95d9b902010817 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
MD5: 06a4250c9e3606cae3f68da45702f342 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll
MD5: 995beb69ae5c50d354894354f5a6cd5a C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
MD5: 2424231bbd703a677d115c29983b4293 C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL
MD5: 785f487a64950f3cb8e9f16253ba3b7b C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
MD5: cf39a105cd553eed31e2255aff4c6742 c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll
MD5: 45406ffd87f6ba4345b018e303a64ff1 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\wlidcli.dll
MD5: 12b79422a23814429cda9e734c58f78f C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
MD5: 7d6d3605ceb50d5da275ede9349f549f C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe
MD5: 72b46103e4111439109acf5882627c24 C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
MD5: cebcbffe48509722612177627c17da94 C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDtcpB.dll
MD5: e67c990ba8e132c480f0d0a937eca177 C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\UK\SHSResource.dll
MD5: 06fe5beddadb158d84e6de33cbe19f3e C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
MD5: 313ce91f1b734e2e02f0f4465b52115a C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
MD5: 751ee920d6811584e5b1f0b153a5a4e2 C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScanner.ocx
MD5: 1e6b52abdf4082374de9d43cbd2f7e08 C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
MD5: 925f39488f2add1a1a31af32b6ecc160 C:\Program Files (x86)\InstantEyedropper\InstantEyedropper.exe
MD5: fc4c561550e5407ffa29d4f6c69b272f C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\ENU\IAAMon_ENU.dll
MD5: 984bdac9f4fc9993ce8d3a7d7da3e9a5 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\ISDI.dll
MD5: a1659e4d08fe8d0f0bc61960d8c0369e C:\Program Files (x86)\Internet Explorer\ieproxy.dll
MD5: 92cb47a8dc9427d8f406aaf84384adf2 C:\Program Files (x86)\Internet Explorer\IEShims.dll
MD5: 904e13ba41af2e353a32cf351ca53639 C:\Program Files (x86)\Internet Explorer\iexplore.exe
MD5: fb6d32c378bf8cd4b3b8581b7f9f0a54 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin.dll
MD5: fb6d32c378bf8cd4b3b8581b7f9f0a54 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin2.dll
MD5: fb6d32c378bf8cd4b3b8581b7f9f0a54 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin3.dll
MD5: fb6d32c378bf8cd4b3b8581b7f9f0a54 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin4.dll
MD5: fb6d32c378bf8cd4b3b8581b7f9f0a54 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin5.dll
MD5: fb6d32c378bf8cd4b3b8581b7f9f0a54 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin6.dll
MD5: a7843b8f3fc802ff57fd286189bc79cd C:\Program Files (x86)\iTunes\ITDetector.ocx
MD5: bbf53397690ba8931c21352d246c744c C:\Program Files (x86)\iTunes\iTunesHelper.dll
MD5: 444eb38a256be60f2013488c49d2ab3f C:\Program Files (x86)\iTunes\iTunesHelper.exe
MD5: f70af9eb44cc52c2da23ba23a69ae977 C:\Program Files (x86)\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.DLL
MD5: ca4674baeb26baee4e54ae588c2c74fb C:\Program Files (x86)\iTunes\iTunesHelper.Resources\iTunesHelper.DLL
MD5: 64151c0799431e0304ae1bd6202131a7 C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
MD5: 5a6b150b5950c1a41ad8bc7aefbf35cc c:\program files (x86)\java\jre7\bin\client\jvm.dll
MD5: d71f052a4800d5ba4a4c6b1f0a5d9c2a c:\program files (x86)\java\jre7\bin\java.dll
MD5: 3dec6607825899d5a3871f2d2305d9ba C:\Program Files (x86)\Java\jre7\bin\management.dll
MD5: 67ec459e42d3081dd8fd34356f7cafc1 c:\program files (x86)\java\jre7\bin\MSVCR100.dll
MD5: b18eb606a783cf970eb54f65c96afc41 C:\Program Files (x86)\Java\jre7\bin\net.dll
MD5: 468ae6e2b25217f1338300de9b5cad9b C:\Program Files (x86)\Java\jre7\bin\nio.dll
MD5: f734bc3cb557debc644458d114e65998 C:\Program Files (x86)\Java\jre7\bin\sunec.dll
MD5: 93f79053ee5a357b1e5daaf9bd3f5bc9 C:\Program Files (x86)\Java\jre7\bin\sunmscapi.dll
MD5: c590cbc1ab4016ff1489f9c774389e03 c:\program files (x86)\java\jre7\bin\verify.dll
MD5: 116520dce8d7ec60f7408284dc83e039 c:\program files (x86)\java\jre7\bin\zip.dll
MD5: 123271bd5237ab991dc5c21fdf8835eb C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
MD5: 0e34b7bb1fcf22bcc1e394d16f9e992b C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe
MD5: 30efebdc960a482e3e188b9960b286e2 C:\Program Files (x86)\Microsoft Office\Office12\GrooveNew.DLL
MD5: 30db64d316f502558db2380f7343c9fd C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
MD5: 207204af80505af51271fe164b56f662 C:\Program Files (x86)\Microsoft Office\Office12\GrooveUtil.DLL
MD5: 711a2e6a55ec7bfd59b5f649d58b704b c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
MD5: 136485e00ba2917f0fea68d2ee78d733 C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
MD5: ea7db11fabb38a0483f235e142b16584 C:\Program Files (x86)\Raptr\_ctypes.pyd
MD5: 3b90a11b59dde8fef3bc851863b80a81 C:\Program Files (x86)\Raptr\_socket.pyd
MD5: 8b63e4bad384a9f91e4ba4d677f6becc C:\Program Files (x86)\Raptr\_ssl.pyd
MD5: 0575ceda5ad6ab9d2cb5976932cdd0ef C:\Program Files (x86)\Raptr\freebl3.dll
MD5: 3e5a745097aa925cc1ced98b91e551a5 C:\Program Files (x86)\Raptr\gobject._gobject.pyd
MD5: 2d61ec55f1597714b8cb39ade66d2f26 C:\Program Files (x86)\Raptr\heliotrope._purple.pyd
MD5: 9f95ece3d2b3909de4d9147c4d93f976 C:\Program Files (x86)\Raptr\intl.dll
MD5: 226daf8c1fd88c1a4f89368c7c706457 C:\Program Files (x86)\Raptr\libglib-2.0-0.dll
MD5: 0f9bca46f942748d94a55254bc34ed6e C:\Program Files (x86)\Raptr\libgmodule-2.0-0.dll
MD5: e5c9a323f737ad3f66da3c274aa7e164 C:\Program Files (x86)\Raptr\libgobject-2.0-0.dll
MD5: 90dd53dc6fc035b9ca1cba49dc1f8eba C:\Program Files (x86)\Raptr\libgthread-2.0-0.dll
MD5: 016c9e493bc79204ec7437841ecf935f C:\Program Files (x86)\Raptr\libjabber.dll
MD5: c8a3948a9605c55720866cd8e45dd919 C:\Program Files (x86)\Raptr\libnspr4.dll
MD5: 2d7b3dbbc97914b3805d02443111cc8e C:\Program Files (x86)\Raptr\liboscar.dll
MD5: e66b169f8b47a968b4537acf748a4609 C:\Program Files (x86)\Raptr\libplc4.dll
MD5: f7d65b8a6f5ce6b7380be23684f715cf C:\Program Files (x86)\Raptr\libplds4.dll
MD5: 021fd98349abb785f6b04593b9a211d1 C:\Program Files (x86)\Raptr\libpurple.dll
MD5: 4105494bbb3d5caeaa974f6fc81db63c C:\Program Files (x86)\Raptr\libxml2-2.dll
MD5: e033554c2ad7756b08b4193ff6a1ab06 C:\Program Files (x86)\Raptr\libymsg.dll
MD5: ae091844b5607fe5384be2bad81f55d9 C:\Program Files (x86)\Raptr\ltc_help32-57991.dll
MD5: cf0d3b4897bb56ede289244ad448094b C:\Program Files (x86)\Raptr\nss3.dll
MD5: 6d2f569bc87d1a8c9964018c1d2ff837 C:\Program Files (x86)\Raptr\nssckbi.dll
MD5: 801acf785a5efcfc13543a2169636195 C:\Program Files (x86)\Raptr\nssutil3.dll
MD5: e186bd0604f7b3819544904f75deb8ec C:\Program Files (x86)\Raptr\plugins\libaim.dll
MD5: 3d1db369e1b82ee3a853b01721904a0d C:\Program Files (x86)\Raptr\plugins\libicq.dll
MD5: e872360f36e27d296779b56dba09cfe6 C:\Program Files (x86)\Raptr\plugins\libirc.dll
MD5: d7f34752faf0cda9e6066c8559a336e2 C:\Program Files (x86)\Raptr\plugins\libmsn.dll
MD5: b3cb3dbf02062f4554da9e973614f5f2 C:\Program Files (x86)\Raptr\plugins\libxfire.dll
MD5: fb74294fa90a45794b05e545a27677f6 C:\Program Files (x86)\Raptr\plugins\libxmpp.dll
MD5: 4630ee43256695c29bb865b54a90061b C:\Program Files (x86)\Raptr\plugins\libyahoo.dll
MD5: 6d802a4d481493fc8a0c5830c28fb115 C:\Program Files (x86)\Raptr\plugins\libyahoojp.dll
MD5: 7bbab98b361fae84b605cda9c00c3c2a C:\Program Files (x86)\Raptr\plugins\ssl-nss.dll
MD5: ae21c53f9ed08b4c2db2984653ded017 C:\Program Files (x86)\Raptr\plugins\ssl.dll
MD5: b9da415b772ee5a749c5e09485553584 C:\Program Files (x86)\Raptr\PyQt4.QtCore.pyd
MD5: 8ba9d89284dcdd9a151d8f57033f3e0d C:\Program Files (x86)\Raptr\PyQt4.QtNetwork.pyd
MD5: be987d3547dd0b9cfae7e6995770951b C:\Program Files (x86)\Raptr\python26.dll
MD5: abc5dcac962ae8af7af214dd0d6d4ff6 C:\Program Files (x86)\Raptr\pywintypes26.dll
MD5: 3f29a1716a17246efcd1cadba36b058c C:\Program Files (x86)\Raptr\QtCore4.dll
MD5: 52e69c80a3dd004ac2856e767d331a70 C:\Program Files (x86)\Raptr\QtNetwork4.dll
MD5: bd76b73cb25d9d4b8f23b7857027bf96 C:\Program Files (x86)\Raptr\raptr_im.exe
MD5: d172b8cda0ddfdf2f28e0194b0871ee1 C:\Program Files (x86)\Raptr\sip.pyd
MD5: 0e24183afd912b7587d18add51c5d577 C:\Program Files (x86)\Raptr\smime3.dll
MD5: 4c902b5fc061d6ad302f07a77372582c C:\Program Files (x86)\Raptr\softokn3.dll
MD5: 7951811d345ad92685c54570803423e0 C:\Program Files (x86)\Raptr\sqlite3.dll
MD5: df3ed300b16cf8d9379d0ed2d674304c C:\Program Files (x86)\Raptr\ssl3.dll
MD5: 526d928d13e0e141c01ba3799fd8338b C:\Program Files (x86)\Raptr\win32api.pyd
MD5: ba845eb55909e3d3899055e81bab58eb C:\Program Files (x86)\Raptr\zlib1.dll
MD5: ed2cb9e4bce9e0f5e59e2eb9e2d3c2c1 C:\Program Files (x86)\Samsung\Kies\External\DeviceModules\UPNPDevice_Kies.dll
MD5: 41f4324bdce20f0c0a2ee5baa7cded5b C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MD5: 91c7d1b8e8ed61327781f3058e4be3c7 C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe
MD5: e0ee6999254fb958c6cf058f4e20eba2 C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MD5: cdcdd183acaa0b3a78a2287556bc7450 C:\Program Files (x86)\Simpo PDF Creator Lite\SpcLiteSrv.exe
MD5: b6080f3a1ca495190d1583c2202caa61 C:\Program Files (x86)\Skype\Phone\Skype.exe
MD5: db0405d9aad62f0762e0876ac142b7e1 C:\Program Files (x86)\Skype\Updater\Updater.exe
MD5: a76e320727e68b366046708a833ceb5b C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
MD5: 2cb36c206d5158c49366906a53bec2fa C:\Program Files (x86)\Sony\Marketing Tools\HammerProgram.dll
MD5: f6ea75a95be7580273f6f4437e58a508 C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe
MD5: d4197cf0c8567046fd4af28ff47af528 C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
MD5: 796406d7d14ae38b810b419abd72df99 C:\Program Files (x86)\Trusteer\Rapport\bin\ATL80.DLL
MD5: a1b2ed73e19ef81c32ed163f852db266 C:\Program Files (x86)\Trusteer\Rapport\bin\MSVCP80.dll
MD5: ecadf3593243763180d9b6ede760531d c:\program files (x86)\trusteer\rapport\bin\MSVCR80.dll
MD5: 1b2b97d1927b95f1c1a40a4fac0179d5 C:\Program Files (x86)\Trusteer\Rapport\bin\RapportKoan.DLL
MD5: d9ef54568fafcb4be4637068e768409a C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
MD5: 0fcfc07484f3117642cd04726947e967 C:\Program Files (x86)\Trusteer\Rapport\bin\RapportUtil.dll
MD5: 42a30ad650abe3c20b498594ff2c4c17 c:\program files (x86)\trusteer\rapport\bin\rooksbas.dll
MD5: b4a20cb7ed000397e60e21c1ca393c09 c:\program files (x86)\trusteer\rapport\bin\rookscom.dll
MD5: 75e9bec7158457cedc1a0362e0a9fa2d c:\program files (x86)\trusteer\rapport\bin\rooksdol.dll
MD5: 06917b0649e334c43bfd529afcdc6c1c C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys
MD5: 6a36c7b3dfcf56bc164cb399bc4943a7 C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys
MD5: bd8684f41a5faaf02d07cc91aacf7000 C:\Program Files (x86)\Vuze\aereg.dll
MD5: 8e0d9c6d2b4c3133f603f819302a239f C:\Program Files (x86)\Vuze\plugins\azitunes\jacob-1.14.3-x86.dll
MD5: 811ba89d9064eaa50c89055e0ba46523 C:\Program Files (x86)\Vuze\plugins\azitunes\libProcessAccess.dll
MD5: 0ee505f20817f13dea0c6907a94469d2 c:\program files (x86)\windows live\companion\companioncore.dll
MD5: af8259001224340fc7c5c28d44786ce4 C:\Program Files (x86)\Windows Live\Contacts\abssm.dll
MD5: 7dd1a2d88f4ff78bb36857b3fb2feb6f C:\Program Files (x86)\Windows Live\Contacts\condb.dll
MD5: 9a89f6e17c2574f73825c715c3cae982 C:\Program Files (x86)\Windows Live\Contacts\conproxy.dll
MD5: dcd05ff0d431f40939d557dc04182926 C:\Program Files (x86)\Windows Live\Contacts\consync.dll
MD5: bcf6b0b3f0de9e541ee3483b23845f91 C:\Program Files (x86)\Windows Live\Contacts\LiveNatTrav.dll
MD5: adb75755d2372fb70f3dc346654c3fa4 C:\Program Files (x86)\Windows Live\Contacts\LivePlatform.dll
MD5: b37a9f9d71457bcf8e43a07da54a3ae1 C:\Program Files (x86)\Windows Live\Contacts\LiveTransport.dll
MD5: e7587845b892f3d3c7c260f23e73169b C:\Program Files (x86)\Windows Live\Contacts\lmcdata.dll
MD5: d77a2698cc74ba040fee98735b1766f2 C:\Program Files (x86)\Windows Live\Contacts\ObjectStore.dll
MD5: 89c8c0003b70912dbf9e72130934f542 C:\Program Files (x86)\Windows Live\Contacts\PresenceIM.dll
MD5: 32d7820ee5d7da1c66214ee0a1d35715 C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
MD5: ec0bd467f62f6dcd7b2e154faa70658a C:\Program Files (x86)\Windows Live\Device Manager\msgrdvmn.exe
MD5: 40cdfad174b3d5e80f95dda003c0b97f C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
MD5: 758169cb9276c5529a234a1593a47120 C:\Program Files (x86)\Windows Live\Installer\wlshim.dll
MD5: 7321d7dee338f2989990399c002b38b2 C:\Program Files (x86)\Windows Live\Installer\WLSRes.dll
MD5: 3a8e5a6763024d6a15a85069ba82f2d1 C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
MD5: 5db64f0adbad651b1cd099a79ecaab2b C:\Program Files (x86)\Windows Live\Messenger\RTMPLTFM.dll
MD5: 7366d1e2ca42ad556526c84d519f05c5 C:\Program Files (x86)\Windows Live\Messenger\shareanything.dll
MD5: c2fb797884d9cc30ac0b5fb28146fe7a C:\Program Files (x86)\Windows Live\Messenger\uccapi.dll
MD5: 68c23b93f7b1fbe1e31c6d64d41554d8 C:\Program Files (x86)\Windows Live\Messenger\vvpltfrm.dll
MD5: 0a1ff0b674e2f268799442a434a63bb3 C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
MD5: 2bec36546e074184660203e51682ba58 C:\Program Files (x86)\Windows Live\Shared\UXCalendar.dll
MD5: 4a2cf4297e29be80512cc61cb46e0b96 C:\Program Files (x86)\Windows Live\Shared\uxcontacts.dll
MD5: 950f3dcbe3005a83879ce8465877ac94 C:\Program Files (x86)\Windows Live\Shared\UXCore.dll
MD5: a2fca1cb184c1b3c6190f2f202961efd C:\Program Files (x86)\Windows Live\Shared\uxctl.dll
MD5: 81d34bc1963f87ff89f9e18e1d5a55f8 C:\Program Files (x86)\Windows Live\Shared\WLBici.dll
MD5: 5589384704dc13598208a36d77d77902 C:\Program Files (x86)\Windows Live\Shared\WLDCore.dll
MD5: c67c0cdad89f0efa6026aa1489a39086 C:\Program Files (x86)\Windows Live\Shared\wldlog.dll
MD5: 9476267bb2b113e40ec4b998dbf08fb0 C:\Program Files (x86)\Windows Live\Shared\wlidux.dll
MD5: f9d908de6b166dac9b89bf62fa291ce8 C:\Program Files\Bonjour\mdnsNSP.dll
MD5: ebbcd5dfbb1de70e8f4af8fa59e401fd C:\Program Files\Bonjour\mDNSResponder.exe
MD5: afb5b500ad69e24ed1bc15d1161641ef C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
MD5: 2bacd71123f42cea603f4e205e1ae337 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
MD5: db544b487f360128dc1c383e0a6fcc2f C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
MD5: 46d249f9db7844cc01050a9345f0f61b C:\Program Files\iPod\bin\iPodService.exe
MD5: 01e6a1e53e39a0b1e2b6ae62bf52e8ec C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
MD5: 2d6605c1f0bbd0f71a4cb3a5b1e07240 C:\Program Files\Sony\VAIO Power Management\SPMService.exe
MD5: 34063c0b842e73662067f9b03947c55c C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
MD5: a8f5d1651a324abc6c308891a1252ee3 C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
MD5: 7d9d615201a483d6fa99491c2e655a5a C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
MD5: 3289766038db2cb14d07dc84392138d5 C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
MD5: 58a38e75f3316a83c23df6173d41f2b5 C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
MD5: ce56952b8ce29c6b0f6b984638b48ac7 C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
MD5: 06c8fa1cf39de6a735b54d906ba791c6 C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
MD5: a9f3bfc9345f49614d5859ec95b9e994 C:\Program Files\Windows Media Player\wmpnetwk.exe
MD5: 94e62797bc523fdc07f537ad8dd051fc C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.dll
MD5: 972735c0a9a663e22a69b7b8f0646505 C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
MD5: f4c253d1c2da99696e135a320c54dbad C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
MD5: 5e0459ed0a8f540d2f7b6e52da12c9d4 C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys
MD5: bd76b73cb25d9d4b8f23b7857027bf96 C:\PROGRA~2\Raptr\raptr_im.exe
MD5: f8c20bcd2bdaab50072bffa5f651fdb7 C:\PROGRA~2\Raptr\raptrstub.exe
MD5: 6a3c0505eeeba32ecf7ebac24d6bbf81 c:\Smsltd\Sam\platform\tomcat\bin\tomcat5.exe
MD5: 8a34381780e00e5b40dc99e8937dd512 C:\Users\pcwt5\.swt\lib\win32\x86\swt-gdip-win32-3802.dll
MD5: 8efe0c58e9da0831cedc134a47ebd1a0 C:\Users\pcwt5\.swt\lib\win32\x86\swt-win32-3802.dll
MD5: f7a08c935e2e6bbd45bd800fcc641354 C:\Users\pcwt5\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
MD5: 7ba6ae935ec0024d3d30327742797f1a C:\Users\pcwt5\AppData\Local\Microsoft\Windows Live\Installer\Catalog\wlsres.dll.mui
MD5: e2e36eebd96fad40166167f4d3b7ccd5 C:\Users\pcwt5\AppData\Local\Microsoft\Windows Live\Installer\Catalog\wlupdate.15.4.120.0.dll
MD5: 949af3e92b8adf423a222f4a27a41a30 C:\Users\pcwt5\AppData\Local\Temp\b3ac04aa-9413-4ecb-ac45-ed44495e62a6\CliSecureRT.dll
MD5: 09b4e13d25623d879d35286e2d29ff13 C:\Users\pcwt5\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
MD5: 67ec459e42d3081dd8fd34356f7cafc1 C:\Users\pcwt5\AppData\Roaming\Azureus\plugins\azutp\win32\msvcr100.dll
MD5: f14739c026677a399f16e4072d80a981 C:\Users\pcwt5\AppData\Roaming\Azureus\plugins\azutp\win32\utp.dll
MD5: 1b0925ed638ef9b8915b152de9886a46 C:\Users\pcwt5\Downloads\PeerBlock_r162__x64_Release_(Vista)\pbfilter.sys
MD5: 368b2bee3f88bfb883d2c74a258de6f6 C:\Windows\AppPatch\AcLayers.DLL
MD5: 638f45c6397c911828d2a478729b23aa C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MD5: 95e8d9c0e865ead5a440c91d933b7d60 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MD5: 56cebc1d7b1d98959b87149ea3d22071 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll
MD5: fff324a37cb0a2704d070f41059e5ab0 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\075d9c27aa02085fef8983b5f5f85834\System.ServiceProcess.ni.dll
MD5: 5764f20720f350d46fd6cef6cb3a4941 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll
MD5: dcc1ac29aa8d2ce725cc86a626cec360 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MD5: 3d725c257ea3952158fffbb5874896da C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MD5: d4e6766277947411b9d6b5ea975a3784 C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\90842cf922c71c82718ba71d5801c30c\mscorlib.ni.dll
MD5: d90695029f0924b15a102f50d8374a2d C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\5eb81f84116fecd08f3acf0603204457\PresentationCore.ni.dll
MD5: 10a1fbe7de246e871b084b7d29969595 C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\aceee343625b7f4576e6d48fb91977e3\PresentationFramework.ni.dll
MD5: a701eb1538f0eee3e3190401484def68 C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\eaeaf5f980c23f6075820513748695d9\PresentationFramework.Aero.ni.dll
MD5: f80fd5c1ca995d37681fafcf7567bcb0 C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\22d54437cf1de9478f5c2c23f07eb9d6\System.Core.ni.dll
MD5: 9d819d02e3ff2d5df12c12ff2a8c5525 C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5654b44c3d45f7863f6d3d218a87967a\System.Drawing.ni.dll
MD5: fa6ec41a615a168cb9ec386ffc09142b C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\888be382c48887c830026806a9587e31\System.Management.ni.dll
MD5: 030f3637c537e35bf179dd53ab33dc95 C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\1378a1c9290882206f4d5a6561bfc5d7\System.Runtime.Remoting.ni.dll
MD5: 866c086b6ee88962cae22d4f37919742 C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\33d45f88d59de3b84f2ed79095e29f41\System.Windows.Forms.ni.dll
MD5: 1831b1cbd446139d74ba1d079ad7354f C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\a07e3882af9ea368a54742fc19c86662\System.Xaml.ni.dll
MD5: e903aab11d9493e34b9d6056615968af C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\1084708d3872b8e64f7ec88145298b2d\System.Xml.ni.dll
MD5: e4c9ca930b7e77dd1c8c175d05fccba9 C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff7c4aa829c327b186ef85cff3289bdf\System.ni.dll
MD5: af65e7c1b1c08c12f3cff541dc4b4a40 C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\8729094857a3f3185deec237ef30b087\WindowsBase.ni.dll
MD5: 365052984f5ce18f2f88fa6726332125 C:\Windows\Downloaded Program Files\AudioClient.ocx
MD5: 09561c776803b43bc3ea65241dad578a C:\Windows\Downloaded Program Files\avutil-51.dll
MD5: 021de43e92b10259fdae8e6853b88101 C:\Windows\Downloaded Program Files\AxMP4Dec.dll
MD5: a04e6a2d1159fe65f25bf7a904e34262 C:\Windows\Downloaded Program Files\ieatgpc.dll
MD5: d81300e7f661e9c1c66b076641cce4a9 C:\Windows\Downloaded Program Files\ipv6cam.ocx
MD5: ebe1f1d8facc49606a9f9ffd3b2f58ea C:\Windows\Downloaded Program Files\LMIBroker.exe
MD5: 8ddb1dc9b41b152e2c01e6cc6b26e684 C:\Windows\Downloaded Program Files\LMIGuardian.exe
MD5: a02a4fde3191f652857d9c087c6c12a9 C:\Windows\Downloaded Program Files\LMIGuardianDll.dll
MD5: 990ed734254b1d43884bd4a856e75b2e C:\Windows\Downloaded Program Files\LMIGuardianEvt.dll
MD5: 9650a23fb4bde5eef361ba19a0e38363 C:\Windows\Downloaded Program Files\MJPEGRender.ocx
MD5: 2a8c7ca8b40ca320bf88d0ff92da7cf8 C:\Windows\Downloaded Program Files\qsax.dll
MD5: da90c98f231e25fd87d7984a6831f8ae C:\Windows\Downloaded Program Files\RACtrl.dll
MD5: 190040d02e6b16047d63e3bebb2e174c C:\Windows\Downloaded Program Files\swscale-2.dll
MD5: c4002b6b41975f057d98c439030cea07 C:\Windows\ehome\ehRecvr.exe
MD5: 332feab1435662fc6c672e25beb37be3 C:\Windows\Explorer.exe
MD5: 5988fc40f8db5b0739cd1e3a5d0d78bd C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
MD5: a8b7f3818ab65695e3a0bb3279f6dce6 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
MD5: 59d16fd61802739988728790bf1232b3 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
MD5: 96076b8fcdff3c6db4ccfbf7fe3a9b28 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
MD5: aef38aeed3a7b6db23f38c529bd37120 C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
MD5: bbb587a1f994825b85f293852a6241d8 C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
MD5: 92f8656d0167412a2379517c3f704ffb C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
MD5: baa9514fa3e3804e886b15c5320ce5c8 C:\Windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
MD5: 9383d302f0d95db0802308cf250727f3 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationNative_v0400.dll
MD5: b3444c710554c0279d6f321b7daf3084 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\wpfgfx_v0400.dll
MD5: 773212b2aaa24c1e31f10246b15b276c C:\Windows\servicing\TrustedInstaller.exe
MD5: ac47b55b38d626b678897f195793ecab C:\Windows\system32\Adobe\Director\np32dsw.dll
MD5: 37ce7a79d901235504f9add99a7ac177 C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
MD5: 7a044b0746d957bfd7aae18cfd8422c5 C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
MD5: 0a12d948b2cc7fbb01e28daa5e7c01ea C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
MD5: cb4863f2bd46aa02d954b86b56a149da C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
MD5: 2cae4ed96aa903578452b85e5383940c C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
MD5: e96170a923a69711b4d08e885f05d889 C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
MD5: 44ca750001f0db8c308d1ca4abd0f8e5 C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
MD5: 15df9eb8daba744e4d0e9b117f760f49 C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
MD5: a2385b02cb492131af6f79959a42a93f C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
MD5: 3ad0832e8e29fbe9bd722e3354dd4f57 C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
MD5: 88dc1714e38d4eb41a4378aab98e753b C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
MD5: a1d4deb5176c96b1a80715f6a1fdfb4f C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
MD5: b302a1630e5aea2d830b76bbcd761d72 C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
MD5: 22f767bb3b704f79363999bd4a49e68e C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
MD5: 00b83152f99e846fefb139c574cd4a96 C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
MD5: 50035c36acee069d0c209288208626d9 C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
MD5: cdf677ad479fa99f2e4d9766b83ef53c C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
MD5: 12c34c7325b74e8347e8db75279a8f3f C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
MD5: 96324ed3218133a13fff82055afac733 C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
MD5: a7bdf88a46bcc218b73e383e6547ba5f C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
MD5: 573c70d7076f2f101752a727db7c2280 C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
MD5: 29b01d02e9ff3d8a63f8747b50a5a1a3 C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
MD5: 0cc90316b34118e3b8af760d92c262a4 C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
MD5: 6f399c3e562c4e69df96039743a7aa26 C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
MD5: f3b94e04053c2483a6fecf953d6661d6 C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
MD5: c6942a18444bfffc3cceca69a7e1879c C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
MD5: f47e08b025ae376ef1342fc9ecfecdf1 C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
MD5: 8a13e14b68e00ac2cb67420396d8a1c5 C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
MD5: 863f793d15b4026b1a5fdeca873d4d84 C:\Windows\system32\apphelp.dll
MD5: 4634b0ee4098f0f2b972bdac19a802e7 C:\Windows\system32\audiodev.dll
MD5: c940f2f5c60b3727c5f18840735b229c C:\Windows\system32\AUDIOSES.DLL
MD5: 7a6986dd659b96398a11af5173892715 C:\Windows\system32\Cabinet.dll
MD5: ad7b9c14083b52bc532fba5948342b98 C:\Windows\system32\cmd.exe
MD5: 4e5fe39c1076d115ec8bfcfe14d75b80 C:\Windows\system32\credssp.dll
MD5: a585bebf7d054bd9618eda0922d5484a C:\Windows\system32\cryptsvc.dll
MD5: 28ca821606669bb9215ce010767720fa C:\Windows\system32\cryptui.dll
MD5: 465bea35f7ed4a4a57686dea7ea10f47 C:\Windows\system32\cscapi.dll
MD5: 35cede6439ff0d8903223a0817ffe46c C:\Windows\system32\d2d1.dll
MD5: 2de90400a63818fa38c4c5c9adb166bf C:\Windows\system32\d3d10_1.dll
MD5: 9c36a3ca80f9b204c670336d344f5df8 C:\Windows\system32\d3d10_1core.dll
MD5: 78b7a3bda25c90daa50d36a56a8d1351 C:\Windows\system32\D3D10Warp.dll
MD5: 6ef5f3f18413c367195f06e503ab86a6 C:\Windows\system32\d3d9.dll
MD5: 284b59d7b56fc76c80e622ab856b1fab C:\Windows\System32\davclnt.dll
MD5: 53223b673a3fa2f9a4d1c31c8d3f6cd8 C:\Windows\system32\dbghelp.dll
MD5: 162d247e995eaebf3ef4289069e1111c C:\Windows\system32\DEVRTL.dll
MD5: e9e01eb683c132f7fa27cd607b8a2b63 C:\Windows\system32\dhcpcore.dll
MD5: b40420876b9288e0a1c8cca8a84e5dc9 C:\Windows\system32\DNSAPI.dll
MD5: 062373995eae5f0eac9eaa9192136bfb C:\Windows\system32\dnssd.dll
MD5: ccf4e830512c0a298791f1d34b81c215 C:\Windows\system32\dwrite.dll
MD5: 0411b7958c524bb2e91ee1b3035fe321 C:\Windows\system32\dxgi.dll
MD5: 1060d60cca69a8136a87dbe3c8f4a467 C:\Windows\system32\EhStorAPI.dll
MD5: 5c3f9dba818cd93379d1a0f215270374 C:\Windows\system32\ESENT.dll
MD5: 8b88ebbb05a0e56b7dcc708498c02b3e C:\Windows\system32\Explorer.exe
MD5: e2a17bcc08d92f42e08af6ba2f93aba7 C:\Windows\system32\explorerframe.dll
MD5: 03a03a453f1aaae0c73aaaf895321c7a C:\Windows\System32\fwpuclnt.dll
MD5: b23137887833d849edb4f03ed8124e71 C:\Windows\system32\IEFRAME.dll
MD5: cf316fa04d6bd6168223a0e029c6c874 C:\Windows\system32\IEUI.dll
MD5: 268a21416da5d128e8a45ec22f6cdf01 C:\Windows\system32\igd10umd32.dll
MD5: c6dad67248a60d62b5fc6e412b704484 C:\Windows\system32\igdumd32.dll
MD5: e532981912306c9b88edc9d0b322c71c C:\Windows\system32\igdumdx32.dll
MD5: 68563ac389f92ee79f1c714288ba1dce C:\Windows\system32\ImgUtil.dll
MD5: a6f09e5669d9a19035f6d942caa15882 C:\Windows\system32\IMM32.DLL
MD5: ed27d1d75bf5e683ad3edd9e3123520a C:\Windows\system32\inetcomm.dll
MD5: a90dc9abd65db1a8902f361103029952 C:\Windows\system32\Iphlpapi.DLL
MD5: 2978077b7dd5b5e24a0a7c0a75b08a5a C:\Windows\system32\jscript.dll
MD5: 77b645b655759f574b2555276fa111d9 C:\Windows\system32\Macromed\Flash\NPSWF32.dll
MD5: 8bc9db92c4b2f3be89185beab2afc1f6 C:\Windows\system32\mapi32.dll
MD5: fdba1dec4f9be4274a00b9b850c63484 C:\Windows\System32\mf.dll
MD5: bfebb6f76a0988a38260870c61a6d1b7 C:\Windows\system32\MFReadWrite.dll
MD5: 243974ec02f7ae49e4179c54624143ab C:\Windows\System32\MMDevApi.dll
MD5: 7f8678c59f188528d60104e697c2361e C:\Windows\system32\mscms.dll
MD5: d83947a58613e9091b4c9cc0f1546a8d C:\Windows\SYSTEM32\MSCOREE.DLL
MD5: 7069aab8536f29ed7323140973a2894b C:\Windows\system32\msdmo.dll
MD5: 7940c04ce581288a3498d57ec4ee47d2 C:\Windows\system32\msfeeds.dll
MD5: f82bf2cb075b49e9fab5ff213c45c020 C:\Windows\system32\MSHTML.dll
MD5: 0ce4d3bd306da6d1f6f233c403f5b667 C:\Windows\system32\msi.dll
MD5: eee470f2a771fc0b543bdeef74fceca0 C:\Windows\system32\msiexec.exe
MD5: 35aae2e841aa1a949775168e119482c9 C:\Windows\system32\msls31.dll
MD5: 8999b8631c7fd9f7f9ec3cafd953ba24 C:\Windows\system32\MSWSOCK.DLL
MD5: 4205ca4cd43e725db9ff02b0a588a8c6 C:\Windows\System32\msxml3.dll
MD5: 269d867585cda04d3972a39f3694e7df C:\Windows\System32\msxml6.dll
MD5: 8b57a1ad493653bb57f281fe75dd175b C:\Windows\System32\NaturalLanguage6.dll
MD5: 8ce1a6d16b9077e91e192499eb611c5f C:\Windows\system32\NETAPI32.dll
MD5: eab975db4c2805927fe5bd047d05c9aa C:\Windows\System32\netshell.dll
MD5: 20b3934db73eaba2b49b7177873cb81f C:\Windows\system32\netutils.dll
MD5: 3d57ffbad3ed16b63de3879bab0fb56f C:\Windows\system32\NetworkExplorer.dll
MD5: 104a1070e90f1c530328e69b49718841 C:\Windows\System32\nlaapi.dll
MD5: d7b7159bc8374e87d8c45a30377a3440 C:\Windows\System32\ntlanman.dll
MD5: 03f3b770dfbed6131653ceda8ca780f0 C:\Windows\system32\ntshrui.dll
MD5: 928cf7268086631f54c3d8e17238c6dd C:\Windows\system32\ole32.dll
MD5: 8e01332cc4b68bc6b5b7effe374442aa C:\Windows\system32\oleacc.dll
MD5: 703ffd301ab900b047337c5d40fd6f96 C:\Windows\system32\olepro32.dll
MD5: 487f44b08efeaf5ad087878357b9403d C:\Windows\system32\Pdh.dll
MD5: 414bba67a3ded1d28437eb66aeb8a720 C:\Windows\system32\pla.dll
MD5: e98278865e8daba21cfe5fe4be34210a C:\Windows\system32\PortableDeviceApi.dll
MD5: 12c45e3cb6d65f73209549e2d02eca7a C:\Windows\system32\propsys.dll
MD5: dbc02d918fff1cad628acbe0c0eaa8e8 C:\Windows\system32\provsvc.dll
MD5: 102cf6879887bbe846a00c459e6d4abc C:\Windows\system32\Riched20.dll
MD5: 5997d769cdb108390dcfaebf442bf816 C:\Windows\system32\RpcRtRemote.dll
MD5: 0915c4db6dbc3bb9e11b7ecbbe4b7159 C:\Windows\system32\rtutils.dll
MD5: 68ecca523ed760aafc03c5d587569859 C:\Windows\system32\samcli.dll
MD5: 6581b52e133cc6d00661c58968c7e212 C:\Windows\system32\SearchFolder.dll
MD5: 236f286e103fd44bd85fdd93097fd5dd C:\Windows\system32\SearchIndexer.exe
MD5: 69678722290c78d5d7198c60b5a4e3e8 C:\Windows\system32\secur32.dll
MD5: 4ae380f39a0032eab7dd953030b26d28 C:\Windows\system32\sessenv.dll
MD5: be247ae996a9fde007a27b51413a6c79 C:\Windows\System32\shdocvw.dll
MD5: 414da952a35bf5d50192e28263b40577 C:\Windows\System32\shsvcs.dll
MD5: 0a8e209f3c1d1fb6889465d1019cc5bf C:\Windows\system32\SHUNIMPL.DLL
MD5: 5ccdcd40e732d54e0f7451ac66ac1c87 C:\Windows\system32\srvcli.dll
MD5: 6a1e8deb746912df47cf651e138401d7 C:\Windows\System32\StructuredQuery.dll
MD5: 919001d2bb17df06ca3f8ac16ad039f6 C:\Windows\system32\SXS.DLL
MD5: 613bf4820361543956909043a265c6ac C:\Windows\System32\tapisrv.dll
MD5: 465dbf63a5049e4db4bc5c12ffe781cb C:\Windows\system32\tquery.dll
MD5: 954ea9b34f155c844b11f4047a8f6f89 C:\Windows\system32\upnp.dll
MD5: d15618a0ff8dbc2c5bf3726bacc75a0b C:\Windows\system32\USERENV.dll
MD5: 61ac3efdfacfdd3f0f11dd4fd4044223 c:\windows\system32\userinit.exe
MD5: 84b633c780df58fbf240f37ea776e9e7 C:\Windows\system32\VESWinlogon.dll
MD5: cfc7d8289d2b5f3cf8d16e2db7f93d4a C:\Windows\system32\wbem\fastprox.dll
MD5: 704314fd398c81d5f342caa5df7b7f21 C:\Windows\system32\wbemcomn.dll
MD5: 34eee0dfaadb4f691d6d5308a51315dc C:\Windows\System32\wcncsvc.dll
MD5: d205c24a9d069049fe2df2a1b38726a7 C:\Windows\system32\wdmaud.drv
MD5: a9d880f97530d5b8fee278923349929d C:\Windows\System32\webclnt.dll
MD5: fb19fc5951a88f3c523e35c2c98d23c0 C:\Windows\system32\webio.dll
MD5: 590d5c506044fe02ff7643e32ff9bdac C:\Windows\system32\wer.dll
MD5: 1db71a41daee6b3f8cd0dda8209fa2d5 C:\Windows\system32\WindowsCodecs.dll
MD5: ca9f7888b524d8100b977c81f44c3234 C:\Windows\system32\WINHTTP.dll
MD5: d5aefad57c08349a4393d987df7c715d C:\Windows\system32\winmm.dll
MD5: 9419abf3163b6f0e3ad3dd2b381c879f C:\Windows\system32\WinSCard.dll
MD5: 9e4b0e7472b4ceba9e17f440b8cb0ab8 C:\Windows\system32\WINSPOOL.DRV
MD5: 418e881201583a3039d81f43e39e6c78 C:\Windows\system32\WINSTA.dll
MD5: e5a4a1326a02f8e7b59e6c3270ce7202 C:\Windows\system32\wkscli.dll
MD5: 1957d49a9613faad1c73b508cce02aa5 C:\Windows\system32\wmp.dll
MD5: 0fbc74aa20fe0ae6884279f893169c60 C:\Windows\system32\wmploc.dll
MD5: 0f416e23dd2eb4debe70608020cfd283 C:\Windows\system32\wmvcore.dll
MD5: 181f69bc9c406b7fb5c0ade8031630ac C:\Windows\system32\wpdshext.dll
MD5: ac122407b29378ff9646f03404ac7c54 C:\Windows\system32\wshbth.dll
MD5: 1b91cd34ea3a90ab6a4ef0550174f4cc C:\Windows\system32\WsmSvc.dll
MD5: 6a6b2ee4565a178035be2a4ff6f2c968 C:\Windows\system32\WTSAPI32.dll
MD5: edf2a5e96bec469da3f64e9bdd386111 C:\Windows\system32\xmllite.dll
MD5: d2958325c1ae1ae37a83334c6229e3bc C:\Windows\SysWOW64\actxprxy.dll
MD5: 95e2376b3323f062eb562b8586d0f14a C:\Windows\syswow64\ADVAPI32.dll
MD5: f436e847fa799ecd75ad8c313673f450 C:\Windows\syswow64\CFGMGR32.dll
MD5: d1de1eafde97be41cf6585027ff3e732 C:\Windows\syswow64\comdlg32.dll
MD5: 454e292861a4ef1d72f43f42bbaf6917 C:\Windows\syswow64\CRYPT32.dll
MD5: 6ef5f3f18413c367195f06e503ab86a6 C:\Windows\SysWOW64\d3d9.dll
MD5: 2eeff4502f5e13b1bed4a04ccad64c08 C:\Windows\syswow64\DEVOBJ.dll
MD5: 19779242217d7403577c34afd95c8626 C:\Windows\SysWOW64\dispex.dll
MD5: 4312debdacbe338f0b90e7f08e7672be C:\Windows\SysWOW64\Dxtmsft.dll
MD5: ca493a92da9880b6f1a89c3dbd54ba5b C:\Windows\SysWOW64\Dxtrans.dll
MD5: 53af1750fd45ddd705c9b68c7dc58827 C:\Windows\SysWOW64\EVR.dll
MD5: 19bc13711ac403feb830522e4831701b C:\Windows\SysWOW64\gameux.dll
MD5: d6d3ad7bf1d6f6ce9547613ed5e170a2 C:\Windows\syswow64\GDI32.dll
MD5: b23137887833d849edb4f03ed8124e71 C:\Windows\SysWOW64\ieframe.dll
MD5: 1341915d4705a3ba68bc49e83024ade0 C:\Windows\syswow64\iertutil.dll
MD5: a6f09e5669d9a19035f6d942caa15882 C:\Windows\syswow64\IMM32.dll
MD5: 328e900311d5c31f399730c7ccc8883a C:\Windows\SysWOW64\jscript9.dll
MD5: 99c3f8e9cc59d95666eb8d8a8b4c2beb C:\Windows\syswow64\kernel32.dll
MD5: 5c2d21c9b6b6175b89bc5d7e3cb979e1 C:\Windows\syswow64\KERNELBASE.dll
MD5: c140f86932b5b61f54a4d836e2d34ab2 C:\Windows\SysWOW64\ksproxy.ax
MD5: 630a31f277349109299e590856a4b004 C:\Windows\SysWOW64\kswdmcap.ax
MD5: bd007d624e4cd905ab2e8df2c6de891c C:\Windows\SysWOW64\Macromed\Flash\Flash11c.ocx
MD5: dc6612a9ee015a36ba2a27bc9cc12537 C:\Windows\SysWOW64\MFC42.dll
MD5: 938f39b50bafe13d6f58c7790682c010 C:\Windows\syswow64\MSASN1.dll
MD5: f82bf2cb075b49e9fab5ff213c45c020 C:\Windows\SysWOW64\mshtml.dll
MD5: 3de43bfdaf3f8979699650202aa18b12 C:\Windows\SysWOW64\msmpeg2vdec.dll
MD5: 9dc80a8aaaaac397bdab3c67165a824e C:\Windows\syswow64\msvcrt.dll
MD5: ab45a736c78a166b89c0a578ad5e4392 C:\Windows\SysWOW64\npDeployJava1.dll
MD5: e73b0f1819602cb6ef176fb78d76a47b C:\Windows\SysWOW64\ntdll.dll
MD5: 7d34af98a706230cc2dedfe0cabf87ab C:\Windows\SysWOW64\ODBC32.dll
MD5: 928cf7268086631f54c3d8e17238c6dd C:\Windows\syswow64\ole32.dll
MD5: 6c765e82b57f2e66ce9c54ac238471d9 C:\Windows\syswow64\OLEAUT32.dll
MD5: a2a95e7e3b2b486bae0a9af9c440e370 C:\Windows\SysWOW64\QuickTimeCheck.ocx
MD5: 99286d542a59c585329223f6c7f8e1db C:\Windows\SysWOW64\rmoc3260.dll
MD5: c5ad8083cf94201f1f8084ecc696a8b7 C:\Windows\syswow64\RPCRT4.dll
MD5: 1affb765af1fdcc0c185c38e9ddddaee C:\Windows\SysWOW64\schannel.dll
MD5: 10fb16b50affda6d44588f3c445dc273 C:\Windows\syswow64\SETUPAPI.dll
MD5: 358fc25391c6733eaf49db480afdfd8c C:\Windows\syswow64\SHELL32.dll
MD5: 8cc3c111d653e96f3ea1590891491d71 C:\Windows\syswow64\SHLWAPI.dll
MD5: ce292c4c10b8db6070f262ea2733f0dc C:\Windows\SysWOW64\sqmapi.dll
MD5: 44b2693080979a0e05085b3faaa43a09 C:\Windows\syswow64\SspiCli.dll
MD5: 672d7c5080acb003343006405da2e621 C:\Windows\SysWOW64\thumbcache.dll
MD5: 4c162b2a8e175f46db41b21c77688221 C:\Windows\syswow64\urlmon.dll
MD5: 5e0db2d8b2750543cd2ebb9ea8e6cdd3 C:\Windows\syswow64\USER32.dll
MD5: 804aaafebb3ad5f49334dd906bcb1de5 C:\Windows\syswow64\USP10.dll
MD5: 5e7a2cf7719161c5e6c0e47d67ad45ae C:\Windows\SysWow64\vbscript.dll
MD5: 5193de33f3284c447e0d31dafbf92570 c:\windows\syswow64\webcheck.dll
MD5: 590d5c506044fe02ff7643e32ff9bdac C:\Windows\SysWOW64\wer.dll
MD5: 44465367256d1c72b58f5abaa19e7016 C:\Windows\syswow64\WININET.dll
MD5: a7d79e9f660340ab20cd73f12910985f C:\Windows\syswow64\WINTRUST.dll
MD5: a8bb45f9ecad993461e0fef8e2a99152 C:\Windows\syswow64\WLDAP32.dll
MD5: ff3c5379de4fd18498c255d096fed3f5 C:\Windows\SysWOW64\WMADMOD.DLL
MD5: 7ff15a4f092cd4a96055ba69f903e3e9 C:\Windows\syswow64\WS2_32.dll
MD5: 447256d1c026654c5cd3cc17e7b20631 C:\Windows\SysWOW64\XAudio64.dll
MD5: edf2a5e96bec469da3f64e9bdd386111 C:\Windows\SysWOW64\XmlLite.dll
MD5: d5e459bed3db9cf7fc6cc1455f177d2d C:\Windows\WinSxS\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d1cb102c435421de\ATL80.DLL
MD5: 0b3595a4ff0b36d68e5fc67fd7d70fdc C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCP80.dll
MD5: c9564cf4976e7e96b4052737aa2492b4 C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll
MD5: e2c48cd0132d4d1dc7d0df9a6bef686a C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80U.DLL
MD5: 28a09777d2d952122567a8a82f1a2c7b C:\Windows\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\MFC80ENU.DLL
MD5: 4c39358ebdd2ffcd9132a30e1ec31e16 C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCP90.dll
MD5: cdbe9690cf2b8409facad94fac9479c9 C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll
MD5: bdac1aa64495d0f7e1ff810ebbf1f018 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\COMCTL32.dll
MD5: 352b3dc62a0d259a82a052238425c872 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\COMCTL32.dll
MD5: 0029eba325f2fc9b6ba46bee33f32a09 C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll

No file uploaded.

Scan finished - communication took 6 sec
Total traffic - 0.02 MB sent, 1.42 KB recvd
Scanned 610 files and modules - 96 seconds

#24
RKinner

Posted 14 May 2012 - 12:30 PM

Malware Expert

Expert
24,625 posts

It's possible that your power supply is marginal and is barely making enough voltage. It certainly should not be getting hot. Warm maybe but not hot.

You really need to get rid of Vuze 1756 C:\Program Files (x86)\Vuze\Azureus.exe. P2P programs are dangerous. The files you get from them are often infected. Sometimes they were clean to start with but were stored on an infected computer. You can see how many connections it is making in the BitDefender log:

Process Azureus.exe (1756) connected on port 52379 --> 72.231.16.121
Process Azureus.exe (1756) connected on port 63832 --> 24.94.245.85
Process Azureus.exe (1756) connected on port 59953 --> 190.183.45.118
Process Azureus.exe (1756) connected on port 63777 --> 85.250.81.230
Process Azureus.exe (1756) connected on port 59386 --> 41.135.158.39
Process Azureus.exe (1756) connected on port 1794 --> 68.224.109.217
Process Azureus.exe (1756) connected on port 55568 --> 71.77.226.210
Process Azureus.exe (1756) connected on port 3488 --> 187.56.20.122
Process Azureus.exe (1756) connected on port 12248 --> 190.152.205.130
Process Azureus.exe (1756) connected on port 64145 --> 75.177.25.183
Process Azureus.exe (1756) connected on port 63105 --> 76.65.17.108
Process Azureus.exe (1756) connected on port 49433 --> 110.174.167.136
Process Azureus.exe (1756) connected on port 65265 --> 46.20.103.109
Process Azureus.exe (1756) connected on port 51040 --> 67.164.2.39
Process Azureus.exe (1756) connected on port 63707 --> 41.248.149.166
Process Azureus.exe (1756) connected on port 54950 --> 108.65.244.9
Process Azureus.exe (1756) connected on port 28282 --> 2.224.107.19

If nothing else this will slow down your computer.

I would try to submit this file

C:\Windows\System32\PrintDisp.exe

to www.virustotal.com and see what they say about it. I don't like files that won't let us look at them.

#25
nightporter

Posted 17 May 2012 - 11:37 PM

Member

Topic Starter
Member
17 posts

PrintDisp, I had to copy it to desktop as it only showed up in a search, when I browsed for it it was not shown.

SHA256:
e8827df15fdb76a2a1ab9411895ffef7ac712de8dbecb96284ef839c9b6e4b19
SHA1:
02e56233fb8577558a0d3663cc43ab64f681a4bb
MD5:
cd3e1e79992f07f9bb6195e497af3544
File size:
857.5 KB ( 878080 bytes )

File name:

PrintDisp.exe
File type:

Win32 EXE

Detection ratio:

0 / 42

Analysis date:

2012-05-04 04:45:23 UTC ( 2 weeks ago )

#26
RKinner

Posted 21 May 2012 - 01:53 PM

Malware Expert

Expert
24,625 posts

Sorry for the delay. Came down with something like pneumonia. Got some antibiotics on Friday and am starting to feel human again.

I don't think we have run speccy yet so let's try that:

Get the free version of Speccy:

http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button) Download, Save and Install it. Run Speccy. When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File, (to your desktop) note the name it gives. OK. Open the file in notepad and delete the line that gives the serial number of your Operating System. (It will be near the top about 10 lines down.) Attach the file to your next post.

Speccy will give us a reading on the voltages on your computer as well as the temps. It's pretty good about the temps but can be a bit off on the voltages but it might point to something.

#27
nightporter

Posted 25 May 2012 - 08:03 AM

Member

Topic Starter
Member
17 posts

Thats now running. I was getting very high cpu temps before I cleaned the dust out of my laptop, which isn't surprising. but the adapter I cant explain. Its worse when connected to an intermediate extension.

#28
nightporter

Posted 27 May 2012 - 01:14 PM

Member

Topic Starter
Member
17 posts

The icon never stopped spinning even after 7 hours.

#29
RKinner

Posted 27 May 2012 - 07:13 PM

Malware Expert

Expert
24,625 posts

Uninstall speccy if it won't work. (You did start it by right click and Run As Admin?) It should work in a few minutes if it is going to work.

Can you get SpeedFan to work?

http://www.almico.com/sfdownload.php

Download, save and Install it (Win 7 or Vista right click and Run As Admin.) then run it by right click and Run As Admin.