Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

CompCav [Solved]


  • This topic is locked This topic is locked

#1
Ben T

Ben T

    Member

  • Member
  • PipPipPip
  • 128 posts
OTL Extras logfile created on: 5/24/2012 7:27:52 PM - Run 1
OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\Administrator.johnnynorris-PC\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.08 Gb Available Physical Memory | 77.10% Memory free
8.00 Gb Paging File | 6.96 Gb Available in Paging File | 87.01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 198.52 Gb Total Space | 136.32 Gb Free Space | 68.67% Space Free | Partition Type: NTFS
Drive E: | 14.65 Gb Total Space | 8.26 Gb Free Space | 56.41% Space Free | Partition Type: NTFS

Computer Name: JOHNNYNORRIS-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1B850994-E6CF-42F4-8D0D-ADC35F5BC404}" = lport=139 | protocol=6 | dir=in | app=system |
"{22FD1914-67B4-42A8-8E00-FB1FDC5DE90E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2EE21BA5-886A-4143-B1C3-CABCF1CDB7AF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{38413F72-6424-4430-8624-16E0476F6BB4}" = rport=139 | protocol=6 | dir=out | app=system |
"{3B9319E1-B6D7-4514-AE21-F83ADB1C195C}" = rport=137 | protocol=17 | dir=out | app=system |
"{4A26B53B-3340-4076-8E79-71EAA167171B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{52A5DF71-8F81-4CB7-9B88-AA560EF65439}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{548AC074-DBA7-4FC9-88D8-80D06327F979}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{561085FF-B061-492D-A131-2B5EDF50C7B5}" = lport=137 | protocol=17 | dir=in | app=system |
"{61FCDDD2-320A-40D0-9EFC-C547BCF80002}" = lport=2869 | protocol=6 | dir=in | app=system |
"{65CE773C-C3C7-4624-9067-0324750F83EE}" = lport=138 | protocol=17 | dir=in | app=system |
"{6AE8EAA9-B583-43B5-B877-11E29EC87A6B}" = lport=10243 | protocol=6 | dir=in | app=system |
"{9CD0C0D1-0096-43E7-90DB-51B30E04035F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9DECFA74-04D4-42B6-B694-806E94733480}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A35F8E08-7C20-46D6-BF15-7575AB7991E2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B11CF4F4-89C5-495B-82EB-5A185AF56E78}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B2CF2262-70EB-47B5-8CC6-580137EF8EAD}" = rport=138 | protocol=17 | dir=out | app=system |
"{B5A97E4B-A16B-4435-A80F-812291336CBB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C3487857-34CE-492A-9555-B8CA3C868477}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E8A9411E-083A-4E19-9282-7F0F797E749B}" = rport=445 | protocol=6 | dir=out | app=system |
"{E9DAD5A7-4FFA-4A70-9EF2-3ED739FD287D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{EB2C9FE2-5783-48FE-9450-378AED4C02EA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FD328328-D9F3-4E30-A419-204862F8D1DE}" = rport=10243 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02B4FECF-3EE1-4C48-A5D6-355390ED5FEC}" = protocol=58 | dir=in | [email protected],-28545 |
"{21B13855-6464-4115-ACB4-70FBA0F531DA}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{27BE4222-A1B3-43E7-A2FC-12A84B44CB04}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3146303A-04D1-4EB7-8940-55652E77967C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3FBFAA2C-A0A1-49AD-8EC8-791237DA0670}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3FEBFB08-A1F6-4675-9DDF-34C2712C3689}" = protocol=58 | dir=out | [email protected],-28546 |
"{427332DC-1578-4BE4-AEE8-0E2754E47423}" = protocol=1 | dir=in | [email protected],-28543 |
"{500721E7-2955-43D5-9350-85C10E9A5819}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{51C3AF27-FA59-45CD-9226-155EE6F8442F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5BB998AC-3DC3-464A-9D5E-A806F5290C45}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\powerdvd.exe |
"{5D9A65A2-5813-4316-94ED-D20BA0268220}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{61AF0A4A-8E33-4E40-9547-5C3461E03E72}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{654910EB-A05E-4BCE-9395-F549969BCDF4}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{65BE4483-B334-472B-AD27-806D2A1191C5}" = protocol=1 | dir=out | [email protected],-28544 |
"{799FDAE4-3A15-4770-AFCD-4C6E9C071DFF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7A1DB979-5C4C-444C-AD8B-F9A13DDC1E72}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{B13BB935-675A-4F14-B387-E57E35530E26}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BAFA3F06-A3EA-495C-B1C7-AAB667AD05BE}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BCE4B384-6AFF-4E09-BFCE-21F04E9FAE5D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CE9A485F-D631-4FA0-846E-0856B87037F8}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{DE9EAE27-045B-461D-93AB-4AFED9E8DD21}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E070A5B5-DE37-4C75-85C2-6B60EDB9D9F0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F6D31012-9FE6-48A7-B392-E72CF844B910}" = protocol=6 | dir=out | app=system |
"{FA1857F0-C1F4-498D-9F06-90407B8A0E1E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FF812AA1-0720-4EB5-B1D1-E9E6426D9269}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{26A24AE4-039D-4CA4-87B4-2F86417004FF}" = Java™ 7 Update 4 (64-bit)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CANONIJINBOXADDON200" = Canon Inkjet Printer Driver Add-On Module V2.00
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"Speccy" = Speccy

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java™ 7 Update 4
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1" = Panda USB Vaccine 1.0.1.4
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"AI RoboForm" = RoboForm 7-7-7-1 (All Users)
"Dell Webcam Central" = Dell Webcam Central
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Revo Uninstaller" = Revo Uninstaller 1.94
"TeamViewer 7" = TeamViewer 7
"Unlocker" = Unlocker 1.9.1

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

OTL logfile created on: 5/24/2012 7:27:52 PM - Run 1
OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\Administrator.johnnynorris-PC\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.08 Gb Available Physical Memory | 77.10% Memory free
8.00 Gb Paging File | 6.96 Gb Available in Paging File | 87.01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 198.52 Gb Total Space | 136.32 Gb Free Space | 68.67% Space Free | Partition Type: NTFS
Drive E: | 14.65 Gb Total Space | 8.26 Gb Free Space | 56.41% Space Free | Partition Type: NTFS

Computer Name: JOHNNYNORRIS-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/24 19:25:43 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator.johnnynorris-PC\Desktop\OTL.exe
PRC - [2012/04/03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/03/19 04:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2009/09/23 16:45:50 | 001,287,176 | ---- | M] (Panda Security) -- C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
PRC - [2009/06/24 16:21:38 | 000,409,744 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/08/18 02:36:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/05/05 17:33:03 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/03/19 04:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/04/07 23:13:34 | 000,035,840 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 06:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/01 01:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
DRV:64bit: - [2009/08/18 03:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/08 00:45:50 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/15 13:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2010/07/04 12:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4079213164-581088795-4211586276-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-4079213164-581088795-4211586276-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-4079213164-581088795-4211586276-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-4079213164-581088795-4211586276-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1D 59 16 CE FC 39 CD 01 [binary data]
IE - HKU\S-1-5-21-4079213164-581088795-4211586276-500\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-4079213164-581088795-4211586276-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3:64bit: - HKU\S-1-5-21-4079213164-581088795-4211586276-500\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3 - HKU\S-1-5-21-4079213164-581088795-4211586276-500\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [panda2_0dn] reg.exe delete "HKCU\Software\AppDataLow\Software\panda2_0dn" /f File not found
O4 - HKU\.DEFAULT..\RunOnce: [panda2_0dn_XP] reg.exe delete "HKCU\Software\panda2_0dn" /f File not found
O4 - HKU\S-1-5-18..\RunOnce: [panda2_0dn] reg.exe delete "HKCU\Software\AppDataLow\Software\panda2_0dn" /f File not found
O4 - HKU\S-1-5-18..\RunOnce: [panda2_0dn_XP] reg.exe delete "HKCU\Software\panda2_0dn" /f File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-4079213164-581088795-4211586276-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.27.35.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{020162AF-7FBF-47A7-98B3-ABA487723683}: DhcpNameServer = 172.27.35.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/06/04 20:34:12 | 000,000,011 | -HS- | M] () - E:\AUTORUN.INF -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/05/24 19:25:28 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator.johnnynorris-PC\Desktop\OTL.exe
[2012/05/24 19:21:53 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Administrator.johnnynorris-PC\Desktop\aswMBR.exe
[2012/05/24 17:07:05 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\catroot2.old
[2012/05/24 16:40:34 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\catroot2
[2012/05/24 16:00:23 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012/05/24 15:30:30 | 000,000,000 | ---D | C] -- C:\Users\Administrator.johnnynorris-PC\AppData\Roaming\Macromedia
[2012/05/24 15:30:22 | 000,000,000 | ---D | C] -- C:\Users\Administrator.johnnynorris-PC\AppData\Roaming\Adobe
[2012/05/24 14:10:45 | 000,000,000 | R--D | C] -- C:\Users\Administrator.johnnynorris-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/05/24 14:10:45 | 000,000,000 | R--D | C] -- C:\Users\Administrator.johnnynorris-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/05/24 14:10:44 | 000,000,000 | R--D | C] -- C:\Users\Administrator.johnnynorris-PC\Searches
[2012/05/24 14:10:44 | 000,000,000 | -H-D | C] -- C:\Users\Administrator.johnnynorris-PC\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2012/05/24 14:10:34 | 000,000,000 | ---D | C] -- C:\Users\Administrator.johnnynorris-PC\AppData\Roaming\Identities
[2012/05/24 14:10:30 | 000,000,000 | R--D | C] -- C:\Users\Administrator.johnnynorris-PC\Contacts
[2012/05/24 14:10:14 | 000,000,000 | -HSD | C] -- C:\Users\Administrator.johnnynorris-PC\AppData\Local\Temporary Internet Files
[2012/05/24 14:10:14 | 000,000,000 | -HSD | C] -- C:\Users\Administrator.johnnynorris-PC\Templates
[2012/05/24 14:10:14 | 000,000,000 | -HSD | C] -- C:\Users\Administrator.johnnynorris-PC\Start Menu
[2012/05/24 14:10:14 | 000,000,000 | -HSD | C] -- C:\Users\Administrator.johnnynorris-PC\SendTo
[2012/05/24 14:10:14 | 000,000,000 | -HSD | C] -- C:\Users\Administrator.johnnynorris-PC\Recent
[2012/05/24 14:10:14 | 000,000,000 | -HSD | C] -- C:\Users\Administrator.johnnynorris-PC\PrintHood
[2012/05/24 14:10:14 | 000,000,000 | -HSD | C] -- C:\Users\Administrator.johnnynorris-PC\NetHood
[2012/05/24 14:10:14 | 000,000,000 | -HSD | C] -- C:\Users\Administrator.johnnynorris-PC\Documents\My Videos
[2012/05/24 14:10:14 | 000,000,000 | -HSD | C] -- C:\Users\Administrator.johnnynorris-PC\Documents\My Pictures
[2012/05/24 14:10:14 | 000,000,000 | -HSD | C] -- C:\Users\Administrator.johnnynorris-PC\Documents\My Music
[2012/05/24 14:10:14 | 000,000,000 | -HSD | C] -- C:\Users\Administrator.johnnynorris-PC\My Documents
[2012/05/24 14:10:14 | 000,000,000 | -HSD | C] -- C:\Users\Administrator.johnnynorris-PC\Local Settings
[2012/05/24 14:10:14 | 000,000,000 | -HSD | C] -- C:\Users\Administrator.johnnynorris-PC\AppData\Local\History
[2012/05/24 14:10:14 | 000,000,000 | -HSD | C] -- C:\Users\Administrator.johnnynorris-PC\Cookies
[2012/05/24 14:10:14 | 000,000,000 | -HSD | C] -- C:\Users\Administrator.johnnynorris-PC\Application Data
[2012/05/24 14:10:14 | 000,000,000 | -HSD | C] -- C:\Users\Administrator.johnnynorris-PC\AppData\Local\Application Data
[2012/05/24 14:10:13 | 000,000,000 | --SD | C] -- C:\Users\Administrator.johnnynorris-PC\AppData\Roaming\Microsoft
[2012/05/24 14:10:13 | 000,000,000 | R--D | C] -- C:\Users\Administrator.johnnynorris-PC\Videos
[2012/05/24 14:10:13 | 000,000,000 | R--D | C] -- C:\Users\Administrator.johnnynorris-PC\Saved Games
[2012/05/24 14:10:13 | 000,000,000 | R--D | C] -- C:\Users\Administrator.johnnynorris-PC\Pictures
[2012/05/24 14:10:13 | 000,000,000 | R--D | C] -- C:\Users\Administrator.johnnynorris-PC\Music
[2012/05/24 14:10:13 | 000,000,000 | R--D | C] -- C:\Users\Administrator.johnnynorris-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/05/24 14:10:13 | 000,000,000 | R--D | C] -- C:\Users\Administrator.johnnynorris-PC\Links
[2012/05/24 14:10:13 | 000,000,000 | R--D | C] -- C:\Users\Administrator.johnnynorris-PC\Favorites
[2012/05/24 14:10:13 | 000,000,000 | R--D | C] -- C:\Users\Administrator.johnnynorris-PC\Downloads
[2012/05/24 14:10:13 | 000,000,000 | R--D | C] -- C:\Users\Administrator.johnnynorris-PC\Documents
[2012/05/24 14:10:13 | 000,000,000 | R--D | C] -- C:\Users\Administrator.johnnynorris-PC\Desktop
[2012/05/24 14:10:13 | 000,000,000 | R--D | C] -- C:\Users\Administrator.johnnynorris-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/05/24 14:10:13 | 000,000,000 | -H-D | C] -- C:\Users\Administrator.johnnynorris-PC\AppData
[2012/05/24 14:10:13 | 000,000,000 | ---D | C] -- C:\Users\Administrator.johnnynorris-PC\AppData\Local\Temp
[2012/05/24 14:10:13 | 000,000,000 | ---D | C] -- C:\Users\Administrator.johnnynorris-PC\AppData\Roaming\Panda Security
[2012/05/24 14:10:13 | 000,000,000 | ---D | C] -- C:\Users\Administrator.johnnynorris-PC\AppData\Local\Microsoft
[2012/05/24 14:10:13 | 000,000,000 | ---D | C] -- C:\Users\Administrator.johnnynorris-PC\AppData\Roaming\Media Center Programs
[2012/05/24 11:41:33 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2012/05/20 13:32:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2012/05/20 08:35:45 | 000,000,000 | ---D | C] -- C:\b03ba7707ed0b841a1
[2012/05/19 14:30:02 | 000,000,000 | ---D | C] -- C:\1edd458d2337a4b206fe2448e5e745
[2012/05/19 13:50:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Reallusion
[2012/05/19 13:49:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Webcam
[2012/05/19 13:49:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Creative
[2012/05/19 13:48:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dell Webcam
[2012/05/19 13:48:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Creative Live! Cam
[2012/05/19 13:26:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Creative
[2012/05/18 12:54:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Unlocker
[2012/05/18 12:27:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/05/18 12:25:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/05/18 12:25:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012/05/18 11:19:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2012/05/17 18:45:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
[2012/05/17 18:45:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Auslogics
[2012/05/17 18:22:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012/05/17 18:22:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/05/17 18:21:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012/05/17 18:20:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012/05/17 17:57:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/05/17 17:57:29 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/05/17 11:54:40 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
[2012/05/14 17:32:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda Security
[2012/05/14 17:31:27 | 000,000,000 | ---D | C] -- C:\temp
[2012/05/11 13:54:34 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/05/11 13:19:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Canon
[2012/05/07 10:24:11 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark
[2012/05/05 20:00:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2012/05/05 19:51:04 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/05/05 19:03:59 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2012/05/05 19:03:59 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2012/05/05 18:35:29 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2012/05/05 18:34:49 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2012/05/05 17:09:39 | 000,116,224 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll
[2012/05/05 17:08:52 | 000,093,696 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll
[2012/05/05 17:00:23 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/05/05 16:03:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 3.5
[2012/05/05 16:00:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LibreOffice 3.5
[2012/05/05 15:42:26 | 000,000,000 | ---D | C] -- C:\ProgramData\RoboForm
[2012/05/05 15:42:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm
[2012/05/05 15:42:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Siber Systems
[2012/05/05 15:28:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2012/05/05 15:28:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2012/05/05 15:27:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012/05/05 15:21:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia
[2012/05/05 15:10:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/05 15:10:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/05/05 15:10:15 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/05/05 15:10:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/05/05 14:59:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
[2012/05/05 14:59:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
[2012/05/05 14:59:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda USB Vaccine
[2012/05/05 14:32:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2012/05/05 13:45:08 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2012/05/05 11:30:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/05/05 11:29:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/05/05 10:01:46 | 000,035,840 | R--- | C] (Avanquest Software) -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS
[2012/05/05 10:01:40 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2012/05/05 10:00:43 | 000,000,000 | ---D | C] -- C:\Netgear

========== Files - Modified Within 30 Days ==========

[2012/05/24 19:25:43 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator.johnnynorris-PC\Desktop\OTL.exe
[2012/05/24 19:24:58 | 000,000,512 | ---- | M] () -- C:\Users\Administrator.johnnynorris-PC\Desktop\MBR.dat
[2012/05/24 19:22:18 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/24 19:22:18 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/24 19:22:14 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Administrator.johnnynorris-PC\Desktop\aswMBR.exe
[2012/05/24 19:14:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/24 19:14:41 | 3219,955,712 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/24 17:32:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/24 15:30:10 | 000,001,439 | ---- | M] () -- C:\Users\Administrator.johnnynorris-PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/05/24 14:13:24 | 000,001,411 | ---- | M] () -- C:\Users\Administrator.johnnynorris-PC\Desktop\Internet Explorer (64-bit).lnk
[2012/05/23 14:35:46 | 000,782,206 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/05/23 14:35:46 | 000,662,418 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/05/23 14:35:46 | 000,122,214 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/05/18 12:49:19 | 000,776,422 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/05/08 12:07:54 | 000,000,193 | ---- | M] () -- C:\Windows\WORDPAD.INI
[2012/05/05 19:31:36 | 000,274,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/05/05 18:57:32 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/05/05 18:57:27 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012/05/05 14:33:22 | 000,001,164 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk
[2012/05/05 13:43:00 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012/05/05 11:30:56 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif

========== Files Created - No Company Name ==========

[2012/05/24 19:24:58 | 000,000,512 | ---- | C] () -- C:\Users\Administrator.johnnynorris-PC\Desktop\MBR.dat
[2012/05/24 15:30:10 | 000,001,439 | ---- | C] () -- C:\Users\Administrator.johnnynorris-PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/05/24 14:13:24 | 000,001,411 | ---- | C] () -- C:\Users\Administrator.johnnynorris-PC\Desktop\Internet Explorer (64-bit).lnk
[2012/05/24 14:11:38 | 000,001,411 | ---- | C] () -- C:\Users\Administrator.johnnynorris-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012/05/24 14:10:50 | 000,001,445 | ---- | C] () -- C:\Users\Administrator.johnnynorris-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/05/24 14:10:13 | 000,000,290 | ---- | C] () -- C:\Users\Administrator.johnnynorris-PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/05/24 14:10:13 | 000,000,272 | ---- | C] () -- C:\Users\Administrator.johnnynorris-PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/05/19 13:49:41 | 000,024,995 | ---- | C] () -- C:\Windows\SysNative\drivers\FilterPC.jpg
[2012/05/19 13:49:40 | 000,057,656 | ---- | C] () -- C:\Windows\SysNative\drivers\FilterPC.bmp
[2012/05/08 12:07:54 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2012/05/05 18:57:32 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/05/05 18:57:27 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012/05/05 17:11:18 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
[2012/05/05 17:07:52 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml
[2012/05/05 17:07:23 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml
[2012/05/05 17:07:23 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml
[2012/05/05 17:06:48 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml
[2012/05/05 17:00:44 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/05 15:29:07 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/05/05 14:33:22 | 000,001,176 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk
[2012/05/05 14:33:22 | 000,001,164 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk
[2012/05/05 13:43:00 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012/05/05 11:30:56 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/05/05 11:30:38 | 000,001,917 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/05/05 11:30:31 | 000,776,422 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/02/27 14:10:22 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

========== LOP Check ==========

[2012/05/14 17:33:34 | 000,000,000 | ---D | M] -- C:\Users\Administrator.johnnynorris-PC\AppData\Roaming\Panda Security
[2012/05/14 17:33:34 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Panda Security
[2012/05/14 17:33:34 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Panda Security
[2012/05/17 18:45:47 | 000,000,000 | ---D | M] -- C:\Users\johnnynorris\AppData\Roaming\Auslogics
[2012/05/14 17:41:10 | 000,000,000 | ---D | M] -- C:\Users\johnnynorris\AppData\Roaming\Panda Security
[2009/07/13 22:08:49 | 000,025,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011/02/25 23:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows.old.000\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/25 23:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/25 22:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows.old.000\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 22:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 18:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows.old.000\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009/07/13 18:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows.old\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009/07/13 18:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/25 22:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows.old.000\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2011/02/25 22:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/30 22:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows.old.000\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2009/10/30 22:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/25 22:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows.old.000\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 22:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows.old.000\Windows\explorer.exe
[2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows.old.000\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/25 23:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows.old.000\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2011/02/25 23:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 05:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows.old.000\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010/11/20 05:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/02 23:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows.old.000\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2010/01/16 14:25:39 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009/08/02 23:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows.old.000\Windows\SysWOW64\explorer.exe
[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows.old.000\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2011/08/10 15:54:34 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=9880F8FADFF45A0175E0BBDFD9D31F5B -- C:\Windows.old.000\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TuneUp Software\TuneUp Utilities 2012\WinStyler\VisualStyles\Explorer\x64\SMALL\Explorer.exe
[2011/08/10 15:54:34 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=9880F8FADFF45A0175E0BBDFD9D31F5B -- C:\Windows.old.000\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\TuneUp Software\TuneUp Utilities 2012\WinStyler\VisualStyles\Explorer\x64\SMALL\Explorer.exe
[2011/08/10 15:54:34 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=9880F8FADFF45A0175E0BBDFD9D31F5B -- C:\Windows.old.000\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\TuneUp Software\TuneUp Utilities 2012\WinStyler\VisualStyles\Explorer\x64\SMALL\Explorer.exe
[2011/08/10 15:54:34 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=9880F8FADFF45A0175E0BBDFD9D31F5B -- C:\Windows.old.000\Documents and Settings\All Users\Application Data\Application Data\Application Data\TuneUp Software\TuneUp Utilities 2012\WinStyler\VisualStyles\Explorer\x64\SMALL\Explorer.exe
[2011/08/10 15:54:34 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=9880F8FADFF45A0175E0BBDFD9D31F5B -- C:\Windows.old.000\Documents and Settings\All Users\Application Data\Application Data\TuneUp Software\TuneUp Utilities 2012\WinStyler\VisualStyles\Explorer\x64\SMALL\Explorer.exe
[2011/08/10 15:54:34 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=9880F8FADFF45A0175E0BBDFD9D31F5B -- C:\Windows.old.000\Documents and Settings\All Users\Application Data\TuneUp Software\TuneUp Utilities 2012\WinStyler\VisualStyles\Explorer\x64\SMALL\Explorer.exe
[2011/08/10 15:54:34 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=9880F8FADFF45A0175E0BBDFD9D31F5B -- C:\Windows.old.000\Documents and Settings\All Users\TuneUp Software\TuneUp Utilities 2012\WinStyler\VisualStyles\Explorer\x64\SMALL\Explorer.exe
[2011/08/10 15:54:34 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=9880F8FADFF45A0175E0BBDFD9D31F5B -- C:\Windows.old.000\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TuneUp Software\TuneUp Utilities 2012\WinStyler\VisualStyles\Explorer\x64\SMALL\Explorer.exe
[2011/08/10 15:54:34 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=9880F8FADFF45A0175E0BBDFD9D31F5B -- C:\Windows.old.000\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TuneUp Software\TuneUp Utilities 2012\WinStyler\VisualStyles\Explorer\x64\SMALL\Explorer.exe
[2011/08/10 15:54:34 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=9880F8FADFF45A0175E0BBDFD9D31F5B -- C:\Windows.old.000\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TuneUp Software\TuneUp Utilities 2012\WinStyler\VisualStyles\Explorer\x64\SMALL\Explorer.exe
[2011/08/10 15:54:34 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=9880F8FADFF45A0175E0BBDFD9D31F5B -- C:\Windows.old.000\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\TuneUp Software\TuneUp Utilities 2012\WinStyler\VisualStyles\Explorer\x64\SMALL\Explorer.exe
[2011/08/10 15:54:34 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=9880F8FADFF45A0175E0BBDFD9D31F5B -- C:\Windows.old.000\ProgramData\Application Data\Application Data\Application Data\Application Data\TuneUp Software\TuneUp Utilities 2012\WinStyler\VisualStyles\Explorer\x64\SMALL\Explorer.exe
[2011/08/10 15:54:34 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=9880F8FADFF45A0175E0BBDFD9D31F5B -- C:\Windows.old.000\ProgramData\Application Data\Application Data\Application Data\TuneUp Software\TuneUp Utilities 2012\WinStyler\VisualStyles\Explorer\x64\SMALL\Explorer.exe
[2011/08/10 15:54:34 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=9880F8FADFF45A0175E0BBDFD9D31F5B -- C:\Windows.old.000\ProgramData\Application Data\Application Data\TuneUp Software\TuneUp Utilities 2012\WinStyler\VisualStyles\Explorer\x64\SMALL\Explorer.exe
[2011/08/10 15:54:34 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=9880F8FADFF45A0175E0BBDFD9D31F5B -- C:\Windows.old.000\ProgramData\Application Data\TuneUp Software\TuneUp Utilities 2012\WinStyler\VisualStyles\Explorer\x64\SMALL\Explorer.exe
[2011/08/10 15:54:34 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=9880F8FADFF45A0175E0BBDFD9D31F5B -- C:\Windows.old.000\ProgramData\TuneUp Software\TuneUp Utilities 2012\WinStyler\VisualStyles\Explorer\x64\SMALL\Explorer.exe
[2011/08/10 15:54:34 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=9880F8FADFF45A0175E0BBDFD9D31F5B -- C:\Windows.old.000\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TuneUp Software\TuneUp Utilities 2012\WinStyler\VisualStyles\Explorer\x64\SMALL\Explorer.exe
[2011/08/10 15:54:34 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=9880F8FADFF45A0175E0BBDFD9D31F5B -- C:\Windows.old.000\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TuneUp Software\TuneUp Utilities 2012\WinStyler\VisualStyles\Explorer\x64\SMALL\Explorer.exe
[2011/08/10 15:54:34 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=9880F8FADFF45A0175E0BBDFD9D31F5B -- C:\Windows.old.000\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\TuneUp Software\TuneUp Utilities 2012\WinStyler\VisualStyles\Explorer\x64\SMALL\Explorer.exe
[2011/08/10 15:54:34 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=9880F8FADFF45A0175E0BBDFD9D31F5B -- C:\Windows.old.000\Users\All Users\Application Data\Application Data\Application Data\Application Data\TuneUp Software\TuneUp Utilities 2012\WinStyler\VisualStyles\Explorer\x64\SMALL\Explorer.exe
[2011/08/10 15:54:34 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=9880F8FADFF45A0175E0BBDFD9D31F5B -- C:\Windows.old.000\Users\All Users\Application Data\Application Data\Application Data\TuneUp Software\TuneUp Utilities 2012\WinStyler\VisualStyles\Explorer\x64\SMALL\Explorer.exe
[2011/08/10 15:54:34 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=9880F8FADFF45A0175E0BBDFD9D31F5B -- C:\Windows.old.000\Users\All Users\Application Data\Application Data\TuneUp Software\TuneUp Utilities 2012\WinStyler\VisualStyles\Explorer\x64\SMALL\Explorer.exe
[2011/08/10 15:54:34 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=9880F8FADFF45A0175E0BBDFD9D31F5B -- C:\Windows.old.000\Users\All Users\Application Data\TuneUp Software\TuneUp Utilities 2012\WinStyler\VisualStyles\Explorer\x64\SMALL\Explorer.exe
[2011/08/10 15:54:34 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=9880F8FADFF45A0175E0BBDFD9D31F5B -- C:\Windows.old.000\Users\All Users\TuneUp Software\TuneUp Utilities 2012\WinStyler\VisualStyles\Explorer\x64\SMALL\Explorer.exe
[2009/10/30 23:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows.old.000\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/10/30 23:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/02 22:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows.old.000\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/01/16 14:25:39 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows.old\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2009/08/02 22:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 06:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows.old.000\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2010/11/20 06:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2011/08/10 15:54:34 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B29FCEEBEE938506FB23B8A9CE898B9C -- C:\Windows.old.000\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TuneUp Software\TuneUp Utilities 2012\WinStyler\VisualStyles\Explorer\x86\BIG\Explorer.exe
[2011/08/10 15:54:34 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B29FCEEBEE938506FB23B8A9CE898B9C -- C:\Windows.old.000\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\TuneUp Software\TuneUp Utilities 2012\WinStyler\VisualStyles\Explorer\x86\BIG\Explorer.exe
[2011/08/10 15:54:34 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B29FCEEBEE938506FB23B8A9CE898B9C -- C:\Windows.old.000\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\TuneUp Software\TuneUp Utilities 2012\WinStyler\VisualStyles\Explorer\x86\BIG\Explorer.exe
[2011/08/10 15:54:34 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B29FCEEBEE938506FB23B8A9CE898B9C -- C:\Windows.old.000\Documents and Settings\All Users\Application Data\Application Data\Application Data\TuneUp Software\TuneUp Utilities 2012\WinStyler\VisualStyles\Explorer\x86\BIG\Explorer.exe
[2011/08/10 15:54:34 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B29FCEEBEE938506FB23B8A9CE898B9C -- C:\Windows.old.000\Documents and Settings\All Users\Application Data\Application Data\TuneUp Software\TuneUp Utilities 2012\WinStyler\VisualStyles\Explorer\x86\BIG\Explorer.exe
[2011/08/10 15:54:34 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B29FCEEBEE938506FB23B8A9CE898B9C -- C:\Windows.old.000\Documents and Settings\All Users\Application Data\TuneUp Software\TuneUp Utilities 2012\WinStyler\VisualStyles\Explorer\x86\BIG\Explorer.exe
[2011/08/10 15:54:34 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B29FCEEBEE938506FB23B8A9CE898B9C -- C:\Windows.old.000\Documents and Settings\All Users\TuneUp Software\TuneUp Utilities 2012\WinStyler\VisualStyles\Explorer\x86\BIG\Explorer.exe
[2011/08/10 15:54:34 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B29FCEEBEE938506FB23B8A9CE898B9C -- C:\Windows.old.000\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TuneUp Software\TuneUp Utilities 2012\WinStyler\VisualStyles\Explorer\x86\BIG\Explorer.exe
[2011/08/10 15:54:34 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B29FCEEBEE938506FB23B8A9CE898B9C -- C:\Windows.old.000\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TuneUp Software\TuneUp Utilities 2012\WinStyler\VisualStyles\Explorer\x86\BIG\Explorer.exe
[2011/08/10 15:54:34 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B29FCEEBEE938506FB23B8A9CE898B9C -- C:\Windows.old.000\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TuneUp Software\TuneUp Utilities 2012\WinStyler\VisualStyles\Explorer\x86\BIG\Explorer.exe
[2011/08/10 15:54:34 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B29FCEEBEE938506FB23B8A9CE898B9C -- C:\Windows.old.000\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\TuneUp Software\TuneUp Utilities 2012\WinStyler\VisualStyles\Explorer\x86\BIG\Explorer.exe
[2011/08/10 15:54:34 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B29FCEEBEE938506FB23B8A9CE898B9C -- C:\Windows.old.000\ProgramData\Application Data\Application Data\Application Data\Application Data\TuneUp Software\TuneUp Utilities 2012\WinStyler\VisualStyles\Explorer\x86\BIG\Explorer.exe
[2011/08/10 15:54:34 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B29FCEEBEE938506FB23B8A9CE898B9C -- C:\Windows.old.000\ProgramData\Application Data\Application Data\Application Data\TuneUp Software\TuneUp Utilities 2012\WinStyler\VisualStyles\Explorer\x86\BIG\Explorer.exe
[2011/08/10 15:54:34 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B29FCEEBEE938506FB23B8A9CE898B9C -- C:\Windows.old.000\ProgramData\Application Data\Application Data\TuneUp Software\TuneUp Utilities 2012\WinStyler\VisualStyles\Explorer\x86\BIG\Explorer.exe
[2011/08/10 15:54:34 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B29FCEEBEE938506FB23B8A9CE898B9C -- C:\Windows.old.000\ProgramData\Application Data\TuneUp Software\TuneUp Utilities 2012\WinStyler\VisualStyles\Explorer\x86\BIG\Explorer.exe
[2011/08/10 15:54:34 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B29FCEEBEE938506FB23B8A9CE898B9C -- C:\Windows.old.000\ProgramData\TuneUp Software\TuneUp Utilities 2012\WinStyler\VisualStyles\Explorer\x86\BIG\Explorer.exe
[2011/08/10 15:54:34 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B29FCEEBEE938506FB23B8A9CE898B9C -- C:\Windows.old.000\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TuneUp Software\TuneUp Utilities 2012\WinStyler\VisualStyles\Explorer\x86\BIG\Explorer.exe
[2011/08/10 15:54:34 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B29FCEEBEE938506FB23B8A9CE898B9C -- C:\Windows.old.000\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TuneUp Software\TuneUp Utilities 2012\WinStyler\VisualStyles\Explorer\x86\BIG\Explorer.exe
[2011/08/10 15:54:34 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B29FCEEBEE938506FB23B8A9CE898B9C -- C:\Windows.old.000\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\TuneUp Software\TuneUp Utilities 2012\WinStyler\VisualStyles\Explorer\x86\BIG\Explorer.exe
[2011/08/10 15:54:34 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B29FCEEBEE938506FB23B8A9CE898B9C -- C:\Windows.old.000\Users\All Users\Application Data\Application Data\Application Data\Application Data\TuneUp Software\TuneUp Utilities 2012\WinStyler\VisualStyles\Explorer\x86\BIG\Explorer.exe
[2011/08/10 15:54:34 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B29FCEEBEE938506FB23B8A9CE898B9C -- C:\Windows.old.000\Users\All Users\Application Data\Application Data\Application Data\TuneUp Software\TuneUp Utilities 2012\WinStyler\VisualStyles\Explorer\x86\BIG\Explorer.exe
[2011/08/10 15:54:34 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B29FCEEBEE938506FB23B8A9CE898B9C -- C:\Windows.old.000\Users\All Users\Application Data\Application Data\TuneUp Software\TuneUp Utilities 2012\WinStyler\VisualStyles\Explorer\x86\BIG\Explorer.exe
[2011/08/10 15:54:34 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B29FCEEBEE938506FB23B8A9CE898B9C -- C:\Windows.old.000\Users\All Users\Application Data\TuneUp Software\TuneUp Utilities 2012\WinStyler\VisualStyles\Explorer\x86\BIG\Explorer.exe
[2011/08/10 15:54:34 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B29FCEEBEE938506FB23B8A9CE898B9C -- C:\Windows.old.000\Users\All Users\TuneUp Software\TuneUp Utilities 2012\WinStyler\VisualStyles\Explorer\x86\BIG\Explorer.exe
[2011/08/10 15:54:32 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=B6365B1E0EB9191ED4D916B2A94EBA67 -- C:\Windows.old.000\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TuneUp Software\TuneUp Utilities 2012\WinStyler\VisualStyles\Explorer\x64\BIG\Explorer.exe
[2011/08/10 15:54:32 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=B6365B1E0EB9191ED4D916B2A94EBA67 -- C:\Windows.old.000\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\TuneUp Software\TuneUp Utilities 2012\WinStyler\VisualStyles\Explorer\x64\BIG\Explorer.exe
[2011/08/10 15:54:32 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=B6365B1E0EB9191ED4D916B2A94EBA67 -- C:\Windows.old.000\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\TuneUp Software\TuneUp Utilities 2012\WinStyler\VisualStyles\Explorer\x64\BIG\Explorer.exe
[2011/08/10 15:54:32 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=B6365B1E0EB9191ED4D916B2A94EBA67 -- C:\Windows.old.000\Documents and Settings\All Users\Application Data\Application Data\Application Data\TuneUp Software\TuneUp Utilities 2012\WinStyler\VisualStyles\Explorer\x64\BIG\Explorer.exe
[2011/08/10 15:54:32 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=B6365B1E0EB9191ED4D916B2A94EBA67 -- C:\Windows.old.000\Documents and Settings\All Users\Application Data\Application Data\TuneUp Software\TuneUp Utilities 2012\WinStyler\VisualStyles\Explorer\x64\BIG\Explorer.exe
[2011/08/10 15:54:32 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=B6365B1E0EB9191ED4D916B2A94EBA67 -- C:\Windows.old.000\Documents and Settings\All Users\Application Data\TuneUp Software\TuneUp Utilities 2012\WinStyler\VisualStyles\Explorer\x64\BIG\Explorer.exe
[2011/08/10 15:54:32 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=B6365B1E0EB9191ED4D916B2A94EBA67 -- C:\Windows.old.000\Documents and Settings\All Users\TuneUp Software\TuneUp Utilities 2012\WinStyler\VisualStyles\Explorer\x64\BIG\Explorer.exe
[2011/08/10 15:54:32 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=B6365B1E0EB9191ED4D916B2A94EBA67 -- C:\Windows.old.000\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TuneUp Software\TuneUp Utilities 2012\WinStyler\VisualStyles\Explorer\x64\BIG\Explorer.exe
[2011/08/10 15:54:32 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=B6365B1E0EB9191ED4D916B2A94EBA67 -- C:\Windows.old.000\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TuneUp Software\TuneUp Utilities 2012\WinStyler\VisualStyles\Explorer\x64\BIG\Explorer.exe
[2011/08/10 15:54:32 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=B6365B1E0EB9191ED4D916B2A94EBA67 -- C:\Windows.old.000\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TuneUp Software\TuneUp Utilities 2012\WinStyler\VisualStyles\Explorer\x64\BIG\Explorer.exe
[2011/08/10 15:54:32 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=B6365B1E0EB9191ED4D916B2A94EBA67 -- C:\Windows.old.000\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\TuneUp Software\TuneUp Utilities 2012\WinStyler\VisualStyles\Explorer\x64\BIG\Explorer.exe
[2011/08/10 15:54:32 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=B6365B1E0EB9191ED4D916B2A94EBA67 -- C:\Windows.old.000\ProgramData\Application Data\Application Data\Application Data\Application Data\TuneUp Software\TuneUp Utilities 2012\WinStyler\VisualStyles\Explorer\x64\BIG\Explorer.exe
[2011/08/10 15:54:32 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=B6365B1E0EB9191ED4D916B2A94EBA67 -- C:\Windows.old.000\ProgramData\Application Data\Application Data\Application Data\TuneUp Software\TuneUp Utilities 2012\WinStyler\VisualStyles\Explorer\x64\BIG\Explorer.exe
[2011/08/10 15:54:32 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=B6365B1E0EB9191ED4D916B2A94EBA67 -- C:\Windows.old.000\ProgramData\Application Data\Application Data\TuneUp Software\TuneUp Utilities 2012\WinStyler\VisualStyles\Explorer\x64\BIG\Explorer.exe
[2011/08/10 15:54:32 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=B6365B1E0EB9191ED4D916B2A94EBA67 -- C:\Windows.old.000\ProgramData\Application Data\TuneUp Software\TuneUp Utilities 2012\WinStyler\VisualStyles\Explorer\x64\BIG\Explorer.exe
[2011/08/10 15:54:32 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=B6365B1E0EB9191ED4D916B2A94EBA67 -- C:\Windows.old.000\ProgramData\TuneUp Software\TuneUp Utilities 2012\WinStyler\VisualStyles\Explorer\x64\BIG\Explorer.exe
[2011/08/10 15:54:32 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=B6365B1E0EB9191ED4D916B2A94EBA67 -- C:\Windows.old.000\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TuneUp Software\TuneUp Utilities 2012\WinStyler\VisualStyles\Explorer\x64\BIG\Explorer.exe
[2011/08/10 15:54:32 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=B6365B1E0EB9191ED4D916B2A94EBA67 -- C:\Windows.old.000\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TuneUp Software\TuneUp Utilities 2012\WinStyler\VisualStyles\Explorer\x64\BIG\Explorer.exe
[2011/08/10 15:54:32 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=B6365B1E0EB9191ED4D916B2A94EBA67 -- C:\Windows.old.000\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\TuneUp Software\TuneUp Utilities 2012\WinStyler\VisualStyles\Explorer\x64\BIG\Explorer.exe
[2011/08/10 15:54:32 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=B6365B1E0EB9191ED4D916B2A94EBA67 -- C:\Windows.old.000\Users\All Users\Application Data\Application Data\Application Data\Application Data\TuneUp Software\TuneUp Utilities 2012\WinStyler\VisualStyles\Explorer\x64\BIG\Explorer.exe
[2011/08/10 15:54:32 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=B6365B1E0EB9191ED4D916B2A94EBA67 -- C:\Windows.old.000\Users\All Users\Application Data\Application Data\Application Data\TuneUp Software\TuneUp Utilities 2012\WinStyler\VisualStyles\Explorer\x64\BIG\Explorer.exe
[2011/08/10 15:54:32 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=B6365B1E0EB9191ED4D916B2A94EBA67 -- C:\Windows.old.000\Users\All Users\Application Data\Application Data\TuneUp Software\TuneUp Utilities 2012\WinStyler\VisualStyles\Explorer\x64\BIG\Explorer.exe
[2011/08/10 15:54:32 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=B6365B1E0EB9191ED4D916B2A94EBA67 -- C:\Windows.old.000\Users\All Users\Application Data\TuneUp Software\TuneUp Utilities 2012\WinStyler\VisualStyles\Explorer\x64\BIG\Explorer.exe
[2011/08/10 15:54:32 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=B6365B1E0EB9191ED4D916B2A94EBA67 -- C:\Windows.old.000\Users\All Users\TuneUp Software\TuneUp Utilities 2012\WinStyler\VisualStyles\Explorer\x64\BIG\Explorer.exe
[2009/10/30 23:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows.old.000\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/10/30 23:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/02 22:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows.old.000\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2010/01/16 14:25:39 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows.old\Windows\SysWOW64\explorer.exe
[2010/01/16 14:25:39 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows.old\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/08/02 22:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 18:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows.old.000\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/07/13 18:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/07/13 18:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/30 23:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows.old.000\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009/10/30 23:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/08/10 15:54:36 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=D1FA2634386B7E4E96CFFB9063EE6833 -- C:\Windows.old.000\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TuneUp Software\TuneUp Utilities 2012\WinStyler\VisualStyles\Explorer\x86\SMALL\Explorer.exe
[2011/08/10 15:54:36 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=D1FA2634386B7E4E96CFFB9063EE6833 -- C:\Windows.old.000\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\TuneUp Software\TuneUp Utilities 2012\WinStyler\VisualStyles\Explorer\x86\SMALL\Explorer.exe
[2011/08/10 15:54:36 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=D1FA2634386B7E4E96CFFB9063EE6833 -- C:\Windows.old.000\Documents and Settings\All Users\Application Data\Application Data\Application Data\Application Data\TuneUp Software\TuneUp Utilities 2012\WinStyler\VisualStyles\Explorer\x86\SMALL\Explorer.exe
[2011/08/10 15:54:36 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=D1FA2634386B7E4E96CFFB9063EE6833 -- C:\Windows.old.000\Documents and Settings\All Users\Application Data\Application Data\Application Data\TuneUp Software\TuneUp Utilities 2012\WinStyler\VisualStyles\Explorer\x86\SMALL\Explorer.exe
[2011/08/10 15:54:36 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=D1FA2634386B7E4E96CFFB9063EE6833 -- C:\Windows.old.000\Documents and Settings\All Users\Application Data\Application Data\TuneUp Software\TuneUp Utilities 2012\WinStyler\VisualStyles\Explorer\x86\SMALL\Explorer.exe
[2011/08/10 15:54:36 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=D1FA2634386B7E4E96CFFB9063EE6833 -- C:\Windows.old.000\Documents and Settings\All Users\Application Data\TuneUp Software\TuneUp Utilities 2012\WinStyler\VisualStyles\Explorer\x86\SMALL\Explorer.exe
[2011/08/10 15:54:36 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=D1FA2634386B7E4E96CFFB9063EE6833 -- C:\Windows.old.000\Documents and Settings\All Users\TuneUp Software\TuneUp Utilities 2012\WinStyler\VisualStyles\Explorer\x86\SMALL\Explorer.exe
[2011/08/10 15:54:36 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=D1FA2634386B7E4E96CFFB9063EE6833 -- C:\Windows.old.000\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TuneUp Software\TuneUp Utilities 2012\WinStyler\VisualStyles\Explorer\x86\SMALL\Explorer.exe
[2011/08/10 15:54:36 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=D1FA2634386B7E4E96CFFB9063EE6833 -- C:\Windows.old.000\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TuneUp Software\TuneUp Utilities 2012\WinStyler\VisualStyles\Explorer\x86\SMALL\Explorer.exe
[2011/08/10 15:54:36 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=D1FA2634386B7E4E96CFFB9063EE6833 -- C:\Windows.old.000\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TuneUp Software\TuneUp Utilities 2012\WinStyler\VisualStyles\Explorer\x86\SMALL\Explorer.exe
[2011/08/10 15:54:36 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=D1FA2634386B7E4E96CFFB9063EE6833 -- C:\Windows.old.000\ProgramData\Application Data\Application Data\Application Data\Application Data\Application Data\TuneUp Software\TuneUp Utilities 2012\WinStyler\VisualStyles\Explorer\x86\SMALL\Explorer.exe
[2011/08/10 15:54:36 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=D1FA2634386B7E4E96CFFB9063EE6833 -- C:\Windows.old.000\ProgramData\Application Data\Application Data\Application Data\Application Data\TuneUp Software\TuneUp Utilities 2012\WinStyler\VisualStyles\Explorer\x86\SMALL\Explorer.exe
[2011/08/10 15:54:36 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=D1FA2634386B7E4E96CFFB9063EE6833 -- C:\Windows.old.000\ProgramData\Application Data\Application Data\Application Data\TuneUp Software\TuneUp Utilities 2012\WinStyler\VisualStyles\Explorer\x86\SMALL\Explorer.exe
[2011/08/10 15:54:36 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=D1FA2634386B7E4E96CFFB9063EE6833 -- C:\Windows.old.000\ProgramData\Application Data\Application Data\TuneUp Software\TuneUp Utilities 2012\WinStyler\VisualStyles\Explorer\x86\SMALL\Explorer.exe
[2011/08/10 15:54:36 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=D1FA2634386B7E4E96CFFB9063EE6833 -- C:\Windows.old.000\ProgramData\Application Data\TuneUp Software\TuneUp Utilities 2012\WinStyler\VisualStyles\Explorer\x86\SMALL\Explorer.exe
[2011/08/10 15:54:36 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=D1FA2634386B7E4E96CFFB9063EE6833 -- C:\Windows.old.000\ProgramData\TuneUp Software\TuneUp Utilities 2012\WinStyler\VisualStyles\Explorer\x86\SMALL\Explorer.exe
[2011/08/10 15:54:36 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=D1FA2634386B7E4E96CFFB9063EE6833 -- C:\Windows.old.000\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TuneUp Software\TuneUp Utilities 2012\WinStyler\VisualStyles\Explorer\x86\SMALL\Explorer.exe
[2011/08/10 15:54:36 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=D1FA2634386B7E4E96CFFB9063EE6833 -- C:\Windows.old.000\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\TuneUp Software\TuneUp Utilities 2012\WinStyler\VisualStyles\Explorer\x86\SMALL\Explorer.exe
[2011/08/10 15:54:36 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=D1FA2634386B7E4E96CFFB9063EE6833 -- C:\Windows.old.000\Users\All Users\Application Data\Application Data\Application Data\Application Data\Application Data\TuneUp Software\TuneUp Utilities 2012\WinStyler\VisualStyles\Explorer\x86\SMALL\Explorer.exe
[2011/08/10 15:54:36 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=D1FA2634386B7E4E96CFFB9063EE6833 -- C:\Windows.old.000\Users\All Users\Application Data\Application Data\Application Data\Application Data\TuneUp Software\TuneUp Utilities 2012\WinStyler\VisualStyles\Explorer\x86\SMALL\Explorer.exe
[2011/08/10 15:54:36 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=D1FA2634386B7E4E96CFFB9063EE6833 -- C:\Windows.old.000\Users\All Users\Application Data\Application Data\Application Data\TuneUp Software\TuneUp Utilities 2012\WinStyler\VisualStyles\Explorer\x86\SMALL\Explorer.exe
[2011/08/10 15:54:36 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=D1FA2634386B7E4E96CFFB9063EE6833 -- C:\Windows.old.000\Users\All Users\Application Data\Application Data\TuneUp Software\TuneUp Utilities 2012\WinStyler\VisualStyles\Explorer\x86\SMALL\Explorer.exe
[2011/08/10 15:54:36 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=D1FA2634386B7E4E96CFFB9063EE6833 -- C:\Windows.old.000\Users\All Users\Application Data\TuneUp Software\TuneUp Utilities 2012\WinStyler\VisualStyles\Explorer\x86\SMALL\Explorer.exe
[2011/08/10 15:54:36 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=D1FA2634386B7E4E96CFFB9063EE6833 -- C:\Windows.old.000\Users\All Users\TuneUp Software\TuneUp Utilities 2012\WinStyler\VisualStyles\Explorer\x86\SMALL\Explorer.exe
[2011/02/25 23:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows.old.000\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2011/02/25 23:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/02 23:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows.old.000\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[2010/01/16 14:25:39 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows.old\Windows\explorer.exe
[2010/01/16 14:25:39 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[2009/08/02 23:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: SVCHOST.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows.old.000\Windows\SysWOW64\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows.old.000\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows.old\Windows\SysWOW64\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 18:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows.old.000\Windows\System32\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows.old.000\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows.old\Windows\System32\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 18:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows.old.000\Windows\SysWOW64\userinit.exe
[2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows.old.000\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 18:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows.old.000\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 18:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows.old\Windows\SysWOW64\userinit.exe
[2009/07/13 18:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 18:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 18:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows.old.000\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2009/07/13 18:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows.old\Windows\System32\userinit.exe
[2009/07/13 18:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2009/07/13 18:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 06:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows.old.000\Windows\System32\userinit.exe
[2010/11/20 06:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows.old.000\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
[2010/11/20 06:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 06:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010/11/20 06:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows.old.000\Windows\System32\winlogon.exe
[2010/11/20 06:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows.old.000\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2010/11/20 06:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 06:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 18:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows.old.000\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/07/13 18:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows.old\Windows\System32\winlogon.exe
[2009/07/13 18:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows.old\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/07/13 18:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 00:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows.old.000\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 00:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/27 23:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows.old.000\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
[2009/10/27 23:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >
"DisplayName" = @%SystemRoot%\system32\drivers\netbt.sys,-2
"Group" = PNP_TDI
"ImagePath" = System32\DRIVERS\netbt.sys
"Description" = @%SystemRoot%\system32\drivers\netbt.sys,-1
"ErrorControl" = 1
"Start" = 1
"Type" = 1
"DependOnService" = Tdxtcpip [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage]
"OtherDependencies" = Tcpip [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters]
"BcastNameQueryCount" = 3
"BcastQueryTimeout" = 750
"CacheTimeout" = 600000
"EnableLMHOSTS" = 1
"NameServerPort" = 137
"NameSrvQueryCount" = 3
"NameSrvQueryTimeout" = 1500
"NbProvider" = _tcp
"SessionKeepAlive" = 3600000
"Size/Small/Medium/Large" = 1
"TransportBindName" = \Device\
"UseNewSmb" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{020162AF-7FBF-47A7-98B3-ABA487723683}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{F8FA1941-2768-4D31-B4CC-AE67CE0B13BA}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Enum]
"0" = Root\LEGACY_NETBT\0000
"Count" = 1
"NextInstance" = 1

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >
"Type" = 2
"Start" = 1
"ErrorControl" = 1
"Tag" = 2
"ImagePath" = system32\DRIVERS\netbios.sys
"DisplayName" = NetBIOS Interface
"Group" = NetBIOSGroup
"Description" = NetBIOS Interface
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage]
"LanaMap" = 01 00 01 01 01 04 01 06 01 03 01 02 [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters]
"MaxLana" = 6
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Enum]
"0" = Root\LEGACY_NETBIOS\0000
"Count" = 1
"NextInstance" = 1

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2012/05/05 18:57:32 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2012/05/05 18:57:32 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2012/05/05 18:57:32 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2012/05/05 18:57:34 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2012/05/05 18:57:34 | 000,748,336 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2012/05/05 18:57:27 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2012/05/05 18:57:27 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2012/05/05 18:57:27 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2012/05/05 18:57:34 | 000,748,336 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2012/05/05 18:57:34 | 000,748,336 | ---- | M] (Microsoft Corporation)

< C:\Windows\assembly\tmp\U\*.* /s >

< C:\Program Files\Common Files\ComObjects\*.* /s >

< C:\windows\*. /RP /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< type c:\diskreport.txt /c >
Microsoft DiskPart version 6.1.7601
Copyright © 1999-2008 Microsoft Corporation.
On computer: JOHNNYNORRIS-PC
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 D DVD-ROM 0 B No Media
Volume 1 E RECOVERY NTFS Partition 14 GB Healthy System
Volume 2 C OS NTFS Partition 198 GB Healthy Boot

< End of report >

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-24 19:22:14
-----------------------------
19:22:14.646 OS Version: Windows x64 6.1.7601 Service Pack 1
19:22:14.646 Number of processors: 2 586 0x301
19:22:14.646 ComputerName: JOHNNYNORRIS-PC UserName: Administrator
19:22:17.969 Initialize success
19:22:54.714 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
19:22:54.714 Disk 0 Vendor: ST9250315AS 0003DEM1 Size: 238475MB BusType: 3
19:22:54.729 Disk 0 MBR read successfully
19:22:54.745 Disk 0 MBR scan
19:22:54.745 Disk 0 Windows 7 default MBR code
19:22:54.761 Disk 0 Partition 1 00 DE Dell Utility MSDOS5.0 39 MB offset 63
19:22:54.776 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 81920
19:22:54.792 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 203280 MB offset 30801920
19:22:54.792 Disk 0 Partition - 00 05 Extended 20154 MB offset 447121406
19:22:54.823 Disk 0 Partition 4 00 83 Linux 16060 MB offset 447121408
19:22:54.823 Disk 0 Partition - 00 05 Extended 4094 MB offset 480012288
19:22:54.901 Disk 0 scanning C:\Windows\system32\drivers
19:23:05.010 Service scanning
19:23:30.032 Modules scanning
19:23:30.563 Disk 0 trace - called modules:
19:23:30.594 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
19:23:30.609 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004862060]
19:23:30.625 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> [0xfffffa80043a3810]
19:23:30.641 5 ACPI.sys[fffff88000e727a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80043ac060]
19:23:30.656 Scan finished successfully
19:24:58.609 Disk 0 MBR has been saved successfully to "C:\Users\Administrator.johnnynorris-PC\Desktop\MBR.dat"
19:24:58.625 The log file has been saved successfully to "C:\Users\Administrator.johnnynorris-PC\Desktop\aswMBR log.txt"
  • 0

Advertisements


#2
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
I will take a look and be back later this evening or early tomorrow morning.

CompCav
  • 0

#3
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
No evidence of malware but it looks iike your event logs are not working properly.


Step 1.

Clear Event Logs

  • Click the Start Orb
  • Right click on Computer and click on Manage
  • Click (Continue) on the UAC screen. The Computer Management window will come up.
    Posted Image
  • In the left side column of the window click the arrow beside Event Viewer. .
  • Click the arrow beside Windows Logs
  • Right click on Application and click Clear Log
  • Right click on System and click Clear Log
  • Close the Computer Management window and Reboot.


Step 2.

1. Please download the Event Viewer Tool by Vino Rosso
Vew
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning



Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log.


In your next reply then repeat but select Application.

1. Under 'Select log to query', select:

* Application
2. Under 'Select type to list', select:
* Error
* Warning



Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.

Please post the Output log.
  • 0

#4
Ben T

Ben T

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 128 posts
Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 24/05/2012 9:04:58 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 25/05/2012 4:00:46 AM
Type: Error Category: 42
Event: 43029 Source: atikmdag
Display is not active

Log: 'System' Date/Time: 25/05/2012 4:00:46 AM
Type: Error Category: 51
Event: 52236 Source: atikmdag
CPLIB :: General - Invalid Parameter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 25/05/2012 4:00:42 AM
Type: Warning Category: 0
Event: 1 Source: RTL8167
Realtek PCIe FE Family Controller is disconnected from network.

Log: 'System' Date/Time: 25/05/2012 4:00:08 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 24/05/2012 9:08:34 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

#5
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
OK please reboot the computer and run the two VEW logs again so we can see if there are any issues during the boot up and initial connect to the network.
  • 0

#6
Ben T

Ben T

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 128 posts
Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 24/05/2012 9:18:23 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 25/05/2012 4:17:20 AM
Type: Error Category: 42
Event: 43029 Source: atikmdag
Display is not active

Log: 'System' Date/Time: 25/05/2012 4:17:20 AM
Type: Error Category: 51
Event: 52236 Source: atikmdag
CPLIB :: General - Invalid Parameter

Log: 'System' Date/Time: 25/05/2012 4:00:46 AM
Type: Error Category: 42
Event: 43029 Source: atikmdag
Display is not active

Log: 'System' Date/Time: 25/05/2012 4:00:46 AM
Type: Error Category: 51
Event: 52236 Source: atikmdag
CPLIB :: General - Invalid Parameter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 25/05/2012 4:17:15 AM
Type: Warning Category: 0
Event: 1 Source: RTL8167
Realtek PCIe FE Family Controller is disconnected from network.

Log: 'System' Date/Time: 25/05/2012 4:16:42 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 25/05/2012 4:00:42 AM
Type: Warning Category: 0
Event: 1 Source: RTL8167
Realtek PCIe FE Family Controller is disconnected from network.

Log: 'System' Date/Time: 25/05/2012 4:00:08 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 24/05/2012 9:18:59 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

#7
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Did you upgrade this machine? I see the Windows.old files.

What from to your current windows 7?

It looks like your ati graphics card driver is acting up but nothing else seems strange on the events logs.
  • 0

#8
Ben T

Ben T

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 128 posts
This is a refurbished laptop from Best Buy. It is about 6 months old. I too noticed the windows.old files when I was going through it. I don't know what the original OS was before they upgraded it.
  • 0

#9
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
What is the make and full model number?
  • 0

#10
Ben T

Ben T

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 128 posts
Dell Inspiron 1546. Reg Model: P02F Reg Type: P02F001 Service Tag: DP14ZJI Express Service Code: 29811737053




--------------------------------------------------------------------------------

The license associated with the Belarc Advisor product allows for free personal use only. Use on multiple computers in a corporate, educational, military or government installation is prohibited. See the license agreement for details. The information on this page was created locally on your computer by the Belarc Advisor. Your computer profile was not sent to a web server. Click here for more info.


--------------------------------------------------------------------------------


About Belarc

System Management Products

Your Privacy



In page Links:

USB Storage Use new

Hosted Virtual Machines new

Network Map

Software Licenses

Software Versions & Usage

Missing Hotfixes

Installed Hotfixes


System Security Status Security Benchmark Score


0.63 of 10 (details...)




Virus Protection


Up-to-date
Realtime File Scanning is off



Microsoft Security Updates


12 missing







--------------------------------------------------------------------------------

Computer Profile Summary
Computer Name: johnnynorris-PC (in WORKGROUP)
Profile Date: Thursday, May 24, 2012 9:51:02 PM
Advisor Version: 8.2g
Windows Logon: Administrator


Plan for your next computer refresh...
click for Belarc's System Management products

Operating System new – server roles System Model
Windows 7 Home Premium (x64) Service Pack 1 (build 7601)
Install Language: English (United States)
System Locale: English (United States)
Installed: 2/27/2012 4:27:41 PM Dell Inc. Inspiron 1546
System Service Tag: DP14ZJ1 (support for this PC)
Chassis Serial Number: DP14ZJ1
Enclosure Type: Portable
Processor a Main Circuit Board b
2.20 gigahertz AMD Turion X2 Dual-Core
128 kilobyte primary memory cache
1024 kilobyte secondary memory cache
64-bit ready
Multi-core (2 total)
Not hyper-threaded Board: Dell Inc. 0V2X0M
Serial Number: .DP14ZJ1.CN7016601G048K.
Bus Clock: 100 megahertz
BIOS: Dell Inc. A02 01/15/2010
new USB Storage Use in past 30 Days (mouse over last used for details) new Hosted Virtual Machines (mouse over name for details)
Last Used
Patriot Memory, s/n 078814A237CF, rev PMAP 5/21/2012 10:37:48 AM*
M-Sys Dell Memory Key, s/n 08C18C3F28000C07, rev 4.60 5/5/2012 2:59:55 PM*


* Possibly used again before the reboot following this time. None discovered
Drives new – drive encryption Memory Modules c,d
228.88 Gigabytes Usable Hard Drive Capacity
156.06 Gigabytes Hard Drive Free Space

Optiarc DVD+-RW AD-7700H ATA Device [Optical drive]

ST9250315AS [Hard drive] (250.06 GB) -- drive 0, s/n 6VC23WHF, rev 0003DEM1, SMART Status: Healthy 4096 Megabytes Usable Installed Memory

Slot 'DIMM_A' has 2048 MB (serial number 0D307AA1)
Slot 'DIMM_B' has 2048 MB (serial number 0B308BA1)
Local Drive Volumes new – volume encryption

c: (NTFS on drive 0) * 213.16 GB 147.19 GB free
e: (NTFS on drive 0) 15.73 GB 8.87 GB free



* Operating System is installed on c:

Network Drives
None discovered
Users (mouse over user name for details) Printers
local user accounts last logon
Administrator 5/24/2012 9:17:33 PM (admin)
johnnynorris 5/24/2012 5:45:55 PM (admin)
local system accounts
Guest never
HomeGroupUser$ never


Marks a disabled account; Marks a locked account Canon Inkjet iP6310D on Canon
Microsoft Shared Fax Driver on SHRFAX:
Microsoft XPS Document Writer on XPSPort:

Controllers Display
ATA Channel 0 [Controller]
ATA Channel 1 [Controller]
Standard Dual Channel PCI IDE Controller ATI Mobility Radeon HD 4300 Series [Display adapter]
Generic PnP Monitor (15.3"vis)
Bus Adapters Multimedia
Standard Enhanced PCI to USB Host Controller (2x)
Standard OpenHCD USB Host Controller (4x) High Definition Audio Device
Virus Protection [Back to Top] Group Policies
Microsoft Security Essentials Version 4.0.1526.0
Scan Engine Version 1.1.8403.0
Virus Definitions Version 1.127.601.0
Realtime File Scanning Off
None discovered
Communications new – connection speed & status Other Devices

↑ Dell Wireless 1397 WLAN Mini-Card
primary Auto IP Address: 192.168.1.113 / 24
Gateway: 192.168.1.1
Dhcp Server: 192.168.1.1
Physical Address: C4:17:FE:28:C2:75
Connection Speed: 54 Mbps
Microsoft ISATAP Adapter
↓ Realtek PCIe FE Family Controller
Status: Cable unplugged
Dhcp Server: none responded
Physical Address: A4:BA:DB:97:5B:B7
Teredo Tunneling Pseudo-Interface

Networking Dns Server: 172.27.35.1
Microsoft AC Adapter
Microsoft ACPI-Compliant Control Method Battery
Microsoft Composite Battery
Integrated Webcam
Standard PS/2 Keyboard
PS/2 Compatible Mouse
USB Composite Device
USB Root Hub (6x)
Generic volume shadow copy

See your entire network map...
click for Belarc's System Management products

Network Map (mouse over IP address for physical address) [Back to Top]
IP Device Type Device Details Device Roles
192.168.1.1 Router Linksys / WRT54G v8.00.0 DHCP Server, Gateway, Web Server
192.168.1.100 Web Server
192.168.1.103 Windows 7 Workstation Desktop-ben (in TAKAGI) Print Server, Browse Master
192.168.1.106 Printer Brw0022581d6307 (in WORKGROUP), Brother MFC-J615W / #K0F380162 Web Server, Samba Server
192.168.1.111 Windows Vista Workstation Laptop (in TAKAGI) Web Server
192.168.1.113 Windows 7 Workstation Johnnynorris-pc (in WORKGROUP),
johnnynorris-pc.sd.cox.net Print Server, Browse Master


Find your security vulnerabilities...
click for Belarc's System Management products

Missing Microsoft Security Hotfixes [Back to Top]
These required security hotfixes were not found installed (using the 05/22/2012 Microsoft Security Bulletin Summary with definitions version 2012.5.23.3). Note: Security benchmarks require that Critical and Important severity security hotfixes must be installed.
KB2675157 - Critical (details...)
Q2532531 - Critical (details...)
Q2604115 - Critical (details...)
Q2656356 - Critical (details...)
Q2656373 - Critical (details...)
Q2656411 - Low (details...)
Q2658846 - Important (details...)
Q2659262 - Important (details...)
Q2660649 - Important (details...)
Q2676562 - Critical (details...)
Q2688338 - Important (details...)
Q2690533 - Important (details...)

Hotfixes from Windows Update (agent version 7.5.7601.17514) wait for download and install approval. Last install: 5/24/2012 5:43:46 PM, download: 5/24/2012 5:41:36 PM, check: 5/24/2012 4:04:34 PM.

Manage all your software licenses...
click for Belarc's System Management products

Software Licenses [Back to Top]

Belarc - Advisor 8a6f8c9d
CyberLink - PowerDVD DVD090714-01
CyberLink - PowerDVD DX DVD090714-01
CyberLink - PowerDVD DX MV49742189549015
Microsoft - Internet Explorer 00359-OEM-8992687-00095 (Key: 6RBBT-F8VPQ-QCPVQ-KHRB8-RMV82)e
Microsoft - PowerShell 89383-100-0001260-04309
Microsoft - Windows 7 Home Premium (x64) 00359-OEM-8992687-00095 (Key: 6RBBT-F8VPQ-QCPVQ-KHRB8-RMV82)e


Find unused software and reduce licensing costs...
click for Belarc's System Management products

Software Versions & Usage (mouse over i for details, click i for location) [Back to Top]
ı i Adobe Acrobat Update Service Version 1, 5, 7, 0
i Adobe Reader Version 10.1.3.23
i Adobe Systems, Inc. - Shockwave Flash Version 11,2,202,235
ı i Adobe® Flash® Player Update Service Version 11,2,202,235
ı i AMD External Events Version 6.14.11.1033
i Auslogics - Disk Defrag Version 3.x
ı i Belarc, Inc. - Advisor Version 8.2g
ı i Creative Technology Ltd - Dell Webcam Central Version 2.00
i Creative Technology Ltd. - AvatarImport Version 2.0.0.0
i Creative Technology Ltd. - AVFXImport Version 2.0.0.0
i CyberLink PowerDVD DX Version 8.03.5424
ı i Malwarebytes Anti-Malware Version 1.60.0080
ı i Microsoft Corporation - Internet Explorer Version 9.00.8112.16421
i Microsoft Corporation - Silverlight Plug-In Version 5.1.10411.0
ı i Microsoft Corporation - Windows Installer - Unicode Version 5.0.7600.16385
ı i Microsoft Corporation - Windows® Search Version 7.00.7600.16385
ı i Microsoft Malware Protection Version 4.0.1526.0 i Microsoft Network Inspection System Version 4.0.1526.0
ı i Microsoft Security Client Version 4.0.1526.0
i Microsoft ® Windows Script Host Version 5.8.7600.16385
i Microsoft® .NET Framework Version 2.0.50727.4927
i Microsoft® .NET Framework Version 3.0.6920.5011
i Microsoft® .NET Framework Version 4.0.31106.0
i Microsoft® Silverlight Version 5.1.10411.0
i Microsoft® Windows® Operating System Version 12.0.7600.16385
i Oracle Corporation - Java™ Platform SE 7 U4 Version 7.0.40.255
ı i Panda Security - USB Vaccine Version 1.0.1.0
ı i Piriform Ltd - CCleaner Version 3, 18, 0, 1707
ı i Piriform Ltd - Speccy Version 1, 16, 0, 317
ı i Siber Systems - RoboForm Version 7-7-7-1
i Start Unlocker
i Start Unlocker Assistant
i TeamViewer Version 7.0
ı i VS Revo Group - Revo Uninstaller Version 1, 9, 3, 0


i Mouse over to see details, click to see where software is installed.
ı Marks software last used within the past 7 days.
ıı Marks software last used within the past 90 days, but over 7 days ago.
ııı Marks software last used within the past year, but over 90 days ago.
ıııı Marks software last used over 1 year ago.
Unmarked software lacks the data to determine last use.


Audit your security posture...
click for Belarc's System Management products

Installed Microsoft Hotfixes [Back to Top]
.NET Framework 4 Client Profile
KB2468871 on 5/18/2012 (details...)
KB2533523 on 5/18/2012 (details...)
KB2600217 on 5/18/2012 (details...)
KB2604121 on 5/18/2012 (details...)
KB2656351 on 5/18/2012 (details...)
KB2656368 on 5/18/2012 (details...)
KB2656405 on 5/18/2012 (details...)
.NET Framework 4 Extended
KB2468871 on 5/18/2012 (details...)
KB2487367 on 5/18/2012 (details...)
KB2533523 on 5/18/2012 (details...)
KB2600217 on 5/18/2012 (details...)
KB2656351 on 5/18/2012 (details...)
Windows 7
KB958488 on 5/6/2012 (details...)
KB971033 on 5/6/2012 (details...)
KB976902 on 5/6/2012 (details...)
KB976932 on 5/6/2012 (details...)
KB2305420 on 5/6/2012 (details...)
KB2393802 on 5/6/2012 (details...)
KB2425227 on 5/6/2012 (details...)
KB2479943 on 5/6/2012 (details...)
KB2484033 on 5/6/2012 (details...)
KB2491683 on 5/6/2012 (details...)
KB2492386 on 5/6/2012 (details...)
KB2505438 on 5/6/2012 (details...)
KB2506014 on 5/6/2012 (details...)
KB2506212 on 5/6/2012 (details...)
KB2506928 on 5/6/2012 (details...)
KB2507618 on 5/6/2012 (details...)
KB2509553 on 5/6/2012 (details...)
KB2510531 on 5/6/2012 (details...)
KB2511250 on 5/6/2012 (details...)
KB2511455 on 5/6/2012 (details...)
KB2515325 on 5/6/2012 (details...)
KB2522422 on 5/6/2012 (details...)
KB2533552 on 5/5/2012 (details...)
Windows 7 (continued)
KB2536275 on 5/6/2012 (details...)
KB2536276 on 5/6/2012 (details...)
KB2541014 on 5/6/2012 (details...)
KB2544893 on 5/6/2012 (details...)
KB2545698 on 5/6/2012 (details...)
KB2547666 on 5/6/2012 (details...)
KB2552343 on 5/6/2012 (details...)
KB2556532 on 5/6/2012 (details...)
KB2560656 on 5/6/2012 (details...)
KB2563227 on 5/6/2012 (details...)
KB2564958 on 5/6/2012 (details...)
KB2567680 on 5/6/2012 (details...)
KB2570947 on 5/6/2012 (details...)
KB2579686 on 5/6/2012 (details...)
KB2584146 on 5/5/2012 (details...)
KB2585542 on 5/6/2012 (details...)
KB2588516 on 5/6/2012 (details...)
KB2603229 on 5/6/2012 (details...)
KB2618451 on 5/6/2012 (details...)
KB2619339 on 5/6/2012 (details...)
KB2620704 on 5/6/2012 (details...)
KB2620712 on 5/6/2012 (details...)
KB2621440 on 5/6/2012 (details...)
KB2631813 on 5/6/2012 (details...)
KB2633952 on 5/6/2012 (details...)
KB2640148 on 5/6/2012 (details...)
KB2641653 on 5/6/2012 (details...)
KB2641690 on 5/6/2012 (details...)
KB2644615 on 5/6/2012 (details...)
KB2645640 on 5/6/2012 (details...)
KB2647518 on 5/6/2012 (details...)
KB2653956 on 5/6/2012 (details...)
KB2654428 on 5/6/2012 (details...)
KB2660075 on 5/6/2012 (details...)
KB2665364 on 5/6/2012 (details...)
KB2667402 on 5/6/2012 (details...)
KB2675157 on 5/5/2012 (details...)



Click here to see all available Microsoft security hotfixes for this computer.

Marks a security hotfix (using the 05/22/2012 Microsoft Security Bulletin Summary)
Marks a security hotFix that fails verification (a security vulnerability)
Marks a hotfix that verifies correctly
Marks a hotfix that fails verification (note that failing hotfixes need to be reinstalled)
Unmarked hotfixes lack the data to allow verification


--------------------------------------------------------------------------------


a. Processor clock speed is measured at computer start-up, and on laptops may be impacted by power option settings.
b. Data may be transferred on the bus at one, two, or four times the Bus Clock rate.
c. Memory slot contents may not add up to Installed Memory if some memory is not recognized by Windows.
d. Memory slot contents is reported by the motherboard BIOS. Contact system vendor if slot contents are wrong.
e. This is the manufacturer's factory installed product key rather than yours. You can change it to your product key here http://go.microsoft....k/?LinkId=45668 for Windows, or here http://support.micro...om/?kbid=895456 for Office.
Copyright 2000-12, Belarc, Inc. All rights reserved.
Legal notice. U.S. Patents 5665951, 6085229 and Patents pending.

--------------------------------------------------------------------------------

Edited by Ben T, 24 May 2012 - 10:55 PM.

  • 0

#11
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
It was originally a Win 7 machine. You may want to mention to MacBoatMaster that you have those on the machine. You may also want to check the website for this dell for updated ati drivers for the video.

Regards,

CompCav
  • 0

#12
Ben T

Ben T

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 128 posts
Ok, I will pass it on to him. Thanks for checking out my machine. I appreciate your late night work. It's a couple hours later in
Texas, right? Midnight!
  • 0

#13
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Yes 12:06 am

Take care!
  • 0

#14
CompCav

CompCav

    Member 5k

  • Expert
  • 12,448 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP