ESET Smart Security
Apparently my computer recently got infected with OLMARIK.TDL4 trojan. ESET detected it but could not clean it.
ESET customer care first had me try their own stand-alone OLMARIK killer. Didn't work. ESET then directed me to download and run Kaspersky's TDSSKILLER which appeared to remove OLMARIK. ESET scan now shows no infections; however, MalwareBytes finds a Windows\svchost.exe file. When I direct MalwareBytes to remove it, the file comes right back on the next scan following reboot.
I would like to make sure my computer is clean of all threats. Perhaps you would be kind enough to help me out. Here's the OTL scan file:
OTL logfile created on: 7/21/2012 4:16:07 PM - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Harry\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
8.00 Gb Total Physical Memory | 5.81 Gb Available Physical Memory | 72.60% Memory free
16.00 Gb Paging File | 12.50 Gb Available in Paging File | 78.18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 279.46 Gb Total Space | 116.14 Gb Free Space | 41.56% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 40.21 Gb Free Space | 17.26% Space Free | Partition Type: NTFS
Drive E: | 600.71 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive H: | 3.72 Gb Total Space | 1.84 Gb Free Space | 49.54% Space Free | Partition Type: FAT32
Computer Name: DESKTOP | User Name: Harry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/07/21 16:15:08 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Harry\Downloads\OTL.exe
PRC - [2012/07/18 22:43:14 | 000,131,512 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
PRC - [2012/06/30 21:02:04 | 000,686,280 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_ActiveX.exe
PRC - [2012/04/25 19:53:38 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
PRC - [2012/03/07 15:40:34 | 000,913,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
PRC - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/11/11 14:31:54 | 000,334,448 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2010/11/11 14:31:50 | 000,404,080 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2010/11/11 14:30:44 | 000,113,264 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
PRC - [2010/11/11 13:31:44 | 000,539,248 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
========== Modules (No Company Name) ==========
MOD - [2012/04/25 19:52:28 | 001,270,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\qtscript4.dll
MOD - [2012/04/25 19:52:26 | 007,422,352 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\qtgui4.dll
MOD - [2012/04/25 19:52:24 | 000,795,024 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\qtnetwork4.dll
MOD - [2012/04/25 19:52:24 | 000,192,912 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\qtsql4.dll
MOD - [2012/04/25 19:52:22 | 002,453,904 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\qtdeclarative4.dll
MOD - [2012/04/25 19:52:22 | 002,126,224 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\qtcore4.dll
MOD - [2011/10/05 04:52:30 | 000,756,048 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL
MOD - [2011/09/05 19:36:52 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\imageformats\qgif4.dll
MOD - [2011/09/05 19:36:50 | 000,180,224 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\imageformats\qjpeg4.dll
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2012/03/07 15:40:34 | 000,913,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2011/05/17 16:06:16 | 002,644,816 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV:64bit: - [2010/10/28 06:14:30 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/07/18 22:43:14 | 000,131,512 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2012/04/25 19:53:38 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe -- (KSS)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/03/09 18:02:56 | 000,331,648 | ---- | M] (FileOpen Systems Inc.) [Auto | Running] -- C:\ProgramData\FileOpen\Services\FileOpenManagerSvc64.exe -- (FileOpenManagerSvc)
SRV - [2010/11/11 14:31:54 | 000,334,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2010/11/11 14:31:50 | 000,404,080 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2010/11/11 14:30:44 | 000,113,264 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2010/11/11 13:31:44 | 000,539,248 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2010/10/22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/08/19 14:57:14 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe -- (ufad-ws60)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012/07/19 19:05:42 | 000,029,000 | ---- | M] (ESET) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\OlmarikFixer.sys -- (OlmarikFixer)
DRV:64bit: - [2012/03/14 08:40:04 | 000,187,632 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
DRV:64bit: - [2012/03/14 08:40:04 | 000,062,496 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
DRV:64bit: - [2012/03/14 08:40:04 | 000,038,288 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EpfwLWF.sys -- (EpfwLWF)
DRV:64bit: - [2012/03/14 08:40:02 | 000,209,768 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2012/03/14 08:40:02 | 000,148,528 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/14 03:04:34 | 000,044,624 | ---- | M] (Diskeeper Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\DKRtWrt.sys -- (DKRtWrt)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 07:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/11 14:32:32 | 000,081,008 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2010/11/11 14:32:32 | 000,030,832 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\VMparport.sys -- (VMparport)
DRV:64bit: - [2010/11/11 14:32:20 | 000,068,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2010/11/11 14:30:34 | 000,031,856 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2010/11/11 14:30:18 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2010/11/11 13:31:32 | 000,038,512 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2010/11/11 11:04:52 | 000,045,104 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2010/11/11 11:04:52 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2010/08/24 13:29:54 | 000,041,040 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2010/08/24 13:29:32 | 000,057,936 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2010/08/24 13:29:10 | 000,063,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2005/03/29 02:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2012/06/15 18:57:54 | 000,023,208 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Users\Harry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\56BW3TS4\EmsisoftEmergencyKit\Run\a2ddax64.sys -- (A2DDA)
DRV - [2010/08/19 14:56:38 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/?cid=xpbar
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F3 2C 76 A1 8C C1 CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {08674750-0B78-42D4-A564-06A5165E6C62}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{08674750-0B78-42D4-A564-06A5165E6C62}: "URL" = http://www.google.co...age={startPage}
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:466...q={searchTerms}
IE - HKCU\..\SearchScopes\{B592E622-4490-42E9-BCD5-77C1ECCEE925}: "URL" = http://www.google.co...age={startPage}
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....s}&fr=chr-iobit
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;*.local;127.0.0.1:9421;<local>
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Harry\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Harry\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD [2012/07/18 16:33:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/04/27 19:42:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012/07/18 16:33:27 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\WordWeb\WCaptureMoz [2011/10/21 18:52:52 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/04/27 19:42:14 | 000,000,000 | ---D | M]
========== Chrome ==========
CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Harry\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\Harry\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Harry\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Harry\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: DocuCom PDF Plus (Enabled) = C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Plugins = C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\chemohaemmfhjpmlgkmkanfpfbkaihop\0.7.0_0\
CHR - Extension: Google Search = C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AdBlock = C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.33_0\
CHR - Extension: Oogle = C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnldbiikfjheppkbnjbnkgimnfejifpf\0.81_0\
CHR - Extension: BugMeNot Lite = C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\lackfehpdclhclidcbbfcemcpolgdgnb\0.3.9_0\
CHR - Extension: Thesaurus Extension = C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnlghihanpgbalbphnffoehfkbcfcpic\1.1_0\
CHR - Extension: Google Dictionary (by Google) = C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja\3.0.12_0\
CHR - Extension: FastestChrome - Browse Faster = C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm\6.2.1_0\
CHR - Extension: Gmail = C:\Users\Harry\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKCU..\Run: [KSS] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Kaspersky Lab ZAO)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} http://www.alternati...x-w32-2.0.1.cab (AlternaTIFF ActiveX)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bit...m/qsax/qsax.cab (Bitdefender QuickScan Control)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.h...hpdetect118.cab (GMNRev Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell....lSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F8FC1530-0608-11DF-2008-0800200C9A66} https://aepnow.aep.c...ies/instweb.cab (CSD ActiveX Installer)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcp.../PCPitstop2.dll (PCPitstop Exam)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5E68A996-5DF9-4A66-A9C3-6F2D96349944}: DhcpNameServer = 75.75.76.76 75.75.75.75
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: TaskMan - (taskmgr.exe) - C:\Windows\SysWow64\taskmgr.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/01/31 21:01:48 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2012/03/31 16:42:59 | 000,000,000 | ---D | M] - C:\Automotive -- [ NTFS ]
O32 - AutoRun File - [1998/08/13 08:53:20 | 000,024,064 | R--- | M] (Dipl.-Ing. Stefan Krueger <[email protected]>) - E:\AUTORUN.EXE -- [ CDFS ]
O32 - AutoRun File - [2010/03/05 09:16:30 | 000,000,175 | R--- | M] () - E:\AUTORUN.INI -- [ CDFS ]
O32 - AutoRun File - [1999/12/27 12:05:28 | 000,000,143 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{fbe88e8c-2d96-11e0-905d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{fbe88e8c-2d96-11e0-905d-806e6f6e6963}\Shell\acro_set\command - "" = E:\rs405eng.exe -- [1999/11/22 19:04:44 | 006,603,173 | R--- | M] (InstallShield Software Corporation)
O33 - MountPoints2\{fbe88e8c-2d96-11e0-905d-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AUTORUN.EXE -- [1998/08/13 08:53:20 | 000,024,064 | R--- | M] (Dipl.-Ing. Stefan Krueger <[email protected]>)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012/07/20 22:54:04 | 000,000,000 | ---D | C] -- C:\Users\Harry\DoctorWeb
[2012/07/20 12:23:47 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/07/19 19:15:24 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Converber
[2012/07/19 19:15:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Converber
[2012/07/19 19:15:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Converber
[2012/07/18 22:53:27 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan
[2012/07/18 22:53:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/07/18 22:53:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2012/07/18 22:47:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2012/07/18 22:46:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2012/07/18 22:43:40 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Local\Chromium
[2012/07/18 22:42:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton PC Checkup 3.0
[2012/07/18 22:42:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton PC Checkup 3.0
[2012/07/18 22:42:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2012/07/18 22:42:38 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Roaming\PCCUStubInstaller
[2012/07/18 21:07:34 | 000,029,000 | ---- | C] (ESET) -- C:\Windows\SysNative\drivers\OlmarikFixer.sys
[2012/07/18 16:33:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2012/07/18 16:33:14 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/07/17 23:28:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/07/17 23:27:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012/07/16 19:36:28 | 000,000,000 | ---D | C] -- C:\ProgramData\SoftPerfect
[2012/07/16 19:36:28 | 000,000,000 | ---D | C] -- C:\Program Files\NetWorx
[2012/07/09 11:53:41 | 000,000,000 | ---D | C] -- C:\Users\Harry\AEP_Diesel_Fire_Pumps
[2012/06/30 21:50:50 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Local\Cisco
[2012/06/22 14:04:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Look@LAN
[2012/06/22 14:04:37 | 000,720,896 | ---- | C] (Indigo Rose Corporation) -- C:\Windows\iun6002.exe
[2012/06/22 14:04:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Look@LAN
========== Files - Modified Within 30 Days ==========
[2012/07/21 15:42:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/21 12:09:43 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/21 12:09:43 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/21 11:58:25 | 000,970,752 | ---- | M] () -- C:\Users\Harry\Documents\BDTracker.accdb
[2012/07/20 12:25:27 | 2146,295,807 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/19 19:15:24 | 000,001,019 | ---- | M] () -- C:\Users\Harry\Desktop\Converber.lnk
[2012/07/19 19:05:42 | 000,029,000 | ---- | M] (ESET) -- C:\Windows\SysNative\drivers\OlmarikFixer.sys
[2012/07/18 22:53:22 | 000,001,077 | ---- | M] () -- C:\Users\Harry\Desktop\Kaspersky Security Scan.lnk
[2012/07/18 22:42:58 | 000,002,031 | ---- | M] () -- C:\Users\Public\Desktop\Norton PC Checkup 3.0.lnk
[2012/07/18 22:37:14 | 000,889,372 | ---- | M] () -- C:\Users\Harry\AppData\Local\census.cache
[2012/07/18 22:37:07 | 000,107,883 | ---- | M] () -- C:\Users\Harry\AppData\Local\ars.cache
[2012/07/18 15:04:54 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/18 15:04:54 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/18 09:08:37 | 000,001,133 | ---- | M] () -- C:\Users\Harry\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/07/17 23:13:30 | 000,569,600 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/17 23:07:54 | 000,000,129 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
[2012/07/16 21:49:00 | 001,970,144 | ---- | M] () -- C:\Users\Harry\Desktop\phto.JPG
[2012/07/16 20:55:00 | 002,089,186 | ---- | M] () -- C:\Users\Harry\Desktop\poto.JPG
[2012/07/11 20:08:15 | 000,160,538 | ---- | M] () -- C:\Users\Harry\Desktop\Pedro_VFD_Outputs.jpg
[2012/06/22 14:04:38 | 000,001,899 | ---- | M] () -- C:\Users\Harry\Desktop\[email protected]
[2012/06/22 14:04:38 | 000,001,892 | ---- | M] () -- C:\Users\Harry\Desktop\[email protected]
[2012/06/22 14:03:58 | 000,720,896 | ---- | M] (Indigo Rose Corporation) -- C:\Windows\iun6002.exe
========== Files Created - No Company Name ==========
[2012/07/19 19:15:24 | 000,001,019 | ---- | C] () -- C:\Users\Harry\Desktop\Converber.lnk
[2012/07/18 22:53:27 | 000,001,077 | ---- | C] () -- C:\Users\Harry\Desktop\Kaspersky Security Scan.lnk
[2012/07/18 22:42:58 | 000,002,031 | ---- | C] () -- C:\Users\Public\Desktop\Norton PC Checkup 3.0.lnk
[2012/07/17 23:07:54 | 000,000,129 | ---- | C] () -- C:\Windows\SysNative\MRT.INI
[2012/07/16 21:49:00 | 001,970,144 | ---- | C] () -- C:\Users\Harry\Desktop\phto.JPG
[2012/07/16 20:55:00 | 002,089,186 | ---- | C] () -- C:\Users\Harry\Desktop\poto.JPG
[2012/07/11 20:08:12 | 000,160,538 | ---- | C] () -- C:\Users\Harry\Desktop\Pedro_VFD_Outputs.jpg
[2012/06/22 14:04:38 | 000,001,899 | ---- | C] () -- C:\Users\Harry\Desktop\[email protected]
[2012/06/22 14:04:38 | 000,001,892 | ---- | C] () -- C:\Users\Harry\Desktop\[email protected]
[2012/05/15 19:42:39 | 000,889,372 | ---- | C] () -- C:\Users\Harry\AppData\Local\census.cache
[2012/05/15 19:42:27 | 000,107,883 | ---- | C] () -- C:\Users\Harry\AppData\Local\ars.cache
[2012/05/15 19:34:01 | 000,000,036 | ---- | C] () -- C:\Users\Harry\AppData\Local\housecall.guid.cache
[2012/04/27 19:32:21 | 000,233,134 | ---- | C] () -- C:\Windows\hpwins22.dat
[2012/04/27 19:32:21 | 000,002,850 | ---- | C] () -- C:\Windows\hpwmdl22.dat
[2012/03/16 15:07:51 | 002,040,278 | ---- | C] () -- C:\Users\Harry\Magnetic_Flo_Excellent_graphics_manual MAG flow rate - ENG.pdf
[2012/02/13 19:29:58 | 000,000,058 | ---- | C] () -- C:\Windows\TaxACT11.ini
[2011/10/21 18:52:52 | 002,212,608 | ---- | C] () -- C:\Windows\wweb32.dll
[2011/04/01 20:20:42 | 000,000,017 | ---- | C] () -- C:\Users\Harry\AppData\Local\resmon.resmoncfg
[2011/02/27 18:33:18 | 000,777,138 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/02/07 22:08:19 | 000,000,061 | ---- | C] () -- C:\Windows\TaxACT09.ini
[2011/02/07 22:01:03 | 000,000,058 | ---- | C] () -- C:\Windows\TaxACT10.ini
[2011/01/17 11:47:09 | 000,000,842 | ---- | C] () -- C:\Users\Harry\.recently-used.xbel
[2009/05/28 17:03:56 | 000,076,355 | ---- | C] () -- C:\Users\Harry\FIG BS-2-1-12-1.TIF
[2009/05/25 18:44:13 | 000,480,092 | ---- | C] () -- C:\Users\Harry\mtp_1_bw_173700e_2.tif
[2008/09/09 09:57:41 | 000,062,935 | ---- | C] () -- C:\Users\Harry\cd1.sfv
[2008/09/09 09:57:41 | 000,000,059 | ---- | C] () -- C:\Users\Harry\Autorun.inf
[2008/08/13 19:51:06 | 000,001,224 | ---- | C] () -- C:\Users\Harry\.archerrc
[2008/07/09 22:28:37 | 000,005,723 | ---- | C] () -- C:\Users\Harry\New document 1.2008_07_09_22_28_37.0
[2008/07/06 21:24:58 | 000,010,735 | ---- | C] () -- C:\Users\Harry\settings3DE71.das
[2008/07/03 21:42:21 | 000,000,031 | ---- | C] () -- C:\Users\Harry\.gtk-bookmarks
========== LOP Check ==========
[2011/04/29 09:55:48 | 000,000,000 | ---D | M] -- C:\Users\Harry\AppData\Roaming\Autodesk
[2011/02/01 15:24:10 | 000,000,000 | ---D | M] -- C:\Users\Harry\AppData\Roaming\ESET
[2011/07/07 10:22:35 | 000,000,000 | ---D | M] -- C:\Users\Harry\AppData\Roaming\FileOpen
[2011/03/01 20:40:00 | 000,000,000 | ---D | M] -- C:\Users\Harry\AppData\Roaming\Iconico
[2011/02/01 10:54:05 | 000,000,000 | ---D | M] -- C:\Users\Harry\AppData\Roaming\Leadertech
[2012/06/08 19:57:17 | 000,000,000 | ---D | M] -- C:\Users\Harry\AppData\Roaming\Nuance
[2012/07/18 22:42:38 | 000,000,000 | ---D | M] -- C:\Users\Harry\AppData\Roaming\PCCUStubInstaller
[2011/02/16 11:37:32 | 000,000,000 | ---D | M] -- C:\Users\Harry\AppData\Roaming\WinBatch
[2011/08/29 17:52:33 | 000,000,000 | ---D | M] -- C:\Users\Harry\AppData\Roaming\Zeon
[2009/07/14 01:08:49 | 000,027,880 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >