Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Malware is blank white screen with audio playing that is unintelligibl

Started by jtroop , Jun 02 2013 06:11 PM

This topic is locked

#1
jtroop

Posted 02 June 2013 - 06:11 PM

Member

Member
70 posts

This my mother's computer that is having the malware problem. She says she was on facebook and clicked "like" to like a friend's wall post. When she clicked like, it took her to her friend's daughter facebook page and she heard a loud cracking popping noise. The computer screen goes blank white and you can hear some sort of inintelligible audio playing. She has windows vista home edition. The only way to get online is by going into another user profile she had on vista. If you go into her user profile, it will display the infection signs.

I tried running superantispyware. It did find a few infections, one of them a trojan but it didn't help. Sorry, I didn't copy the log for sas and can't remember the infection names. She has AVG free edition. If you try to run an AVG, the computer will re-boot itself so no luck there. If I boot into safe mode and try an AVG scan, it can't scan normally, only a DOS type of screen when it scans ( I can't remember the name of the scan). However, the AVG scan is useless because everything it tries to scan is locked and scan wasn't performed.

Here is the OTL scan results log:

OTL Extras logfile created on: 5/2/2013 7:51:15 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dianeslife.dianne-PC.000\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.97 Gb Total Physical Memory | 1.89 Gb Available Physical Memory | 47.71% Memory free
8.14 Gb Paging File | 5.09 Gb Available in Paging File | 62.51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 683.58 Gb Total Space | 525.09 Gb Free Space | 76.81% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 0.02 Gb Free Space | 0.11% Space Free | Partition Type: NTFS
Drive E: | 48.38 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: DIANNE-PC | User Name: dianne | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 6B 3A ED D1 A0 81 CA 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02A7F113-5A75-45F3-8D1A-D492A92B8810}" = lport=139 | protocol=6 | dir=in | app=system |
"{0368DB99-86AD-4D86-BACE-322426E26C41}" = lport=37675 | protocol=17 | dir=in | name=oovoo udp port 37675 |
"{0DEF882B-B3BC-4D49-BF83-AE4CA77651D1}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{0FFAFA06-A559-49FB-B3B1-EC717DB6EAAB}" = lport=443 | protocol=17 | dir=in | name=oovoo udp port 443 |
"{11EBA078-3EF2-4AE1-A7B9-02885C46B5B4}" = rport=445 | protocol=6 | dir=out | app=system |
"{240E2D42-9B05-4256-88D6-052EE6D3BBFA}" = lport=445 | protocol=6 | dir=in | app=system |
"{2B21E741-565D-4598-80E1-F4E6BCE7B218}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{3A7454BB-3660-4EE3-8C4C-6459D0D37FA6}" = lport=37674 | protocol=17 | dir=in | name=oovoo udp port 37674 |
"{3B3F9937-1F13-4150-8484-0A7C5155FD58}" = lport=40090 | protocol=6 | dir=in | name=streaming web cam |
"{4045340E-B928-49A9-A0BE-79358BC026B8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{4129D370-E206-4F42-892B-F8215214148C}" = lport=40093 | protocol=6 | dir=in | name=streaming web cam |
"{418A4FBA-2D03-4C12-8CCC-6674C76826C0}" = lport=443 | protocol=6 | dir=in | name=oovoo tcp port 443 |
"{4B357F03-B283-4AB4-8ED2-C1B677DC7418}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{4EC8FB79-A7BC-4EDC-8EBC-40926D31D704}" = lport=40080 | protocol=6 | dir=in | name=remote access media server |
"{5796F27A-982E-4D4D-9138-673AE01074B4}" = lport=40092 | protocol=6 | dir=in | name=streaming web cam |
"{71500356-6D19-4ECC-AEC1-7A659C4DD4A4}" = lport=40091 | protocol=6 | dir=in | name=streaming web cam |
"{7181AB26-E163-44FB-B0A1-D7C3A92BC8AF}" = lport=137 | protocol=17 | dir=in | app=system |
"{822A0604-1DAB-46E4-88DF-C1EC065BBC8F}" = lport=37674 | protocol=6 | dir=in | name=oovoo tcp port 37674 |
"{9515BFEF-A413-4257-B54D-EC1863CD719B}" = rport=139 | protocol=6 | dir=out | app=system |
"{A7B271B9-963F-4F06-9611-EBAA248D6932}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B1CC7156-CA6B-4C24-8487-E78D26710E46}" = rport=137 | protocol=17 | dir=out | app=system |
"{C74F3005-6FB7-4E32-9F22-E16CA59B29C2}" = lport=40094 | protocol=6 | dir=in | name=streaming web cam |
"{CABE42F2-F178-423A-9C4C-3406DF99DDC4}" = lport=138 | protocol=17 | dir=in | app=system |
"{E9644064-24CA-4E15-85C1-2750491B67FD}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{FDF8872B-6D67-4C16-8F4E-D5D4F93040D4}" = rport=138 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05182958-72D0-4EFA-A23B-FE58191FACBA}" = protocol=58 | dir=out | [email protected],-28546 |
"{0555A469-0212-4D0A-8AE4-042A6ECD7EE5}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{08885B15-D813-4BE9-A57B-B53F3CFEE281}" = protocol=6 | dir=in | app=c:\program files (x86)\dell v305\dldtmon.exe |
"{08E75249-3CF1-41E3-9F30-CFA18E7484E6}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{0AF4F3F0-BF03-469F-BD04-D8ADD644310C}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\dell\remote access file sync service\dsl_fs_sync.exe |
"{0D997B66-26D9-4588-801E-AA36B70C9E5A}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\dell\vlc\vlc.exe |
"{0FACFCFD-CED8-4E68-B552-6B29E3B5B51B}" = protocol=6 | dir=in | app=c:\program files (x86)\dogpile bundle toolbar\troubleshooter.exe |
"{0FDB6578-E360-417E-8F02-C747406242CB}" = protocol=6 | dir=in | app=c:\program files (x86)\dell v305\dldtamon.exe |
"{1073C41A-EF0F-4ACB-9A9F-A55DE3CF9EC2}" = protocol=58 | dir=in | [email protected],-28545 |
"{113787DB-F5B6-4214-89EE-627BC49EA4CB}" = protocol=1 | dir=out | [email protected],-28544 |
"{15D8D4BA-0F48-412F-8433-5F73A2866B70}" = protocol=17 | dir=in | app=c:\program files (x86)\dogpile bundle toolbar\troubleshooter.exe |
"{19982730-FF53-480D-B7E6-D68EAB97EF7D}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\dell\advanced networking service\hnm_svc.exe |
"{1E7A93CE-CDDB-4D55-BF0F-E7DD2EA71157}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\dell\mysql\bin\mysqld.exe |
"{2192D72F-3A67-4698-87D2-D36BE54D6199}" = protocol=6 | dir=in | app=c:\program files (x86)\dell remote access\ezi_ra.exe |
"{24216B4C-A044-4B64-9B11-70D45FDC1B85}" = protocol=6 | dir=in | app=c:\program files (x86)\dogpile bundle toolbar\toolbarupdate.exe |
"{25490F27-AAA8-47EB-9A13-7041E029D4C8}" = protocol=17 | dir=in | app=c:\program files (x86)\dell v305\frun.exe |
"{269B0D16-037C-4B00-A030-6A4A4A7B43C3}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{2DC1F97A-E9EB-4FC2-8E3E-113FCD631DAE}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\dldtwbgw.exe |
"{3824F1FE-9266-4592-9FB8-7584B632BF3B}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{3F1DE98A-4ECA-4DA0-AE71-1A3E39CA2F39}" = protocol=6 | dir=in | app=c:\windows\system32\dldtcoms.exe |
"{44D033C9-6BC3-42CF-843F-22B123E349C3}" = protocol=6 | dir=in | app=c:\windows\syswow64\dldtcoms.exe |
"{4550B461-53A6-44C3-9DAC-B80FE3AB8C73}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |
"{4AB65175-F56D-4D4C-8B3C-B31734DC8FA6}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\dldtjswx.exe |
"{4E07C871-6215-4F87-935F-221B2D316C88}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\dell\remote access file sync service\dsl_fs_sync.exe |
"{50DFEBCA-EC9D-41DD-9139-ACFA1D6997B6}" = protocol=6 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"{522925FC-0D8F-4B8A-85AF-1566B5363E7A}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\dldtpswx.exe |
"{5706B257-A5D8-4822-8E83-6833995CC443}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\dldtpswx.exe |
"{63DD1592-6E88-425A-86C6-31C7209B658E}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{676587F1-846F-45AE-B979-E6A46973BB0B}" = protocol=17 | dir=in | app=c:\program files (x86)\dell remote access\ezi_ra.exe |
"{67E85642-6B6E-4412-AE5A-8A5F276D5C1C}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{687A18DB-E296-494E-AA09-6B5A3961DB89}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{69F50E8E-023C-475F-859F-6473D3704A5F}" = protocol=17 | dir=in | app=c:\program files (x86)\dell v305\dldtmon.exe |
"{6BC6DA4E-E262-48D7-9D31-C64294ACADA9}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\dldtwbgw.exe |
"{7048ACBF-E2C8-4C75-A052-7EC676488821}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{76BCAC18-B367-441B-9040-3943C5CFB9D4}" = protocol=17 | dir=in | app=c:\program files (x86)\dell v305\dldtamon.exe |
"{7B392D48-8B83-45A0-B39B-FF70B13A6CCD}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\dell\mysql\bin\mysql.exe |
"{84EAAFE6-E0EB-404F-802C-1DEE24E84CA0}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{88A80AAD-8D27-43E6-8D47-AFF84D16AA16}" = protocol=17 | dir=in | app=c:\program files (x86)\dogpile bundle toolbar\toolbarupdate.exe |
"{897D5C26-6A75-4479-970F-BC0763FF1883}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\dell\mysql\bin\mysqld.exe |
"{9019CB6F-7609-4450-AA92-9CC5BB9A9CB2}" = protocol=17 | dir=in | app=c:\windows\syswow64\dldtcoms.exe |
"{918D26E4-CA99-4907-B851-B8B95946935A}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\dell\apache\bin\httpd.exe |
"{9207B9AA-361B-4BC8-AE0B-9C6F25D478F9}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\dell\apache\php.exe |
"{92840B27-CD54-48A7-ADF8-42A413321743}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\dell\mysql\bin\mysql.exe |
"{9D83D729-B14A-4B8D-BF69-0044D80E96DE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A381AB5C-1B09-472A-97E1-1741B12A819F}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{A58D54D2-AF58-43F7-8869-A30565696691}" = protocol=1 | dir=in | [email protected],-28543 |
"{AA0B7B44-570B-4E45-8172-AE53A57E66F6}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\dldtjswx.exe |
"{ACCC8BFD-977E-4EDE-B274-671C5A8B3AE2}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{B41B26CB-2F48-477D-ACFB-DB04577783E4}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{BB0A8BC3-00A6-4C33-A141-D9201A37E51E}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\dell\apache\bin\httpd.exe |
"{BFB85BEC-1C02-4DBC-B192-E48C664DC430}" = protocol=6 | dir=in | app=c:\program files (x86)\dell v305\frun.exe |
"{C126ECA2-810D-4629-BDBB-6C4FC9EA2B11}" = protocol=17 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"{C1E221C3-62EF-4321-93D7-36E84E650267}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\dell\apache\php.exe |
"{D34510A8-BEA1-472B-BB47-3A8DBD88968C}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{D4297D28-D342-4336-B12E-486876807F09}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\dell\vlc\vlc.exe |
"{D76A6EC6-552B-44AB-A367-D373FEF499FD}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{D8CF21BD-CFEF-4FC6-A204-5CB687DADDA1}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\dldttime.exe |
"{E583CE7F-3899-4CA0-AE27-1CA21091156A}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{E8E41CCA-5BBB-47AE-83FD-47EABAE74BA4}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{EB9B4129-B469-4180-B8F5-9A5A990F5795}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\dldttime.exe |
"{F2B1D0D1-BC1C-441A-ABD9-5F769A8DE70C}" = protocol=17 | dir=in | app=c:\windows\system32\dldtcoms.exe |
"{F68EA690-7F12-4798-B5A0-36B769FF3F16}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\dell\advanced networking service\hnm_svc.exe |
"TCP Query User{45063BEF-43F4-4DDB-BBF7-4A8509C66B61}F:\bin\mobikey.exe" = protocol=6 | dir=in | app=f:\bin\mobikey.exe |
"TCP Query User{5F12C30A-6DF0-4175-B08B-E5A2A8D136D1}C:\program files (x86)\dell v305\dldtlscn.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dell v305\dldtlscn.exe |
"TCP Query User{632C803F-6772-4D93-B9ED-2DEC7EB14C2F}C:\windows\system32\spool\drivers\x64\3\dldtpswx.exe" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\dldtpswx.exe |
"TCP Query User{A0580293-2141-44CF-96F8-0206922D540B}C:\program files (x86)\dell v305\dldtmon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dell v305\dldtmon.exe |
"UDP Query User{5726580D-B843-4C89-AC90-E4E98E921015}C:\program files (x86)\dell v305\dldtlscn.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dell v305\dldtlscn.exe |
"UDP Query User{C78C73D8-8F2C-4ADD-A223-71C60B7763B8}F:\bin\mobikey.exe" = protocol=17 | dir=in | app=f:\bin\mobikey.exe |
"UDP Query User{CB6B666E-3580-4FA6-A4AB-7EE40FDC32E6}C:\program files (x86)\dell v305\dldtmon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dell v305\dldtmon.exe |
"UDP Query User{E3BC7479-69F2-4DA2-B68D-ED233A8326C8}C:\windows\system32\spool\drivers\x64\3\dldtpswx.exe" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\dldtpswx.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1FB31F44-D4D0-4D76-944A-A1A5D79FD321}" = Windows Live Family Safety
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{26A24AE4-039D-4CA4-87B4-2F86416013FF}" = Java™ 6 Update 13 (64-bit)
"{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client
"{4FD80311-508F-42C3-A004-4CC8D08231F5}" = AVG 2013
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 2.052
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{AD27BE4B-A261-4F0A-AB5A-476C83EDAED2}" = AVG 2013
"{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}_is1" = Updater By SweetPacks 2.0.0.566
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"AVG" = AVG 2013
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"Dell V305" = Dell V305
"HDMI" = Intel® Graphics Media Accelerator Driver
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"MyPC Backup" = MyPC Backup

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{053C30EA-D4C6-47A0-8537-8D231D9BE873}" = DELL0703
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{095B1DCF-5E8B-47EC-9B18-481918A731DB}" = Microsoft Default Manager
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{1798D459-6B8B-474B-868D-1229EADA3B95}" = Adobe AIR
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FECF5F8-8E75-432C-9FF7-1C04F1956B54}" = Realtek Ethernet Network Card Diagnostic tool for Windows Vista
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 29
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{47A4BB2E-559C-4991-80FD-B04694809D12}" = PDF Suite 2010
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{80F3F10B-A177-4494-93CE-98090D819093}" = Internet Explorer Toolbar 4.7 by SweetPacks
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{903679E8-44C8-4C07-9600-05C92654FC50}" = QualXServ Service Agreement
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}" = Software Version Updater
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A2E5F2AA-2996-41EA-BCCD-9FD0476A5326}" = TWC Customer Controls
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B935C985-A17F-484B-8470-09E4FC27DC26}" = Dell-eBay
"{B9D71BE6-7226-4BA3-AB0D-09CCB27B6A9F}" = QUAD Driver Fix
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EBE677C0-CBCB-4EBF-8098-E27E1B5271CF}" = VAFPlayer
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F66A31D9-7831-4FBA-BA02-C411C0047CC5}" = Dell Remote Access
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"DefaultTab" = DefaultTab
"Dell Video Chat" = Dell Video Chat
"Dogpile Bundle Toolbar" = Dogpile Bundle Toolbar
"DomaIQ Uninstaller" = DomaIQ
"Driver Pro_is1" = Driver Pro v3.0
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"GoToAssist" = GoToAssist 8.0.0.514
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"MP3 Rocket" = MP3 Rocket
"MyFunCards_5mbar Uninstall" = MyFunCards Toolbar
"Optimizer Pro_is1" = Optimizer Pro v3.0
"SearchProtect" = Search Protect by conduit
"Supreme Savings" = Supreme Savings
"The Weather Channel Desktop 6" = The Weather Channel Desktop 6
"Vivitar Experience Image Manager" = Vivitar Experience Image Manager
"WhiteSmoke_New Toolbar" = WhiteSmoke New Toolbar
"WildTangent dell Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = Roblox for dianne
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 5/31/2013 2:27:46 PM | Computer Name = dianne-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/31/2013 2:28:41 PM | Computer Name = dianne-PC | Source = Application Error | ID = 1000
Description = Faulting application ctfmon.exe, version 6.0.6000.16386, time stamp
0x4549ae86, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x74d7a57d, process id 0x83c, application start time
0x01ce5e2ca8ea2056.

Error - 5/31/2013 2:29:03 PM | Computer Name = dianne-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module mshtml.dll, version 9.0.8112.16484, time stamp 0x5186b207,
exception code 0xc00002b4, fault offset 0x00414f38, process id 0xc34, application
start time 0x01ce5e2ca0af7f76.

Error - 5/31/2013 2:29:12 PM | Computer Name = dianne-PC | Source = Application Error | ID = 1000
Description = Faulting application spoolsv.exe, version 5.4.3.1, time stamp 0x51a8c7c5,
faulting module spoolsv.exe, version 5.4.3.1, time stamp 0x51a8c7c5, exception
code 0xc0000005, fault offset 0x000085c2, process id 0x1370, application start time
0x01ce5e2cbdb7c786.

Error - 5/31/2013 2:29:34 PM | Computer Name = dianne-PC | Source = Application Error | ID = 1000
Description = Faulting application dsc.exe, version 7.0.1710.0, time stamp 0x49ddb200,
faulting module ieframe.dll, version 9.0.8112.16483, time stamp 0x515df9fa, exception
code 0xc0000005, fault offset 0x000fccd8, process id 0x1198, application start time
0x01ce5e2cc72cdc66.

Error - 5/31/2013 2:52:42 PM | Computer Name = dianne-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/31/2013 2:54:04 PM | Computer Name = dianne-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module mshtml.dll, version 9.0.8112.16484, time stamp 0x5186b207,
exception code 0xc00002b4, fault offset 0x00414f38, process id 0xd9c, application
start time 0x01ce5e301e05b804.

Error - 5/31/2013 3:00:03 PM | Computer Name = dianne-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module mshtml.dll, version 9.0.8112.16484, time stamp 0x5186b207,
exception code 0xc00002b4, fault offset 0x00414f38, process id 0x14fc, application
start time 0x01ce5e30a01a744c.

Error - 5/31/2013 3:07:00 PM | Computer Name = dianne-PC | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module mshtml.dll, version 9.0.8112.16484, time stamp 0x5186b207,
exception code 0xc00002b4, fault offset 0x00414f38, process id 0x12d4, application
start time 0x01ce5e3199bd779c.

Error - 5/31/2013 3:34:55 PM | Computer Name = dianne-PC | Source = Application Error | ID = 1000
Description = Faulting application DefaultTabSearch.exe, version 0.0.0.0, time stamp
0x511246e7, faulting module DefaultTabSearch.exe, version 0.0.0.0, time stamp 0x511246e7,
exception code 0xc0000005, fault offset 0x00002c60, process id 0x850, application
start time 0x01ce5e35eca92088.

Error - 5/31/2013 3:35:34 PM | Computer Name = dianne-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 5/2/2013 7:39:28 PM | Computer Name = dianne-PC | Source = Service Control Manager | ID = 7024
Description =

Error - 5/2/2013 7:39:28 PM | Computer Name = dianne-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 5/2/2013 7:39:28 PM | Computer Name = dianne-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 5/2/2013 7:39:28 PM | Computer Name = dianne-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 5/2/2013 7:39:29 PM | Computer Name = dianne-PC | Source = Service Control Manager | ID = 7038
Description =

Error - 5/2/2013 7:39:29 PM | Computer Name = dianne-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 5/2/2013 7:39:29 PM | Computer Name = dianne-PC | Source = Service Control Manager | ID = 7038
Description =

Error - 5/2/2013 7:39:29 PM | Computer Name = dianne-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 5/2/2013 7:40:01 PM | Computer Name = dianne-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 5/2/2013 7:40:09 PM | Computer Name = dianne-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842

< End of report >

#2
JSntgRvr

Posted 02 June 2013 - 06:18 PM

Global Moderator

Global Moderator
11,579 posts

Post the OTL.txt log

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

#3
jtroop

Posted 03 June 2013 - 03:23 PM

Member

Topic Starter
Member
70 posts

Thank you for your assistance JSntgRvr. I just came from my mother's place. Now you can't go into the other user name. It is just a white screen. I tried to boot into safe mode but it won't stay in safe mode. It reboots out of safe mode. Any ideas?

Edited by jtroop, 03 June 2013 - 06:06 PM.

#4
JSntgRvr

Posted 03 June 2013 - 06:36 PM

Global Moderator

Global Moderator
11,579 posts

The OTL log you posted is the Extra log. The main OTL log (OTL.txt) still in the computer and it will help if I see it.

Lets try this scanner. You will need a USB flashdrive and a working computer to communicate with us with the results.

Please download Farbar Recovery Scan Tool and save it to a flash drive.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Plug the flash drive into the infected PC.

If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

If you are using Vista or Windows 7 enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.
Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.
To make a repair disk on Windows 7 consult: http://www.sevenforu...isc-create.html

To enter System Recovery Options by using Windows installation disc:
Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
Select Command Prompt

Once in the Command Prompt:
In the command window type in notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

#5
jtroop

Posted 03 June 2013 - 07:58 PM

Member

Topic Starter
Member
70 posts

Okay, when I get home from work tomorrow, I will stop by her place and do this. Thanks again!

#6
jtroop

Posted 04 June 2013 - 05:46 PM

Member

Topic Starter
Member
70 posts

Okay JSntgRvr (Do you go RVing btw?) I have the main OTL log (OTL.txt) and the FRST log.

I'll post the main OTL log (OTL.txt) here and then the FRST log in a subsequent post.

Main OTL log.txt:

OTL logfile created on: 5/2/2013 7:51:15 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dianeslife.dianne-PC.000\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.97 Gb Total Physical Memory | 1.89 Gb Available Physical Memory | 47.71% Memory free
8.14 Gb Paging File | 5.09 Gb Available in Paging File | 62.51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 683.58 Gb Total Space | 525.09 Gb Free Space | 76.81% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 0.02 Gb Free Space | 0.11% Space Free | Partition Type: NTFS
Drive E: | 48.38 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: DIANNE-PC | User Name: dianne | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/05/08 02:18:34 | 002,852,640 | ---- | M] (Conduit) -- C:\Users\Dianeslife.dianne-PC.000\AppData\Roaming\SearchProtect\bin\cltmng.exe
PRC - [2013/05/02 19:50:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dianeslife.dianne-PC.000\Downloads\OTL.exe
PRC - [2013/04/30 18:45:16 | 000,813,448 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_202_ActiveX.exe
PRC - [2013/04/19 12:28:14 | 000,107,520 | ---- | M] () -- C:\Users\dianne\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
PRC - [2013/04/16 21:17:26 | 000,042,784 | ---- | M] (Yontoo LLC) -- C:\Users\dianne\AppData\Roaming\Yontoo\YontooDesktop.exe
PRC - [2013/04/16 21:17:26 | 000,023,552 | ---- | M] (Microsoft) -- C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe
PRC - [2013/04/11 10:28:08 | 000,093,984 | ---- | M] (Conduit) -- C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe
PRC - [2013/04/11 10:26:47 | 001,223,344 | ---- | M] (AVG Secure Search) -- C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
PRC - [2013/04/11 10:26:46 | 001,008,816 | ---- | M] (AVG Secure Search) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.1.0\ToolbarUpdater.exe
PRC - [2013/03/13 17:15:00 | 004,394,032 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2013/02/28 13:37:14 | 000,188,760 | ---- | M] () -- C:\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe
PRC - [2013/02/19 04:02:02 | 000,282,624 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2013/02/11 03:42:26 | 000,572,928 | ---- | M] () -- C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe
PRC - [2013/01/22 02:55:07 | 001,292,432 | ---- | M] () -- C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\CrExtP5m.exe
PRC - [2013/01/22 02:55:07 | 000,030,096 | ---- | M] (VER_COMPANY_NAME) -- C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\5mbrmon.exe
PRC - [2012/12/17 14:12:54 | 000,308,368 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2012/11/22 11:29:16 | 003,290,304 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2010/09/28 18:13:24 | 000,791,360 | ---- | M] (Interactive Brands Inc.) -- C:\Program Files (x86)\PDF Suite 2010\ConversionService.exe
PRC - [2010/09/13 09:56:02 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2009/05/21 08:59:14 | 001,025,264 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\gs_agent\dsc.exe
PRC - [2009/05/21 08:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
PRC - [2009/05/21 08:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/04/17 10:17:02 | 000,636,144 | ---- | M] (SoftThinks) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2009/04/13 09:48:12 | 000,828,656 | ---- | M] (Dell Inc.) -- c:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
PRC - [2008/12/18 14:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2007/09/14 14:35:04 | 005,730,304 | ---- | M] () -- C:\Program Files (x86)\Common Files\Dell\MySQL\bin\mysqld.exe

========== Modules (No Company Name) ==========

MOD - [2013/05/02 16:04:53 | 000,013,600 | ---- | M] () -- C:\Users\dianne\AppData\Roaming\Yontoo\dat\Desktop.OS.Plugin.dll
MOD - [2013/05/01 14:18:13 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\3da65115bf9debbf564861f6b123a2e4\System.Configuration.ni.dll
MOD - [2013/05/01 14:13:36 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e9ea3e70247b4aa4a8b260426db3aa6b\System.Windows.Forms.ni.dll
MOD - [2013/05/01 13:34:50 | 003,888,640 | ---- | M] () -- C:\Program Files (x86)\MyPC Backup\MPCBIconOverlays.dll
MOD - [2013/04/11 10:26:47 | 000,158,384 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.1.0\SiteSafety.dll
MOD - [2013/01/22 02:55:07 | 001,292,432 | ---- | M] () -- C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\CrExtP5m.exe
MOD - [2013/01/22 02:55:07 | 000,080,536 | ---- | M] () -- C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\T8EXTPEX.DLL
MOD - [2013/01/22 02:55:07 | 000,071,952 | ---- | M] () -- C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\T8EXTEX.DLL
MOD - [2013/01/22 02:55:06 | 001,187,472 | ---- | M] () -- C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\CREXT.DLL
MOD - [2013/01/09 04:31:28 | 000,627,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\36dc923935a96557c81daa014e7e2ba8\System.EnterpriseServices.ni.dll
MOD - [2013/01/09 04:31:27 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\d995a0e7d64a874cddea6294caaa2539\System.Transactions.ni.dll
MOD - [2013/01/09 04:31:11 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b757806657fa5db2b1ed1a89b026b463\System.Xml.ni.dll
MOD - [2013/01/09 04:30:52 | 001,593,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll
MOD - [2013/01/09 04:30:43 | 006,621,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\0f5a23bb73681b6388daccd8e250ba66\System.Data.ni.dll
MOD - [2013/01/09 04:30:09 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll
MOD - [2013/01/09 04:30:05 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll
MOD - [2012/10/05 06:59:03 | 003,194,880 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2011/12/26 22:51:23 | 005,251,072 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
MOD - [2011/10/25 03:36:14 | 001,609,728 | ---- | M] () -- C:\Users\Dianeslife.dianne-PC.000\AppData\LocalLow\FCTB000060231\Toolbar\Toolbar.dll
MOD - [2011/10/25 03:36:14 | 001,609,728 | ---- | M] () -- C:\Program Files (x86)\Dogpile Bundle Toolbar\Toolbar.dll
MOD - [2010/04/18 09:58:58 | 000,904,704 | ---- | M] () -- C:\Program Files (x86)\MyPC Backup\x86\System.Data.SQLite.dll
MOD - [2009/03/30 00:42:20 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2009/03/30 00:42:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009/03/30 00:42:19 | 000,114,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
MOD - [2009/03/30 00:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2009/03/30 00:42:17 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll

========== Services (SafeList) ==========

SRV:64bit: - [2013/02/28 13:37:14 | 000,188,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe -- (Updater By SweetPacks)
SRV:64bit: - [2012/07/11 14:54:58 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2011/04/27 16:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011/04/27 16:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/07/09 19:48:34 | 001,044,648 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\dldtcoms.exe -- (dldt_device)
SRV:64bit: - [2009/07/09 19:48:28 | 000,033,448 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\dldtserv.exe -- (dldtCATSCustConnectService)
SRV:64bit: - [2008/12/18 14:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2008/07/18 08:42:16 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2008/01/20 22:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/05/01 13:34:12 | 000,032,808 | ---- | M] (Just Develop It) [Auto | Running] -- C:\Program Files (x86)\MyPC Backup\BackupStack.exe -- (BackupStack)
SRV - [2013/04/30 18:45:18 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/04/19 12:28:14 | 000,107,520 | ---- | M] () [Auto | Running] -- C:\Users\dianne\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe -- (DefaultTabUpdate)
SRV - [2013/04/11 10:28:08 | 000,093,984 | ---- | M] (Conduit) [Auto | Running] -- C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe -- (CltMngSvc)
SRV - [2013/04/11 10:26:46 | 001,008,816 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.1.0\ToolbarUpdater.exe -- (vToolbarUpdater15.1.0)
SRV - [2013/02/27 23:42:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/02/19 04:02:02 | 001,418,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2013\avgfws.exe -- (avgfws)
SRV - [2013/02/19 04:02:02 | 000,282,624 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013/02/11 03:42:26 | 000,572,928 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe -- (DefaultTabSearch)
SRV - [2012/11/22 11:29:16 | 003,290,304 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/07/13 14:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010/09/28 18:13:24 | 000,791,360 | ---- | M] (Interactive Brands Inc.) [Auto | Running] -- C:\Program Files (x86)\PDF Suite 2010\ConversionService.exe -- (PDF Suite 2010 Service)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/24 16:42:56 | 000,386,424 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2009/08/11 23:25:12 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/07/09 19:48:28 | 000,033,448 | ---- | M] () [Auto | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\\dldtserv.exe -- (dldtCATSCustConnectService)
SRV - [2009/05/21 08:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter)
SRV - [2009/04/17 10:17:02 | 000,636,144 | ---- | M] (SoftThinks) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2009/04/13 09:48:12 | 000,828,656 | ---- | M] (Dell Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe -- (hnmsvc)
SRV - [2009/04/13 09:48:10 | 000,189,680 | ---- | M] (SingleClick Systems) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe -- (dsl-fs-sync)
SRV - [2009/03/30 00:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/11/03 19:15:32 | 000,242,424 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/02/25 12:38:12 | 000,595,184 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\dldtcoms.exe -- (dldt_device)
SRV - [2007/09/21 14:26:34 | 000,015,872 | ---- | M] (Apache Software Foundation) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Dell\apache\bin\httpd.exe -- (Apache2.2)
SRV - [2007/09/14 14:35:04 | 005,730,304 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\Dell\MySQL\bin\mysqld.exe -- (dsl-db)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/04/11 10:26:47 | 000,040,736 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2013/02/26 23:40:46 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2013/02/14 03:52:46 | 000,239,416 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2013/02/08 04:37:56 | 000,116,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2013/02/08 04:37:54 | 000,311,096 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgloga.sys -- (Avgloga)
DRV:64bit: - [2013/02/08 04:37:50 | 000,071,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2013/02/08 04:37:42 | 000,206,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2013/02/08 04:37:40 | 000,045,880 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2012/09/04 10:39:32 | 000,050,296 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgfwd6a.sys -- (Avgfwfd)
DRV:64bit: - [2012/02/29 09:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/07/22 12:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/04/27 14:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2010/09/22 23:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/08/25 19:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/09/30 20:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/02/23 05:47:04 | 000,126,464 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV:64bit: - [2008/07/21 07:18:30 | 000,026,624 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\RtNdPt60.sys -- (RtNdPt60)
DRV:64bit: - [2008/07/15 08:14:10 | 000,395,288 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor)
DRV:64bit: - [2008/07/10 07:28:50 | 000,170,496 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/06/18 17:48:54 | 000,029,184 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\packet.sys -- (Packet)
DRV:64bit: - [2008/01/20 22:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express)
DRV:64bit: - [2007/11/14 03:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2007/04/03 10:30:14 | 001,418,112 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\Ph3xIB64.sys -- (Ph3xIB64)
DRV:64bit: - [2006/11/02 03:48:50 | 002,488,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
DRV - [2008/06/17 12:01:06 | 000,022,016 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\packet.sys -- (Packet)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.sweetpa...F-0021705D770C}
IE - HKLM\..\URLSearchHook: {739df940-c5ee-4bab-9d7e-270894ae687a} - C:\Program Files (x86)\WhiteSmoke_New\prxtbWhit.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyn1.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{acbd5593-e5ee-4c15-b48f-1823ce819dec}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2438727
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://start.sweetpa...F-0021705D770C}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE9HP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://xfinity.comca...insDate11132012
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {739df940-c5ee-4bab-9d7e-270894ae687a} - C:\Program Files (x86)\WhiteSmoke_New\prxtbWhit.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyn1.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKCU\..\URLSearchHook: {f4c28532-b9d0-4950-a2df-e83f9929242b} - No CLSID value found
IE - HKCU\..\URLSearchHook: {f78bf7a8-cf12-4de7-a6da-c463d1b539a7} - C:\Program Files (x86)\Dogpile Bundle Toolbar\Helper.dll ()
IE - HKCU\..\SearchScopes,DefaultScope = {E65EABE4-E694-4222-8333-E9ABBE5AB189}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...apn_dtid=OSJ000
IE - HKCU\..\SearchScopes\{180780f0-b348-4b44-8210-94a8f3ee15b2}: "URL" = http://search.comcas...q={searchTerms}
IE - HKCU\..\SearchScopes\{1DC242E9-1AB7-4413-8EE9-8A0005BCEC7C}: "URL" = http://search.avg.co...}&iy=b&ychte=us
IE - HKCU\..\SearchScopes\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}: "URL" = http://search.alot.c...n=2.5.15000.521
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7ADFA_enUS361
IE - HKCU\..\SearchScopes\{acbd5593-e5ee-4c15-b48f-1823ce819dec}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKCU\..\SearchScopes\{B2CF385E-4E62-4BDA-A734-DBE9B5C2EB30}: "URL" = http://search.condui...q={searchTerms}
IE - HKCU\..\SearchScopes\{C34CE811-7235-4423-B317-2940DF564B8E}: "URL" = http://ws.infospace....r?_iceUrl=true user_id=%userid&tool_id=60231&qkw={searchTerms}
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\..\SearchScopes\{E65EABE4-E694-4222-8333-E9ABBE5AB189}: "URL" = http://search.condui...3829527319&UM=2
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://start.sweetpa...F-0021705D770C}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.1.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@MyFunCards_5m.com/Plugin: C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\NP5mStub.dll (MindSpark)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\npEpicPlayDisplayHost: C:\Program Files (x86)\EpicPlay\npEpicHost.dll ( )
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Users\dianne\AppData\Local\Roblox\Versions\version-09a201d8e5f247c7\\NPRobloxProxy.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\dianne\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\dianne\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}: C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX [2013/04/30 17:42:10 | 000,000,000 | ---D | M]

[2011/02/27 23:36:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\dianne\AppData\Roaming\Mozilla\Extensions

========== Chrome ==========

CHR - Extension: No name found = C:\Users\dianne\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjkpcnacdgdlpfejlgflolpaigoicibh\1_0\
CHR - Extension: No name found = C:\Users\dianne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.19_0\
CHR - Extension: No name found = C:\Users\dianne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.15.2.23_0\
CHR - Extension: No name found = C:\Users\dianne\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.4.0.11328_0\
CHR - Extension: No name found = C:\Users\dianne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\15.1.1.2_0\
CHR - Extension: No name found = C:\Users\dianne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.3.0.3_0\
CHR - Extension: No name found = C:\Users\dianne\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjkpcnacdgdlpfejlgflolpaigoicibh\1_0\
CHR - Extension: No name found = C:\Users\dianne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.19_0\
CHR - Extension: No name found = C:\Users\dianne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi\10.15.2.23_0\
CHR - Extension: No name found = C:\Users\dianne\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.4.0.11328_0\
CHR - Extension: No name found = C:\Users\dianne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\15.1.1.2_0\
CHR - Extension: No name found = C:\Users\dianne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.3.0.3_0\

O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Updater By SweetPacks) - {C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} - C:\Program Files\Updater By SweetPacks\Extension64.dll File not found
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (Supreme Savings) - {11111111-1111-1111-1111-110111991162} - C:\Program Files (x86)\Supreme Savings\Supreme Savings.dll (Innovative Apps)
O2 - BHO: (PDF Suite Helper) - {1AD61D5B-58A3-4592-9B34-DC84688FF805} - C:\Program Files (x86)\PDF Suite 2010\PDFIEHelper.dll (Interactive Brands Inc.)
O2 - BHO: (WhiteSmoke New Toolbar) - {739df940-c5ee-4bab-9d7e-270894ae687a} - C:\Program Files (x86)\WhiteSmoke_New\prxtbWhit.dll (Conduit Ltd.)
O2 - BHO: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyn1.dll (Conduit Ltd.)
O2 - BHO: (DefaultTab Browser Helper) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\dianne\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.)
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Dogpile Bundle Toolbar BHO) - {BFE4B5CB-63F7-4A51-9266-6167655D5B4F} - C:\Program Files (x86)\Dogpile Bundle Toolbar\Toolbar.dll ()
O2 - BHO: (Search Assistant BHO) - {c4b22c87-45ef-4f43-89f2-40db2078864e} - C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\5mSrcAs.dll (MindSpark)
O2 - BHO: (Toolbar BHO) - {da71fd14-5f7b-46ae-b8b1-44074a38f331} - C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\5mbar.dll (MindSpark)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (MyFunCards) - {210f1b36-3b7f-41a4-b5da-3eb87f5a56c2} - C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\5mbar.dll (MindSpark)
O3 - HKLM\..\Toolbar: (PDF Suite Toolbar) - {261F6A8B-7AAF-4BF5-8552-6610F4D67819} - C:\Program Files (x86)\PDF Suite 2010\PDFIEPlugin.dll (Interactive Brands Inc.)
O3 - HKLM\..\Toolbar: (WhiteSmoke New Toolbar) - {739df940-c5ee-4bab-9d7e-270894ae687a} - C:\Program Files (x86)\WhiteSmoke_New\prxtbWhit.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files (x86)\Zynga\tbZyn1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Dogpile Bundle Toolbar) - {C80BDEB2-8735-44C6-BD55-A1CCD555667A} - C:\Program Files (x86)\Dogpile Bundle Toolbar\Toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (MyFunCards) - {210F1B36-3B7F-41A4-B5DA-3EB87F5A56C2} - C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\5mbar.dll (MindSpark)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (WhiteSmoke New Toolbar) - {739DF940-C5EE-4BAB-9D7E-270894AE687A} - C:\Program Files (x86)\WhiteSmoke_New\prxtbWhit.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Zynga Toolbar) - {7B13EC3E-999A-4B70-B9CB-2617B8323822} - C:\Program Files (x86)\Zynga\tbZyn1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Dogpile Bundle Toolbar) - {C80BDEB2-8735-44C6-BD55-A1CCD555667A} - C:\Program Files (x86)\Dogpile Bundle Toolbar\Toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [MyFunCards Search Scope Monitor] C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\5mSrchMn.exe (MindSpark)
O4 - HKLM..\Run: [MyFunCards_5m Browser Plugin Loader] C:\Program Files (x86)\MyFunCards_5m\bar\1.bin\5mbrmon.exe (VER_COMPANY_NAME)
O4 - HKLM..\Run: [SearchProtectAll] C:\Program Files (x86)\SearchProtect\bin\cltmng.exe (Conduit)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe (AVG Secure Search)
O4 - HKCU..\Run: [Driver Pro] C:\Program Files (x86)\Driver Pro\DPLauncher.exe (PC Utilities Pro)
O4 - HKCU..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe (PC Utilities Pro)
O4 - HKCU..\Run: [SearchProtect] C:\Users\dianne\AppData\Roaming\SearchProtect\bin\cltmng.exe (Conduit)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - HKCU..\Run: [Yontoo Desktop] C:\Users\dianne\AppData\Roaming\Yontoo\YontooDesktop.exe (Yontoo LLC)
O4 - Startup: C:\Users\dianne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk = C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
O4 - Startup: C:\Users\dianne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Windows\SysNative\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9592D7CB-CDCE-4358-BC20-5FC63CC64C0D}: DhcpNameServer = 75.75.76.76 75.75.75.75
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.1.0\ViProtocol.dll (AVG Secure Search)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\Users\dianne\AppData\Roaming\skype.dat) - C:\Users\dianne\AppData\Roaming\skype.dat (Intex Software LTD)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\1600x1200_blue.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\1600x1200_blue.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/04/30 17:01:00 | 000,000,053 | -HS- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O32 - AutoRun File - [2009/05/03 12:46:04 | 000,000,101 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{17e7704a-86ca-11de-aaae-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{17e7704a-86ca-11de-aaae-806e6f6e6963}\Shell\AutoRun\command - "" = E:\vivitar\runsetup.exe -- [2009/05/05 12:44:06 | 000,067,656 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/05/31 11:36:31 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2013/05/27 04:20:49 | 000,000,000 | ---D | C] -- C:\Users\dianne\AppData\Local\Tuguu SL
[2013/05/25 03:39:53 | 000,000,000 | ---D | C] -- C:\Users\dianne\AppData\Roaming\DealPly
[2013/05/25 03:39:36 | 000,000,000 | ---D | C] -- C:\Users\dianne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly
[2013/05/25 03:39:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DealPly
[2013/05/25 03:32:18 | 000,000,000 | ---D | C] -- C:\Users\dianne\AppData\Roaming\Iminent
[2013/05/25 03:31:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Iminent
[2013/05/25 03:31:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Iminent
[2013/05/25 03:28:28 | 000,000,000 | ---D | C] -- C:\Program Files\Uninstaller
[2013/05/25 03:26:48 | 000,000,000 | ---D | C] -- C:\Users\dianne\AppData\Local\Smartbar
[2013/05/25 03:24:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vafmusic2
[2013/05/25 03:23:17 | 000,000,000 | ---D | C] -- C:\Users\dianne\AppData\Roaming\Uniblue
[2013/05/25 03:23:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Uniblue
[2013/05/25 03:22:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SingAlong
[2013/05/25 03:22:45 | 000,000,000 | ---D | C] -- C:\Users\dianne\AppData\Local\DownloadTerms
[2013/05/23 04:34:59 | 000,000,000 | ---D | C] -- C:\Users\dianne\AppData\Local\Systweak
[2013/05/22 22:46:18 | 000,000,000 | ---D | C] -- C:\Users\dianne\AppData\Local\IAC
[2013/05/15 02:31:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShopAtHome.com Toolbar
[2013/05/15 02:31:11 | 000,000,000 | ---D | C] -- C:\Users\dianne\AppData\Roaming\ShopAtHome
[2013/05/02 18:53:35 | 000,079,360 | ---- | C] (TrueCrypt Foundation) -- C:\java820740.exe
[2013/05/02 18:53:33 | 000,155,648 | ---- | C] (Handy-Software INC.) -- C:\winlogon236697.exe
[2013/05/02 17:55:54 | 000,079,360 | ---- | C] (TrueCrypt Foundation) -- C:\mstsc390328.exe
[2013/05/02 17:55:51 | 000,155,648 | ---- | C] (Handy-Software INC.) -- C:\mstsc722955.exe
[2013/05/02 17:18:37 | 000,079,360 | ---- | C] (TrueCrypt Foundation) -- C:\skype738441.exe
[2013/05/02 17:18:35 | 000,155,648 | ---- | C] (Handy-Software INC.) -- C:\notepad966801.exe
[2013/05/02 16:08:50 | 000,079,360 | ---- | C] (TrueCrypt Foundation) -- C:\icq522403.exe
[2013/05/02 16:08:47 | 000,104,448 | ---- | C] (TrueCrypt Foundation) -- C:\conhost535073.exe
[2013/05/02 13:15:25 | 000,095,744 | ---- | C] (Mail.Ru) -- C:\teamviewer480281.exe
[2013/05/02 13:15:11 | 000,119,808 | ---- | C] (Mail.Ru) -- C:\rundll32607652.exe
[2013/05/02 12:49:59 | 000,095,744 | ---- | C] (Mail.Ru) -- C:\csrss98300.exe
[2013/05/02 12:49:56 | 000,155,648 | ---- | C] (Handy-Software INC.) -- C:\csrss695435.exe
[2013/05/02 12:43:24 | 000,095,744 | ---- | C] (Mail.Ru) -- C:\jqs7223.exe
[2013/05/02 12:43:21 | 000,155,648 | ---- | C] (Handy-Software INC.) -- C:\winlogon705216.exe
[2013/05/01 19:41:14 | 000,095,744 | ---- | C] (Mail.Ru) -- C:\mstsc462903.exe
[2013/05/01 19:41:02 | 000,119,808 | ---- | C] (Mail.Ru) -- C:\java268285.exe
[2013/05/01 19:20:02 | 000,095,744 | ---- | C] (Mail.Ru) -- C:\teamviewer626029.exe
[2013/05/01 19:19:52 | 000,119,808 | ---- | C] (Mail.Ru) -- C:\vlcplayer208848.exe
[2013/05/01 19:13:07 | 000,095,744 | ---- | C] (Mail.Ru) -- C:\chrome547035.exe
[2013/05/01 19:12:57 | 000,119,808 | ---- | C] (Mail.Ru) -- C:\firefox706601.exe
[2013/05/01 18:59:01 | 000,095,744 | ---- | C] (Mail.Ru) -- C:\acrobat251295.exe
[2013/05/01 18:58:57 | 000,172,032 | ---- | C] (Intex Software LTD) -- C:\notepad280593.exe
[2013/05/01 18:21:28 | 000,095,744 | ---- | C] (Mail.Ru) -- C:\icq915640.exe
[2013/05/01 18:21:19 | 000,172,032 | ---- | C] (Intex Software LTD) -- C:\alg284328.exe
[2013/05/01 18:11:58 | 000,095,744 | ---- | C] (Mail.Ru) -- C:\msconfig649286.exe
[2013/05/01 18:11:55 | 000,172,032 | ---- | C] (Intex Software LTD) -- C:\mstsc532398.exe
[2013/05/01 18:01:13 | 000,095,744 | ---- | C] (Mail.Ru) -- C:\windowsupdate589892.exe
[2013/05/01 18:01:11 | 000,172,032 | ---- | C] (Intex Software LTD) -- C:\jucheck234924.exe
[2013/05/01 17:57:38 | 000,095,744 | ---- | C] (Mail.Ru) -- C:\rundll3266645.exe
[2013/05/01 17:57:35 | 000,172,032 | ---- | C] (Intex Software LTD) -- C:\acrobat823773.exe
[2013/05/01 17:54:18 | 000,095,744 | ---- | C] (Mail.Ru) -- C:\csrss725318.exe
[2013/05/01 17:54:14 | 000,172,032 | ---- | C] (Intex Software LTD) -- C:\msconfig468186.exe
[2013/05/01 17:50:48 | 000,095,744 | ---- | C] (Mail.Ru) -- C:\chrome202760.exe
[2013/05/01 17:50:45 | 000,172,032 | ---- | C] (Intex Software LTD) -- C:\acrobatreader521175.exe
[2013/05/01 17:14:36 | 000,095,744 | ---- | C] (Mail.Ru) -- C:\skype310143.exe
[2013/05/01 17:14:26 | 000,119,808 | ---- | C] (Mail.Ru) -- C:\acrobat388158.exe
[2013/05/01 17:03:53 | 000,095,744 | ---- | C] (Mail.Ru) -- C:\ctfmon347821.exe
[2013/05/01 17:03:42 | 000,119,808 | ---- | C] (Mail.Ru) -- C:\vlcplayer785269.exe
[2013/05/01 16:15:34 | 000,095,744 | ---- | C] (Mail.Ru) -- C:\conhost27040.exe
[2013/05/01 16:15:31 | 000,172,032 | ---- | C] (Intex Software LTD) -- C:\flashplayer775734.exe
[2013/05/01 16:12:06 | 000,095,744 | ---- | C] (Mail.Ru) -- C:\mstsc926033.exe
[2013/05/01 16:12:04 | 000,172,032 | ---- | C] (Intex Software LTD) -- C:\conhost23376.exe
[2013/05/01 15:44:08 | 000,095,744 | ---- | C] (Mail.Ru) -- C:\conhost688135.exe
[2013/05/01 15:44:05 | 000,172,032 | ---- | C] (Intex Software LTD) -- C:\googleupdate646327.exe
[2013/05/01 15:37:20 | 000,095,744 | ---- | C] (Mail.Ru) -- C:\jqs526995.exe
[2013/05/01 15:37:09 | 000,119,808 | ---- | C] (Mail.Ru) -- C:\teamviewer.exe
[2013/05/01 15:16:42 | 000,095,744 | ---- | C] (Mail.Ru) -- C:\flashplayer.exe
[2013/05/01 15:16:29 | 000,119,808 | ---- | C] (Mail.Ru) -- C:\icq.exe
[2013/05/01 15:06:02 | 000,095,744 | ---- | C] (Mail.Ru) -- C:\acrobatreader.exe
[2013/05/01 15:05:52 | 000,119,808 | ---- | C] (Mail.Ru) -- C:\jucheck.exe
[2013/05/01 14:44:56 | 000,172,032 | ---- | C] (Intex Software LTD) -- C:\alg.exe
[2013/05/01 13:43:49 | 000,172,032 | ---- | C] (Intex Software LTD) -- C:\acrobat.exe
[2013/05/01 13:40:09 | 000,172,032 | ---- | C] (Intex Software LTD) -- C:\mstsc.exe
[2013/04/30 17:50:23 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2013/04/30 08:13:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Coupon Savings
[2013/04/28 09:27:42 | 000,000,000 | ---D | C] -- C:\Users\dianne\AppData\Local\SweetIM
[2013/04/19 15:04:42 | 000,000,000 | ---D | C] -- C:\Users\dianne\AppData\Local\MyFunCards_5m
[2013/04/19 12:36:59 | 000,000,000 | ---D | C] -- C:\Users\dianne\AppData\Local\SwvUpdater
[2013/04/19 12:36:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WhiteSmoke_New
[2013/04/19 12:35:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect
[2013/04/19 12:35:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Pro
[2013/04/19 12:35:20 | 000,000,000 | ---D | C] -- C:\Users\dianne\AppData\Roaming\Driver Pro
[2013/04/19 12:35:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Driver Pro
[2013/04/19 12:35:10 | 000,000,000 | ---D | C] -- C:\Users\dianne\AppData\Roaming\SearchProtect
[2013/04/19 12:35:04 | 000,000,000 | ---D | C] -- C:\Users\dianne\AppData\Local\CRE
[2013/04/19 12:34:43 | 000,000,000 | ---D | C] -- C:\Program Files\DomaIQ Uninstaller
[2013/04/19 12:34:36 | 000,000,000 | ---D | C] -- C:\Users\dianne\AppData\Roaming\Yontoo
[2013/04/19 12:34:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yontoo
[2013/04/19 12:34:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2013/04/19 12:33:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAFPlayer
[2013/04/19 12:33:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tuguu SL
[2013/04/19 12:33:38 | 000,000,000 | ---D | C] -- C:\Users\dianne\AppData\Roaming\player
[2013/04/19 12:29:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SweetIM
[2013/04/19 12:29:25 | 000,000,000 | ---D | C] -- C:\Program Files\Updater By SweetPacks
[2013/04/19 12:28:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DefaultTab
[2013/04/19 12:28:22 | 000,000,000 | ---D | C] -- C:\Users\dianne\AppData\Roaming\Optimizer Pro
[2013/04/19 12:28:17 | 000,000,000 | ---D | C] -- C:\Users\dianne\AppData\Local\Supreme Savings
[2013/04/19 12:28:11 | 000,000,000 | ---D | C] -- C:\Users\dianne\AppData\Roaming\DefaultTab
[2013/04/19 12:28:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro
[2013/04/19 12:27:54 | 000,000,000 | ---D | C] -- C:\Users\dianne\AppData\Local\Updater19962
[2013/04/19 12:27:52 | 000,000,000 | ---D | C] -- C:\Users\dianne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
[2013/04/19 12:27:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Optimizer Pro
[2013/04/19 12:27:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Supreme Savings
[2013/04/11 10:27:03 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\cache
[2013/04/05 08:24:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/01/10 23:18:21 | 000,172,032 | ---- | C] (Intex Software LTD) -- C:\Users\dianne\AppData\Roaming\skype.dat
[2009/08/19 09:41:49 | 008,653,312 | ---- | C] (Dell, Inc. ) -- C:\Users\dianne\AppData\Roaming\DataSafeDotNet.exe
[4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/05/25 03:27:15 | 000,000,009 | ---- | M] () -- C:\END
[2013/05/02 19:45:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/02 19:38:35 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/02 19:38:35 | 000,000,360 | ---- | M] () -- C:\Windows\tasks\AmiUpdXp.job
[2013/05/02 19:38:35 | 000,000,288 | ---- | M] () -- C:\Windows\tasks\RtlNICDiagVistaStart.job
[2013/05/02 19:38:34 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/02 19:38:34 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/02 19:37:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/02 19:32:02 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1424625615-964005803-1290662544-1000UA.job
[2013/05/02 19:22:02 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/02 18:53:43 | 000,118,784 | ---- | M] () -- C:\acrobatreader113091.exe
[2013/05/02 18:53:40 | 000,000,000 | ---- | M] () -- C:\teamviewer297860.exe
[2013/05/02 18:53:39 | 000,000,000 | ---- | M] () -- C:\skype586979.exe
[2013/05/02 18:53:38 | 000,079,360 | ---- | M] (TrueCrypt Foundation) -- C:\java820740.exe
[2013/05/02 18:53:35 | 000,155,648 | ---- | M] (Handy-Software INC.) -- C:\winlogon236697.exe
[2013/05/02 18:32:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1424625615-964005803-1290662544-1000Core.job
[2013/05/02 17:56:01 | 000,118,784 | ---- | M] () -- C:\mstsc683817.exe
[2013/05/02 17:55:58 | 000,000,000 | ---- | M] () -- C:\java318683.exe
[2013/05/02 17:55:57 | 000,079,360 | ---- | M] (TrueCrypt Foundation) -- C:\mstsc390328.exe
[2013/05/02 17:55:57 | 000,000,000 | ---- | M] () -- C:\vlcplayer278752.exe
[2013/05/02 17:55:53 | 000,155,648 | ---- | M] (Handy-Software INC.) -- C:\mstsc722955.exe
[2013/05/02 17:18:44 | 000,118,784 | ---- | M] () -- C:\firefox340557.exe
[2013/05/02 17:18:41 | 000,000,000 | ---- | M] () -- C:\rundll3287063.exe
[2013/05/02 17:18:41 | 000,000,000 | ---- | M] () -- C:\googleupdate680280.exe
[2013/05/02 17:18:40 | 000,079,360 | ---- | M] (TrueCrypt Foundation) -- C:\skype738441.exe
[2013/05/02 17:18:37 | 000,155,648 | ---- | M] (Handy-Software INC.) -- C:\notepad966801.exe
[2013/05/02 16:09:01 | 000,000,732 | ---- | M] () -- C:\Users\dianne\AppData\Local\d3d9caps64.dat
[2013/05/02 16:08:58 | 000,118,784 | ---- | M] () -- C:\icq691933.exe
[2013/05/02 16:08:55 | 000,000,000 | ---- | M] () -- C:\rundll32799679.exe
[2013/05/02 16:08:54 | 000,079,360 | ---- | M] (TrueCrypt Foundation) -- C:\icq522403.exe
[2013/05/02 16:08:54 | 000,000,000 | ---- | M] () -- C:\iexplore538591.exe
[2013/05/02 16:08:50 | 000,104,448 | ---- | M] (TrueCrypt Foundation) -- C:\conhost535073.exe
[2013/05/02 16:04:13 | 000,000,004 | ---- | M] () -- C:\Users\dianne\AppData\Roaming\skype.ini
[2013/05/02 13:19:22 | 590,395,419 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/05/02 13:15:44 | 000,118,784 | ---- | M] () -- C:\vlcplayer7519.exe
[2013/05/02 13:15:36 | 000,000,000 | ---- | M] () -- C:\flashplayer797915.exe
[2013/05/02 13:15:35 | 000,000,000 | ---- | M] () -- C:\opera974205.exe
[2013/05/02 13:15:28 | 000,095,744 | ---- | M] (Mail.Ru) -- C:\teamviewer480281.exe
[2013/05/02 13:15:17 | 000,119,808 | ---- | M] (Mail.Ru) -- C:\rundll32607652.exe
[2013/05/02 12:50:13 | 000,118,784 | ---- | M] () -- C:\chrome720041.exe
[2013/05/02 12:50:10 | 000,000,000 | ---- | M] () -- C:\icq96727.exe
[2013/05/02 12:50:09 | 000,000,000 | ---- | M] () -- C:\icq950829.exe
[2013/05/02 12:50:01 | 000,095,744 | ---- | M] (Mail.Ru) -- C:\csrss98300.exe
[2013/05/02 12:49:58 | 000,155,648 | ---- | M] (Handy-Software INC.) -- C:\csrss695435.exe
[2013/05/02 12:43:39 | 000,118,784 | ---- | M] () -- C:\flashplayer745482.exe
[2013/05/02 12:43:37 | 000,000,000 | ---- | M] () -- C:\winlogon309288.exe
[2013/05/02 12:43:36 | 000,000,000 | ---- | M] () -- C:\csrss896551.exe
[2013/05/02 12:43:27 | 000,095,744 | ---- | M] (Mail.Ru) -- C:\jqs7223.exe
[2013/05/02 12:43:24 | 000,155,648 | ---- | M] (Handy-Software INC.) -- C:\winlogon705216.exe
[2013/05/01 22:43:12 | 000,759,750 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/05/01 22:43:12 | 000,642,736 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/05/01 22:43:12 | 000,119,888 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/05/01 19:41:29 | 000,143,360 | ---- | M] () -- C:\googleupdate93257.exe
[2013/05/01 19:41:26 | 000,000,000 | ---- | M] () -- C:\windowsupdate781629.exe
[2013/05/01 19:41:25 | 000,000,000 | ---- | M] () -- C:\java356293.exe
[2013/05/01 19:41:16 | 000,095,744 | ---- | M] (Mail.Ru) -- C:\mstsc462903.exe
[2013/05/01 19:41:05 | 000,119,808 | ---- | M] (Mail.Ru) -- C:\java268285.exe
[2013/05/01 19:20:17 | 000,143,360 | ---- | M] () -- C:\icq40220.exe
[2013/05/01 19:20:14 | 000,000,000 | ---- | M] () -- C:\jucheck864185.exe
[2013/05/01 19:20:13 | 000,000,000 | ---- | M] () -- C:\mstsc709463.exe
[2013/05/01 19:20:05 | 000,095,744 | ---- | M] (Mail.Ru) -- C:\teamviewer626029.exe
[2013/05/01 19:19:54 | 000,119,808 | ---- | M] (Mail.Ru) -- C:\vlcplayer208848.exe
[2013/05/01 19:13:22 | 000,143,360 | ---- | M] () -- C:\rundll32157950.exe
[2013/05/01 19:13:19 | 000,000,000 | ---- | M] () -- C:\vlcplayer168894.exe
[2013/05/01 19:13:18 | 000,000,000 | ---- | M] () -- C:\icq194577.exe
[2013/05/01 19:13:11 | 000,095,744 | ---- | M] (Mail.Ru) -- C:\chrome547035.exe
[2013/05/01 19:12:59 | 000,119,808 | ---- | M] (Mail.Ru) -- C:\firefox706601.exe
[2013/05/01 18:59:15 | 000,143,360 | ---- | M] () -- C:\iexplore634279.exe
[2013/05/01 18:59:12 | 000,000,000 | ---- | M] () -- C:\jucheck576471.exe
[2013/05/01 18:59:12 | 000,000,000 | ---- | M] () -- C:\jqs626033.exe
[2013/05/01 18:59:03 | 000,095,744 | ---- | M] (Mail.Ru) -- C:\acrobat251295.exe
[2013/05/01 18:59:00 | 000,172,032 | ---- | M] (Intex Software LTD) -- C:\notepad280593.exe
[2013/05/01 18:21:43 | 000,143,360 | ---- | M] () -- C:\alg907765.exe
[2013/05/01 18:21:40 | 000,000,000 | ---- | M] () -- C:\winlogon669745.exe
[2013/05/01 18:21:39 | 000,000,000 | ---- | M] () -- C:\jqs794657.exe
[2013/05/01 18:21:31 | 000,095,744 | ---- | M] (Mail.Ru) -- C:\icq915640.exe
[2013/05/01 18:21:23 | 000,172,032 | ---- | M] (Intex Software LTD) -- C:\alg284328.exe
[2013/05/01 18:12:13 | 000,143,360 | ---- | M] () -- C:\icq901995.exe
[2013/05/01 18:12:10 | 000,000,000 | ---- | M] () -- C:\icq485803.exe
[2013/05/01 18:12:09 | 000,000,000 | ---- | M] () -- C:\windowsupdate365938.exe
[2013/05/01 18:12:02 | 000,095,744 | ---- | M] (Mail.Ru) -- C:\msconfig649286.exe
[2013/05/01 18:11:58 | 000,172,032 | ---- | M] (Intex Software LTD) -- C:\mstsc532398.exe
[2013/05/01 18:01:31 | 000,143,360 | ---- | M] () -- C:\jqs17101.exe
[2013/05/01 18:01:28 | 000,000,000 | ---- | M] () -- C:\windowsupdate96743.exe
[2013/05/01 18:01:27 | 000,000,000 | ---- | M] () -- C:\winlogon661101.exe
[2013/05/01 18:01:16 | 000,095,744 | ---- | M] (Mail.Ru) -- C:\windowsupdate589892.exe
[2013/05/01 18:01:13 | 000,172,032 | ---- | M] (Intex Software LTD) -- C:\jucheck234924.exe
[2013/05/01 17:57:53 | 000,143,360 | ---- | M] () -- C:\firefox213543.exe
[2013/05/01 17:57:50 | 000,000,000 | ---- | M] () -- C:\notepad789161.exe
[2013/05/01 17:57:49 | 000,000,000 | ---- | M] () -- C:\acrobat767709.exe
[2013/05/01 17:57:41 | 000,095,744 | ---- | M] (Mail.Ru) -- C:\rundll3266645.exe
[2013/05/01 17:57:38 | 000,172,032 | ---- | M] (Intex Software LTD) -- C:\acrobat823773.exe
[2013/05/01 17:54:33 | 000,143,360 | ---- | M] () -- C:\alg670382.exe
[2013/05/01 17:54:30 | 000,000,000 | ---- | M] () -- C:\googleupdate12191.exe
[2013/05/01 17:54:29 | 000,000,000 | ---- | M] () -- C:\csrss127999.exe
[2013/05/01 17:54:21 | 000,095,744 | ---- | M] (Mail.Ru) -- C:\csrss725318.exe
[2013/05/01 17:54:17 | 000,172,032 | ---- | M] (Intex Software LTD) -- C:\msconfig468186.exe
[2013/05/01 17:51:03 | 000,143,360 | ---- | M] () -- C:\rundll32489527.exe
[2013/05/01 17:50:59 | 000,000,000 | ---- | M] () -- C:\vlcplayer162217.exe
[2013/05/01 17:50:59 | 000,000,000 | ---- | M] () -- C:\ctfmon776557.exe
[2013/05/01 17:50:51 | 000,095,744 | ---- | M] (Mail.Ru) -- C:\chrome202760.exe
[2013/05/01 17:50:48 | 000,172,032 | ---- | M] (Intex Software LTD) -- C:\acrobatreader521175.exe
[2013/05/01 17:14:51 | 000,143,360 | ---- | M] () -- C:\mstsc993072.exe
[2013/05/01 17:14:48 | 000,000,000 | ---- | M] () -- C:\googleupdate86940.exe
[2013/05/01 17:14:47 | 000,000,000 | ---- | M] () -- C:\firefox603167.exe
[2013/05/01 17:14:39 | 000,095,744 | ---- | M] (Mail.Ru) -- C:\skype310143.exe
[2013/05/01 17:14:28 | 000,119,808 | ---- | M] (Mail.Ru) -- C:\acrobat388158.exe
[2013/05/01 17:04:08 | 000,143,360 | ---- | M] () -- C:\opera835295.exe
[2013/05/01 17:04:05 | 000,000,000 | ---- | M] () -- C:\googleupdate642361.exe
[2013/05/01 17:04:05 | 000,000,000 | ---- | M] () -- C:\acrobatreader812511.exe
[2013/05/01 17:03:56 | 000,095,744 | ---- | M] (Mail.Ru) -- C:\ctfmon347821.exe
[2013/05/01 17:03:46 | 000,119,808 | ---- | M] (Mail.Ru) -- C:\vlcplayer785269.exe
[2013/05/01 16:15:49 | 000,143,360 | ---- | M] () -- C:\firefox933559.exe
[2013/05/01 16:15:46 | 000,000,000 | ---- | M] () -- C:\mstsc713540.exe
[2013/05/01 16:15:45 | 000,000,000 | ---- | M] () -- C:\chrome33315.exe
[2013/05/01 16:15:37 | 000,095,744 | ---- | M] (Mail.Ru) -- C:\conhost27040.exe
[2013/05/01 16:15:34 | 000,172,032 | ---- | M] (Intex Software LTD) -- C:\flashplayer775734.exe
[2013/05/01 16:12:25 | 000,143,360 | ---- | M] () -- C:\ctfmon424177.exe
[2013/05/01 16:12:20 | 000,000,000 | ---- | M] () -- C:\winlogon226296.exe
[2013/05/01 16:12:19 | 000,000,000 | ---- | M] () -- C:\vlcplayer519672.exe
[2013/05/01 16:12:13 | 000,095,744 | ---- | M] (Mail.Ru) -- C:\mstsc926033.exe
[2013/05/01 16:12:06 | 000,172,032 | ---- | M] (Intex Software LTD) -- C:\conhost23376.exe
[2013/05/01 15:44:22 | 000,143,360 | ---- | M] () -- C:\ctfmon444048.exe
[2013/05/01 15:44:19 | 000,000,000 | ---- | M] () -- C:\iexplore701714.exe
[2013/05/01 15:44:18 | 000,000,000 | ---- | M] () -- C:\acrobatreader161153.exe
[2013/05/01 15:44:11 | 000,095,744 | ---- | M] (Mail.Ru) -- C:\conhost688135.exe
[2013/05/01 15:44:07 | 000,172,032 | ---- | M] (Intex Software LTD) -- C:\googleupdate646327.exe
[2013/05/01 15:37:34 | 000,143,360 | ---- | M] () -- C:\alg763110.exe
[2013/05/01 15:37:31 | 000,000,000 | ---- | M] () -- C:\alg708090.exe
[2013/05/01 15:37:30 | 000,000,000 | ---- | M] () -- C:\vlcplayer773917.exe
[2013/05/01 15:37:22 | 000,095,744 | ---- | M] (Mail.Ru) -- C:\jqs526995.exe
[2013/05/01 15:37:12 | 000,119,808 | ---- | M] (Mail.Ru) -- C:\teamviewer.exe
[2013/05/01 15:16:59 | 000,143,360 | ---- | M] () -- C:\chrome.exe
[2013/05/01 15:16:54 | 000,000,000 | ---- | M] () -- C:\rundll32.exe
[2013/05/01 15:16:54 | 000,000,000 | ---- | M] () -- C:\firefox.exe
[2013/05/01 15:16:46 | 000,095,744 | ---- | M] (Mail.Ru) -- C:\flashplayer.exe
[2013/05/01 15:16:39 | 000,119,808 | ---- | M] (Mail.Ru) -- C:\icq.exe
[2013/05/01 15:06:21 | 000,143,360 | ---- | M] () -- C:\conhost.exe
[2013/05/01 15:06:14 | 000,000,000 | ---- | M] () -- C:\ctfmon.exe
[2013/05/01 15:06:13 | 000,000,000 | ---- | M] () -- C:\jqs.exe
[2013/05/01 15:06:05 | 000,095,744 | ---- | M] (Mail.Ru) -- C:\acrobatreader.exe
[2013/05/01 15:05:56 | 000,119,808 | ---- | M] (Mail.Ru) -- C:\jucheck.exe
[2013/05/01 14:45:03 | 000,143,360 | ---- | M] () -- C:\spoolsv.exe
[2013/05/01 14:45:00 | 000,000,000 | ---- | M] () -- C:\skype.exe
[2013/05/01 14:45:00 | 000,000,000 | ---- | M] () -- C:\opera.exe
[2013/05/01 14:44:59 | 000,172,032 | ---- | M] (Intex Software LTD) -- C:\alg.exe
[2013/05/01 14:44:59 | 000,000,000 | ---- | M] () -- C:\vlcplayer.exe
[2013/05/01 14:06:31 | 000,272,616 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/05/01 13:43:59 | 000,143,360 | ---- | M] () -- C:\iexplore.exe
[2013/05/01 13:43:55 | 000,000,000 | ---- | M] () -- C:\java.exe
[2013/05/01 13:43:54 | 000,172,032 | ---- | M] (Intex Software LTD) -- C:\acrobat.exe
[2013/05/01 13:43:54 | 000,000,000 | ---- | M] () -- C:\windowsupdate.exe
[2013/05/01 13:43:54 | 000,000,000 | ---- | M] () -- C:\msconfig.exe
[2013/05/01 13:40:21 | 000,143,360 | ---- | M] () -- C:\winlogon.exe
[2013/05/01 13:40:15 | 000,000,000 | ---- | M] () -- C:\googleupdate.exe
[2013/05/01 13:40:15 | 000,000,000 | ---- | M] () -- C:\csrss.exe
[2013/05/01 13:40:14 | 000,172,032 | ---- | M] (Intex Software LTD) -- C:\mstsc.exe
[2013/05/01 13:40:14 | 000,000,000 | ---- | M] () -- C:\notepad.exe
[2013/04/30 23:33:17 | 000,002,090 | ---- | M] () -- C:\Users\dianne\Desktop\Google Chrome.lnk
[2013/04/21 03:14:36 | 000,754,664 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/04/19 14:51:35 | 000,001,480 | ---- | M] () -- C:\Users\dianne\Desktop\Sync Folder.lnk
[2013/04/19 12:35:26 | 000,000,867 | ---- | M] () -- C:\Users\dianne\Desktop\Driver Pro.lnk
[2013/04/19 12:33:40 | 000,001,918 | ---- | M] () -- C:\Users\Public\Desktop\VAFPlayer.lnk
[2013/04/19 12:28:44 | 000,000,632 | RHS- | M] () -- C:\Users\dianne\ntuser.pol
[2013/04/19 12:28:06 | 000,000,903 | ---- | M] () -- C:\Users\dianne\Desktop\Optimizer Pro.lnk
[2013/04/19 12:27:53 | 000,000,938 | ---- | M] () -- C:\Users\dianne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
[2013/04/19 12:27:53 | 000,000,928 | ---- | M] () -- C:\Users\dianne\Desktop\MyPC Backup.lnk
[2013/04/11 10:26:47 | 000,040,736 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2013/04/05 08:24:06 | 000,000,830 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/05/31 13:35:17 | 000,000,732 | ---- | C] () -- C:\Users\dianne\AppData\Local\d3d9caps64.dat
[2013/05/02 18:53:40 | 000,118,784 | ---- | C] () -- C:\acrobatreader113091.exe
[2013/05/02 18:53:40 | 000,000,000 | ---- | C] () -- C:\teamviewer297860.exe
[2013/05/02 18:53:39 | 000,000,000 | ---- | C] () -- C:\skype586979.exe
[2013/05/02 17:55:58 | 000,118,784 | ---- | C] () -- C:\mstsc683817.exe
[2013/05/02 17:55:58 | 000,000,000 | ---- | C] () -- C:\java318683.exe
[2013/05/02 17:55:57 | 000,000,000 | ---- | C] () -- C:\vlcplayer278752.exe
[2013/05/02 17:18:41 | 000,118,784 | ---- | C] () -- C:\firefox340557.exe
[2013/05/02 17:18:41 | 000,000,000 | ---- | C] () -- C:\rundll3287063.exe
[2013/05/02 17:18:41 | 000,000,000 | ---- | C] () -- C:\googleupdate680280.exe
[2013/05/02 16:08:56 | 000,118,784 | ---- | C] () -- C:\icq691933.exe
[2013/05/02 16:08:55 | 000,000,000 | ---- | C] () -- C:\rundll32799679.exe
[2013/05/02 16:08:54 | 000,000,000 | ---- | C] () -- C:\iexplore538591.exe
[2013/05/02 13:15:36 | 000,118,784 | ---- | C] () -- C:\vlcplayer7519.exe
[2013/05/02 13:15:36 | 000,000,000 | ---- | C] () -- C:\flashplayer797915.exe
[2013/05/02 13:15:35 | 000,000,000 | ---- | C] () -- C:\opera974205.exe
[2013/05/02 12:50:11 | 000,118,784 | ---- | C] () -- C:\chrome720041.exe
[2013/05/02 12:50:10 | 000,000,000 | ---- | C] () -- C:\icq96727.exe
[2013/05/02 12:50:09 | 000,000,000 | ---- | C] () -- C:\icq950829.exe
[2013/05/02 12:43:37 | 000,118,784 | ---- | C] () -- C:\flashplayer745482.exe
[2013/05/02 12:43:37 | 000,000,000 | ---- | C] () -- C:\winlogon309288.exe
[2013/05/02 12:43:36 | 000,000,000 | ---- | C] () -- C:\csrss896551.exe
[2013/05/02 12:14:44 | 590,395,419 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/05/01 19:41:26 | 000,143,360 | ---- | C] () -- C:\googleupdate93257.exe
[2013/05/01 19:41:26 | 000,000,000 | ---- | C] () -- C:\windowsupdate781629.exe
[2013/05/01 19:41:25 | 000,000,000 | ---- | C] () -- C:\java356293.exe
[2013/05/01 19:20:15 | 000,143,360 | ---- | C] () -- C:\icq40220.exe
[2013/05/01 19:20:14 | 000,000,000 | ---- | C] () -- C:\jucheck864185.exe
[2013/05/01 19:20:13 | 000,000,000 | ---- | C] () -- C:\mstsc709463.exe
[2013/05/01 19:13:19 | 000,143,360 | ---- | C] () -- C:\rundll32157950.exe
[2013/05/01 19:13:19 | 000,000,000 | ---- | C] () -- C:\vlcplayer168894.exe
[2013/05/01 19:13:18 | 000,000,000 | ---- | C] () -- C:\icq194577.exe
[2013/05/01 19:02:06 | 000,000,004 | ---- | C] () -- C:\Users\dianne\AppData\Roaming\skype.ini
[2013/05/01 18:59:13 | 000,143,360 | ---- | C] () -- C:\iexplore634279.exe
[2013/05/01 18:59:12 | 000,000,000 | ---- | C] () -- C:\jucheck576471.exe
[2013/05/01 18:59:12 | 000,000,000 | ---- | C] () -- C:\jqs626033.exe
[2013/05/01 18:21:41 | 000,143,360 | ---- | C] () -- C:\alg907765.exe
[2013/05/01 18:21:40 | 000,000,000 | ---- | C] () -- C:\winlogon669745.exe
[2013/05/01 18:21:39 | 000,000,000 | ---- | C] () -- C:\jqs794657.exe
[2013/05/01 18:12:11 | 000,143,360 | ---- | C] () -- C:\icq901995.exe
[2013/05/01 18:12:10 | 000,000,000 | ---- | C] () -- C:\icq485803.exe
[2013/05/01 18:12:09 | 000,000,000 | ---- | C] () -- C:\windowsupdate365938.exe
[2013/05/01 18:01:28 | 000,143,360 | ---- | C] () -- C:\jqs17101.exe
[2013/05/01 18:01:28 | 000,000,000 | ---- | C] () -- C:\windowsupdate96743.exe
[2013/05/01 18:01:27 | 000,000,000 | ---- | C] () -- C:\winlogon661101.exe
[2013/05/01 17:57:50 | 000,143,360 | ---- | C] () -- C:\firefox213543.exe
[2013/05/01 17:57:50 | 000,000,000 | ---- | C] () -- C:\notepad789161.exe
[2013/05/01 17:57:49 | 000,000,000 | ---- | C] () -- C:\acrobat767709.exe
[2013/05/01 17:54:30 | 000,143,360 | ---- | C] () -- C:\alg670382.exe
[2013/05/01 17:54:30 | 000,000,000 | ---- | C] () -- C:\googleupdate12191.exe
[2013/05/01 17:54:29 | 000,000,000 | ---- | C] () -- C:\csrss127999.exe
[2013/05/01 17:51:00 | 000,143,360 | ---- | C] () -- C:\rundll32489527.exe
[2013/05/01 17:50:59 | 000,000,000 | ---- | C] () -- C:\vlcplayer162217.exe
[2013/05/01 17:50:59 | 000,000,000 | ---- | C] () -- C:\ctfmon776557.exe
[2013/05/01 17:14:48 | 000,143,360 | ---- | C] () -- C:\mstsc993072.exe
[2013/05/01 17:14:48 | 000,000,000 | ---- | C] () -- C:\googleupdate86940.exe
[2013/05/01 17:14:47 | 000,000,000 | ---- | C] () -- C:\firefox603167.exe
[2013/05/01 17:04:06 | 000,143,360 | ---- | C] () -- C:\opera835295.exe
[2013/05/01 17:04:05 | 000,000,000 | ---- | C] () -- C:\googleupdate642361.exe
[2013/05/01 17:04:05 | 000,000,000 | ---- | C] () -- C:\acrobatreader812511.exe
[2013/05/01 16:15:47 | 000,143,360 | ---- | C] () -- C:\firefox933559.exe
[2013/05/01 16:15:46 | 000,000,000 | ---- | C] () -- C:\mstsc713540.exe
[2013/05/01 16:15:45 | 000,000,000 | ---- | C] () -- C:\chrome33315.exe
[2013/05/01 16:12:21 | 000,143,360 | ---- | C] () -- C:\ctfmon424177.exe
[2013/05/01 16:12:20 | 000,000,000 | ---- | C] () -- C:\winlogon226296.exe
[2013/05/01 16:12:19 | 000,000,000 | ---- | C] () -- C:\vlcplayer519672.exe
[2013/05/01 15:44:20 | 000,143,360 | ---- | C] () -- C:\ctfmon444048.exe
[2013/05/01 15:44:19 | 000,000,000 | ---- | C] () -- C:\iexplore701714.exe
[2013/05/01 15:44:18 | 000,000,000 | ---- | C] () -- C:\acrobatreader161153.exe
[2013/05/01 15:37:32 | 000,143,360 | ---- | C] () -- C:\alg763110.exe
[2013/05/01 15:37:31 | 000,000,000 | ---- | C] () -- C:\alg708090.exe
[2013/05/01 15:37:30 | 000,000,000 | ---- | C] () -- C:\vlcplayer773917.exe
[2013/05/01 15:16:55 | 000,143,360 | ---- | C] () -- C:\chrome.exe
[2013/05/01 15:16:54 | 000,000,000 | ---- | C] () -- C:\rundll32.exe
[2013/05/01 15:16:54 | 000,000,000 | ---- | C] () -- C:\firefox.exe
[2013/05/01 15:06:15 | 000,143,360 | ---- | C] () -- C:\conhost.exe
[2013/05/01 15:06:14 | 000,000,000 | ---- | C] () -- C:\ctfmon.exe
[2013/05/01 15:06:13 | 000,000,000 | ---- | C] () -- C:\jqs.exe
[2013/05/01 14:45:01 | 000,143,360 | ---- | C] () -- C:\spoolsv.exe
[2013/05/01 14:45:00 | 000,000,000 | ---- | C] () -- C:\skype.exe
[2013/05/01 14:45:00 | 000,000,000 | ---- | C] () -- C:\opera.exe
[2013/05/01 14:44:59 | 000,000,000 | ---- | C] () -- C:\vlcplayer.exe
[2013/05/01 13:43:55 | 000,143,360 | ---- | C] () -- C:\iexplore.exe
[2013/05/01 13:43:55 | 000,000,000 | ---- | C] () -- C:\java.exe
[2013/05/01 13:43:54 | 000,000,000 | ---- | C] () -- C:\windowsupdate.exe
[2013/05/01 13:43:54 | 000,000,000 | ---- | C] () -- C:\msconfig.exe
[2013/05/01 13:40:16 | 000,143,360 | ---- | C] () -- C:\winlogon.exe
[2013/05/01 13:40:15 | 000,000,000 | ---- | C] () -- C:\googleupdate.exe
[2013/05/01 13:40:15 | 000,000,000 | ---- | C] () -- C:\csrss.exe
[2013/05/01 13:40:14 | 000,000,000 | ---- | C] () -- C:\notepad.exe
[2013/04/19 12:37:00 | 000,000,360 | ---- | C] () -- C:\Windows\tasks\AmiUpdXp.job
[2013/04/19 12:35:26 | 000,000,867 | ---- | C] () -- C:\Users\dianne\Desktop\Driver Pro.lnk
[2013/04/19 12:34:19 | 000,000,009 | ---- | C] () -- C:\END
[2013/04/19 12:33:40 | 000,001,918 | ---- | C] () -- C:\Users\Public\Desktop\VAFPlayer.lnk
[2013/04/19 12:28:06 | 000,000,903 | ---- | C] () -- C:\Users\dianne\Desktop\Optimizer Pro.lnk
[2013/04/19 12:27:53 | 000,000,938 | ---- | C] () -- C:\Users\dianne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
[2013/04/19 12:27:53 | 000,000,928 | ---- | C] () -- C:\Users\dianne\Desktop\MyPC Backup.lnk
[2011/12/04 14:19:52 | 000,000,632 | RHS- | C] () -- C:\Users\dianne\ntuser.pol
[2011/10/28 11:58:25 | 000,754,664 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/08/25 18:01:22 | 002,052,096 | ---- | C] () -- C:\Users\dianne\s-1-5-21-1424625615-964005803-1290662544-1000.rrr
[2010/08/13 20:36:31 | 000,153,088 | ---- | C] () -- C:\Program Files (x86)\UNWISE.EXE
[2010/07/25 16:25:20 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/10/04 20:39:28 | 000,005,632 | ---- | C] () -- C:\Users\dianne\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/14 20:58:57 | 000,007,728 | ---- | C] () -- C:\Users\dianne\AppData\Local\d3d9caps.dat

========== ZeroAccess Check ==========

[2006/11/02 11:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 13:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 13:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 03:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 02:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 22:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2010/08/13 20:36:35 | 000,000,000 | ---D | M] -- C:\Users\dianne\AppData\Roaming\alot
[2011/10/14 21:55:21 | 000,000,000 | ---D | M] -- C:\Users\dianne\AppData\Roaming\AVG10
[2013/03/11 13:13:31 | 000,000,000 | ---D | M] -- C:\Users\dianne\AppData\Roaming\AVG2013
[2010/11/23 15:41:35 | 000,000,000 | ---D | M] -- C:\Users\dianne\AppData\Roaming\Babylon
[2012/02/14 00:52:19 | 000,000,000 | ---D | M] -- C:\Users\dianne\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
[2013/05/25 03:39:53 | 000,000,000 | ---D | M] -- C:\Users\dianne\AppData\Roaming\DealPly
[2013/04/19 12:28:11 | 000,000,000 | ---D | M] -- C:\Users\dianne\AppData\Roaming\DefaultTab
[2013/04/19 12:35:43 | 000,000,000 | ---D | M] -- C:\Users\dianne\AppData\Roaming\Driver Pro
[2010/11/23 15:26:27 | 000,000,000 | ---D | M] -- C:\Users\dianne\AppData\Roaming\DriverCure
[2011/03/31 23:28:19 | 000,000,000 | ---D | M] -- C:\Users\dianne\AppData\Roaming\Farm Mania
[2013/05/25 03:32:18 | 000,000,000 | ---D | M] -- C:\Users\dianne\AppData\Roaming\Iminent
[2013/04/21 17:54:08 | 000,000,000 | ---D | M] -- C:\Users\dianne\AppData\Roaming\IObit
[2011/02/14 20:12:31 | 000,000,000 | ---D | M] -- C:\Users\dianne\AppData\Roaming\MP3Rocket
[2012/04/26 18:36:08 | 000,000,000 | ---D | M] -- C:\Users\dianne\AppData\Roaming\ooVoo Details
[2013/04/19 12:28:22 | 000,000,000 | ---D | M] -- C:\Users\dianne\AppData\Roaming\Optimizer Pro
[2010/11/23 15:26:27 | 000,000,000 | ---D | M] -- C:\Users\dianne\AppData\Roaming\ParetoLogic
[2011/12/05 18:32:44 | 000,000,000 | ---D | M] -- C:\Users\dianne\AppData\Roaming\PDF Software
[2013/04/19 12:33:40 | 000,000,000 | ---D | M] -- C:\Users\dianne\AppData\Roaming\player
[2011/03/31 14:21:53 | 000,000,000 | ---D | M] -- C:\Users\dianne\AppData\Roaming\PlayFirst
[2010/11/23 15:17:08 | 000,000,000 | ---D | M] -- C:\Users\dianne\AppData\Roaming\PriceGong
[2011/12/05 18:37:49 | 000,000,000 | ---D | M] -- C:\Users\dianne\AppData\Roaming\QUAD Utilities
[2011/08/14 18:04:15 | 000,000,000 | ---D | M] -- C:\Users\dianne\AppData\Roaming\Registry Mechanic
[2013/05/25 03:29:20 | 000,000,000 | ---D | M] -- C:\Users\dianne\AppData\Roaming\SearchProtect
[2013/05/15 02:31:15 | 000,000,000 | ---D | M] -- C:\Users\dianne\AppData\Roaming\ShopAtHome
[2011/11/09 11:23:14 | 000,000,000 | ---D | M] -- C:\Users\dianne\AppData\Roaming\SUPERAntiSpyware(167).com
[2011/11/12 19:28:34 | 000,000,000 | ---D | M] -- C:\Users\dianne\AppData\Roaming\SUPERAntiSpyware(331).com
[2011/12/06 19:55:13 | 000,000,000 | ---D | M] -- C:\Users\dianne\AppData\Roaming\SupportSoft
[2013/03/11 13:05:44 | 000,000,000 | ---D | M] -- C:\Users\dianne\AppData\Roaming\Systweak
[2013/03/11 13:12:37 | 000,000,000 | ---D | M] -- C:\Users\dianne\AppData\Roaming\TuneUp Software
[2013/05/25 03:23:17 | 000,000,000 | ---D | M] -- C:\Users\dianne\AppData\Roaming\Uniblue
[2013/05/02 16:04:54 | 000,000,000 | ---D | M] -- C:\Users\dianne\AppData\Roaming\Yontoo

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:373E1720
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:5D432CE3
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >

#7
jtroop

Posted 04 June 2013 - 05:48 PM

Member

Topic Starter
Member
70 posts

Now for the FRST log:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-06-2013
Ran by SYSTEM on 04-05-2013 19:06:26
Running from F:\
Windows Vista ™ Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe [182784 2006-11-02] (Microsoft Corporation)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
HKLM-x32\...\Run: [dellsupportcenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter [206064 2009-05-21] (SupportSoft, Inc.)
HKLM-x32\...\Run: [MyFunCards Search Scope Monitor] "C:\PROGRA~2\MYFUNC~2\bar\1.bin\5msrchmn.exe" /m=2 /w /h [42536 2013-01-21] (MindSpark)
HKLM-x32\...\Run: [MyFunCards_5m Browser Plugin Loader] C:\PROGRA~2\MYFUNC~2\bar\1.bin\5mbrmon.exe [30096 2013-01-21] (VER_COMPANY_NAME)
HKLM-x32\...\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [4394032 2013-03-13] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe" [1223344 2013-04-11] (AVG Secure Search)
HKLM-x32\...\Run: [SearchProtectAll] "C:\Program Files (x86)\SearchProtect\bin\cltmng.exe" [2852640 2013-05-07] (Conduit)
HKU\Dianeslife\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-01-05] (Google Inc.)
HKU\Dianeslife.dianne-PC\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-01-05] (Google Inc.)
HKU\Dianeslife.dianne-PC\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4283256 2011-05-13] (Microsoft Corporation)
HKU\Dianeslife.dianne-PC.000\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-01-05] (Google Inc.)
HKU\Dianeslife.dianne-PC.000\...\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO [5655832 2013-02-25] (Piriform Ltd)
HKU\Dianeslife.dianne-PC.000\...\Run: [SearchProtect] C:\Users\Dianeslife.dianne-PC.000\AppData\Roaming\SearchProtect\bin\cltmng.exe [2852640 2013-05-07] (Conduit)
HKU\Dianeslife.dianne-PC.000\...\Policies\system: [LogonHoursAction] 2
HKU\Dianeslife.dianne-PC.000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Dianeslife.dianne-PC.000\...\Winlogon: [Shell] explorer.exe,C:\Users\Dianeslife.dianne-PC.000\AppData\Roaming\skype.dat [160256 2011-11-18] (SmartDev Software INC.) <==== ATTENTION
HKU\dianne\...\Run: [Google Update] "C:\Users\dianne\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2010-10-15] (Google Inc.)
HKU\dianne\...\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5622512 2013-05-03] (SUPERAntiSpyware.com)
HKU\dianne\...\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [81952 2012-10-30] (PC Utilities Pro)
HKU\dianne\...\Run: [Yontoo Desktop] "C:\Users\dianne\AppData\Roaming\Yontoo\YontooDesktop.exe" [42784 2013-04-16] (Yontoo LLC)
HKU\dianne\...\Run: [Driver Pro] C:\Program Files (x86)\Driver Pro\DPLauncher.exe [340512 2012-10-30] (PC Utilities Pro)
HKU\dianne\...\Run: [SearchProtect] C:\Users\dianne\AppData\Roaming\SearchProtect\bin\cltmng.exe [2730784 2013-04-11] (Conduit)
HKU\dianne\...\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe [x]
HKU\dianne\...\Policies\system: [LogonHoursAction] 2
HKU\dianne\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\dianne\...\Winlogon: [Shell] explorer.exe,C:\Users\dianne\AppData\Roaming\skype.dat [172032 2011-11-18] (Intex Software LTD) <==== ATTENTION
HKU\Guest\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-01-05] (Google Inc.)
HKU\Guest\...\Run: [SearchProtect] C:\Users\Guest\AppData\Roaming\SearchProtect\bin\cltmng.exe [2852640 2013-05-07] (Conduit)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Dianeslife.dianne-PC.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\dianne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
Startup: C:\Users\dianne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk
ShortcutTarget: ZooskMessenger.lnk -> C:\Program Files (x86)\ZooskMessenger\ZooskMessenger.exe (No File)
Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\RA Media Server\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)

==================== Services (Whitelisted) =================

S2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-07-11] (SUPERAntiSpyware.com)
S2 AERTFilters; C:\Windows\system32\AERTSr64.exe [86016 2008-07-18] (Andrea Electronics Corporation)
S2 Apache2.2; C:\Program Files (x86)\Common Files\Dell\apache\bin\httpd.exe [15872 2007-09-21] (Apache Software Foundation)
S2 avgfws; C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [1418184 2013-02-19] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4937264 2013-02-27] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [282624 2013-02-19] (AVG Technologies CZ, s.r.o.)
S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [32808 2013-05-01] (Just Develop It)
S2 CltMngSvc; C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe [93984 2013-04-11] (Conduit)
S2 DefaultTabSearch; C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe [572928 2013-02-10] ()
S2 DefaultTabUpdate; C:\Users\dianne\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe [107520 2013-04-19] ()
S2 dldtCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\dldtserv.exe [33448 2009-07-09] ()
S2 dldt_device; C:\Windows\system32\dldtcoms.exe [1044648 2009-07-09] ( )
S2 dsl-db; C:\Program Files (x86)\Common Files\Dell\MySQL\my.ini [9560 2009-08-19] ()
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [12784 2011-04-27] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [288272 2011-04-27] (Microsoft Corporation)
S2 PDF Suite 2010 Service; C:\Program Files (x86)\PDF Suite 2010\ConversionService.exe [791360 2010-09-28] (Interactive Brands Inc.)
S2 SupportSoft RemoteAssist; C:\Program Files (x86)\Common Files\supportsoft\bin\ssrc.exe [386424 2010-02-24] (SupportSoft, Inc.)
S2 Updater By SweetPacks; C:\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe [188760 2013-02-28] ()
S2 vToolbarUpdater15.1.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.1.0\ToolbarUpdater.exe [1008816 2013-04-11] (AVG Secure Search)
S2 Yontoo Desktop Updater; C:\Users\dianne\AppData\Roaming\Yontoo\YontooDesktop.exe [42784 2013-04-16] (Yontoo LLC)
S3 msiserver; %systemroot%\system32\msiexec /V [x]
S3 SBAMSvc;

==================== Drivers (Whitelisted) ====================

S1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [50296 2012-09-04] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-02-26] (AVG Technologies CZ, s.r.o.)
S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-02-08] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206136 2013-02-08] (AVG Technologies CZ, s.r.o.)
S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311096 2013-02-08] (AVG Technologies CZ, s.r.o.)
S0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-02-08] (AVG Technologies CZ, s.r.o.)
S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-02-08] (AVG Technologies CZ, s.r.o.)
S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [239416 2013-02-13] (AVG Technologies CZ, s.r.o.)
S1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [40736 2013-04-11] (AVG Technologies)
S1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [189440 2011-04-18] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [84864 2011-04-27] (Microsoft Corporation)
S3 Ph3xIB64; C:\Windows\System32\DRIVERS\Ph3xIB64.sys [1418112 2007-04-03] (Philips Semiconductors GmbH)
S2 RtNdPt60; C:\Windows\System32\DRIVERS\RtNdPt60.sys [26624 2008-07-21] (Windows ® Codename Longhorn DDK provider)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 ccxwbksp; \??\C:\Windows\system32\drivers\ccxwbksp.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S1 lierbluu; \??\C:\Windows\system32\drivers\lierbluu.sys [x]
S1 lvwxpala; \??\C:\Windows\system32\drivers\lvwxpala.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S1 qfcyrvgz; \??\C:\Windows\system32\drivers\qfcyrvgz.sys [x]
S1 smmilxmn; \??\C:\Windows\system32\drivers\smmilxmn.sys [x]
S1 tpzwnznc; \??\C:\Windows\system32\drivers\tpzwnznc.sys [x]
S1 tqgruidu; \??\C:\Windows\system32\drivers\tqgruidu.sys [x]
S1 ufetxbtx; \??\C:\Windows\system32\drivers\ufetxbtx.sys [x]
S1 whmvkqmf; \??\C:\Windows\system32\drivers\whmvkqmf.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-05-31 09:35 - 2013-05-02 12:09 - 00000732 ____A C:\Users\dianne\Local Settings\d3d9caps64.dat
2013-05-31 09:35 - 2013-05-02 12:09 - 00000732 ____A C:\Users\dianne\Local Settings\Application Data\d3d9caps64.dat
2013-05-31 09:35 - 2013-05-02 12:09 - 00000732 ____A C:\Users\dianne\AppData\Local\d3d9caps64.dat
2013-05-31 07:36 - 2013-05-31 09:03 - 00835584 ____A (The PHP Group) C:\ProgramData\FB40.tmp
2013-05-31 07:36 - 2013-05-31 09:03 - 00835584 ____A (The PHP Group) C:\ProgramData\Application Data\FB40.tmp
2013-05-31 07:36 - 2013-05-31 08:44 - 00835584 ____A (The PHP Group) C:\ProgramData\Application Data\29A0.tmp
2013-05-31 07:36 - 2013-05-31 08:44 - 00835584 ____A (The PHP Group) C:\ProgramData\29A0.tmp
2013-05-31 07:36 - 2013-05-31 07:36 - 00835584 ____A (The PHP Group) C:\ProgramData\Application Data\8BBC.tmp
2013-05-31 07:36 - 2013-05-31 07:36 - 00835584 ____A (The PHP Group) C:\ProgramData\8BBC.tmp
2013-05-31 07:36 - 2013-05-31 07:36 - 00000000 ____D C:\Windows\Sun
2013-05-27 00:20 - 2013-05-30 08:13 - 00000000 ____D C:\Users\dianne\Local Settings\Tuguu SL
2013-05-27 00:20 - 2013-05-30 08:13 - 00000000 ____D C:\Users\dianne\Local Settings\Application Data\Tuguu SL
2013-05-27 00:20 - 2013-05-30 08:13 - 00000000 ____D C:\Users\dianne\AppData\Local\Tuguu SL
2013-05-24 23:39 - 2013-05-24 23:39 - 00000000 ____D C:\Users\dianne\Application Data\DealPly
2013-05-24 23:39 - 2013-05-24 23:39 - 00000000 ____D C:\Users\dianne\AppData\Roaming\DealPly
2013-05-24 23:39 - 2013-05-24 23:39 - 00000000 ____D C:\Program Files (x86)\DealPly
2013-05-24 23:32 - 2013-05-24 23:32 - 00000000 ____D C:\Users\dianne\Application Data\Iminent
2013-05-24 23:32 - 2013-05-24 23:32 - 00000000 ____D C:\Users\dianne\AppData\Roaming\Iminent
2013-05-24 23:31 - 2013-05-24 23:32 - 00000000 ____D C:\Program Files (x86)\Iminent
2013-05-24 23:31 - 2013-05-24 23:31 - 00000000 ____D C:\ProgramData\Iminent
2013-05-24 23:31 - 2013-05-24 23:31 - 00000000 ____D C:\ProgramData\Application Data\Iminent
2013-05-24 23:26 - 2013-05-24 23:27 - 00000000 ____D C:\Users\dianne\Local Settings\Smartbar
2013-05-24 23:26 - 2013-05-24 23:27 - 00000000 ____D C:\Users\dianne\Local Settings\Application Data\Smartbar
2013-05-24 23:26 - 2013-05-24 23:27 - 00000000 ____D C:\Users\dianne\AppData\Local\Smartbar
2013-05-24 23:24 - 2013-05-24 23:28 - 00000000 ____D C:\Program Files (x86)\Vafmusic2
2013-05-24 23:23 - 2013-05-24 23:23 - 00000000 ____D C:\Users\dianne\Application Data\Uniblue
2013-05-24 23:23 - 2013-05-24 23:23 - 00000000 ____D C:\Users\dianne\AppData\Roaming\Uniblue
2013-05-24 23:23 - 2013-05-24 23:23 - 00000000 ____D C:\Program Files (x86)\Uniblue
2013-05-24 23:22 - 2013-05-24 23:22 - 00000000 ____D C:\Users\dianne\Local Settings\DownloadTerms
2013-05-24 23:22 - 2013-05-24 23:22 - 00000000 ____D C:\Users\dianne\Local Settings\Application Data\DownloadTerms
2013-05-24 23:22 - 2013-05-24 23:22 - 00000000 ____D C:\Users\dianne\AppData\Local\DownloadTerms
2013-05-24 23:22 - 2013-05-24 23:22 - 00000000 ____D C:\Program Files (x86)\SingAlong
2013-05-23 00:34 - 2013-05-24 23:26 - 00000000 ____D C:\Users\dianne\Local Settings\Systweak
2013-05-23 00:34 - 2013-05-24 23:26 - 00000000 ____D C:\Users\dianne\Local Settings\Application Data\Systweak
2013-05-23 00:34 - 2013-05-24 23:26 - 00000000 ____D C:\Users\dianne\AppData\Local\Systweak
2013-05-22 18:46 - 2013-05-22 18:46 - 00000000 ____D C:\Users\dianne\Local Settings\IAC
2013-05-22 18:46 - 2013-05-22 18:46 - 00000000 ____D C:\Users\dianne\Local Settings\Application Data\IAC
2013-05-22 18:46 - 2013-05-22 18:46 - 00000000 ____D C:\Users\dianne\AppData\Local\IAC
2013-05-14 22:31 - 2013-05-14 22:31 - 00000000 ____D C:\Users\dianne\Application Data\ShopAtHome
2013-05-14 22:31 - 2013-05-14 22:31 - 00000000 ____D C:\Users\dianne\AppData\Roaming\ShopAtHome
2013-05-04 19:06 - 2013-05-04 19:06 - 00000000 ____D C:\FRST
2013-05-04 14:45 - 2013-05-04 14:45 - 00602112 ____A (OldTimer Tools) C:\Users\dianne\Downloads\OTL.exe
2013-05-03 15:47 - 2013-05-03 15:47 - 00000004 ____A C:\Users\Dianeslife.dianne-PC.000\Application Data\skype.ini
2013-05-03 15:47 - 2013-05-03 15:47 - 00000004 ____A C:\Users\Dianeslife.dianne-PC.000\AppData\Roaming\skype.ini
2013-05-03 15:43 - 2013-05-03 15:43 - 00339968 ____A C:\skype936927.exe
2013-05-03 15:43 - 2013-05-03 15:43 - 00160256 ____A (SmartDev Software INC.) C:\icq804758.exe
2013-05-03 15:43 - 2013-05-03 15:43 - 00000000 ____A C:\notepad934314.exe
2013-05-03 15:43 - 2013-05-03 15:43 - 00000000 ____A C:\notepad592593.exe
2013-05-03 15:43 - 2013-05-03 15:43 - 00000000 ____A C:\acrobatreader546217.exe
2013-05-03 14:58 - 2013-05-03 14:58 - 00339968 ____A C:\vlcplayer112080.exe
2013-05-03 14:58 - 2013-05-03 14:58 - 00160256 ____A (SmartDev Software INC.) C:\notepad51661.exe
2013-05-03 14:58 - 2013-05-03 14:58 - 00000000 ____A C:\skype884200.exe
2013-05-03 14:58 - 2013-05-03 14:58 - 00000000 ____A C:\conhost898425.exe
2013-05-03 14:58 - 2013-05-03 14:58 - 00000000 ____A C:\chrome906514.exe
2013-05-03 14:52 - 2013-05-03 14:52 - 00339968 ____A C:\winlogon506979.exe
2013-05-03 14:52 - 2013-05-03 14:52 - 00160256 ____A (SmartDev Software INC.) C:\firefox207543.exe
2013-05-03 14:52 - 2013-05-03 14:52 - 00000000 ____A C:\opera690821.exe
2013-05-03 14:52 - 2013-05-03 14:52 - 00000000 ____A C:\msconfig411325.exe
2013-05-03 14:52 - 2013-05-03 14:52 - 00000000 ____A C:\acrobat122838.exe
2013-05-03 12:16 - 2013-05-03 12:16 - 00000000 ____D C:\Users\Guest\Application Data\AVG2013
2013-05-03 12:16 - 2013-05-03 12:16 - 00000000 ____D C:\Users\Guest\AppData\Roaming\AVG2013
2013-05-02 23:04 - 2013-05-02 23:04 - 00159232 ____A (Handy-Software INC.) C:\jqs610173.exe
2013-05-02 23:04 - 2013-05-02 23:04 - 00118784 ____A C:\ctfmon622763.exe
2013-05-02 23:04 - 2013-05-02 23:04 - 00079360 ____A (TrueCrypt Foundation) C:\mstsc448018.exe
2013-05-02 23:04 - 2013-05-02 23:04 - 00000000 ____A C:\spoolsv705678.exe
2013-05-02 23:04 - 2013-05-02 23:04 - 00000000 ____A C:\skype824759.exe
2013-05-02 22:42 - 2013-05-02 22:42 - 00118784 ____A C:\teamviewer181069.exe
2013-05-02 22:42 - 2013-05-02 22:42 - 00104448 ____A (TrueCrypt Foundation) C:\teamviewer886518.exe
2013-05-02 22:42 - 2013-05-02 22:42 - 00079360 ____A (TrueCrypt Foundation) C:\icq575055.exe
2013-05-02 22:42 - 2013-05-02 22:42 - 00000000 ____A C:\rundll32887045.exe
2013-05-02 22:42 - 2013-05-02 22:42 - 00000000 ____A C:\firefox748637.exe
2013-05-02 22:35 - 2013-05-02 22:35 - 00155648 ____A (Handy-Software INC.) C:\spoolsv628255.exe
2013-05-02 22:35 - 2013-05-02 22:35 - 00118784 ____A C:\skype182761.exe
2013-05-02 22:35 - 2013-05-02 22:35 - 00079360 ____A (TrueCrypt Foundation) C:\chrome218447.exe
2013-05-02 22:35 - 2013-05-02 22:35 - 00000000 ____A C:\opera702546.exe
2013-05-02 22:35 - 2013-05-02 22:35 - 00000000 ____A C:\mstsc137826.exe
2013-05-02 22:07 - 2013-05-02 22:07 - 00062464 ____A C:\ab53tzax0rrdg.exe
2013-05-02 20:53 - 2013-05-02 20:53 - 00155648 ____A (Handy-Software INC.) C:\ctfmon939801.exe
2013-05-02 20:53 - 2013-05-02 20:53 - 00118784 ____A C:\windowsupdate546361.exe
2013-05-02 20:53 - 2013-05-02 20:53 - 00079360 ____A (TrueCrypt Foundation) C:\skype264171.exe
2013-05-02 20:53 - 2013-05-02 20:53 - 00000000 ____A C:\teamviewer104157.exe
2013-05-02 20:53 - 2013-05-02 20:53 - 00000000 ____A C:\jucheck662571.exe
2013-05-02 20:33 - 2013-05-02 20:33 - 00118784 ____A C:\iexplore681869.exe
2013-05-02 20:33 - 2013-05-02 20:33 - 00104448 ____A (TrueCrypt Foundation) C:\windowsupdate262242.exe
2013-05-02 20:33 - 2013-05-02 20:33 - 00079360 ____A (TrueCrypt Foundation) C:\chrome932441.exe
2013-05-02 20:33 - 2013-05-02 20:33 - 00000000 ____A C:\rundll32993525.exe
2013-05-02 20:33 - 2013-05-02 20:33 - 00000000 ____A C:\googleupdate202983.exe
2013-05-02 20:19 - 2013-05-02 20:19 - 00155648 ____A (Handy-Software INC.) C:\skype541672.exe
2013-05-02 20:19 - 2013-05-02 20:19 - 00118784 ____A C:\flashplayer346255.exe
2013-05-02 20:19 - 2013-05-02 20:19 - 00079360 ____A (TrueCrypt Foundation) C:\jqs978128.exe
2013-05-02 20:19 - 2013-05-02 20:19 - 00000000 ____A C:\notepad533755.exe
2013-05-02 20:19 - 2013-05-02 20:19 - 00000000 ____A C:\chrome658477.exe
2013-05-02 19:46 - 2013-05-02 19:46 - 00118784 ____A C:\acrobat699032.exe
2013-05-02 19:46 - 2013-05-02 19:46 - 00079360 ____A (TrueCrypt Foundation) C:\icq30407.exe
2013-05-02 19:46 - 2013-05-02 19:46 - 00000000 ____A C:\teamviewer524382.exe
2013-05-02 19:46 - 2013-05-02 19:46 - 00000000 ____A C:\jqs187759.exe
2013-05-02 19:45 - 2013-05-02 19:46 - 00104448 ____A (TrueCrypt Foundation) C:\notepad792152.exe
2013-05-02 19:42 - 2013-05-02 19:42 - 00155648 ____A (Handy-Software INC.) C:\ctfmon30984.exe
2013-05-02 19:42 - 2013-05-02 19:42 - 00118784 ____A C:\acrobatreader81749.exe
2013-05-02 19:42 - 2013-05-02 19:42 - 00079360 ____A (TrueCrypt Foundation) C:\iexplore402645.exe
2013-05-02 19:42 - 2013-05-02 19:42 - 00000000 ____A C:\csrss997278.exe
2013-05-02 19:42 - 2013-05-02 19:42 - 00000000 ____A C:\acrobat85526.exe
2013-05-02 19:39 - 2013-05-02 19:39 - 00118784 ____A C:\acrobatreader101746.exe
2013-05-02 19:39 - 2013-05-02 19:39 - 00104448 ____A (TrueCrypt Foundation) C:\jucheck330567.exe
2013-05-02 19:39 - 2013-05-02 19:39 - 00079360 ____A (TrueCrypt Foundation) C:\jucheck662335.exe
2013-05-02 19:39 - 2013-05-02 19:39 - 00000000 ____A C:\skype141176.exe
2013-05-02 19:39 - 2013-05-02 19:39 - 00000000 ____A C:\acrobat77889.exe
2013-05-02 19:10 - 2013-05-02 19:10 - 00118784 ____A C:\acrobat223048.exe
2013-05-02 19:10 - 2013-05-02 19:10 - 00000000 ____A C:\winlogon130415.exe
2013-05-02 19:10 - 2013-05-02 19:10 - 00000000 ____A C:\jucheck277042.exe
2013-05-02 19:09 - 2013-05-02 19:10 - 00079360 ____A (TrueCrypt Foundation) C:\jucheck735425.exe
2013-05-02 19:09 - 2013-05-02 19:09 - 00104448 ____A (TrueCrypt Foundation) C:\notepad95914.exe
2013-05-02 18:55 - 2013-05-02 18:55 - 00118784 ____A C:\jqs12747.exe
2013-05-02 18:55 - 2013-05-02 18:55 - 00104448 ____A (TrueCrypt Foundation) C:\csrss107632.exe
2013-05-02 18:55 - 2013-05-02 18:55 - 00079360 ____A (TrueCrypt Foundation) C:\icq20391.exe
2013-05-02 18:55 - 2013-05-02 18:55 - 00000000 ____A C:\vlcplayer372074.exe
2013-05-02 18:55 - 2013-05-02 18:55 - 00000000 ____A C:\icq204884.exe
2013-05-02 17:30 - 2013-05-02 17:30 - 00155648 ____A (Handy-Software INC.) C:\conhost988193.exe
2013-05-02 17:30 - 2013-05-02 17:30 - 00118784 ____A C:\jucheck320931.exe
2013-05-02 17:30 - 2013-05-02 17:30 - 00079360 ____A (TrueCrypt Foundation) C:\ctfmon459735.exe
2013-05-02 17:30 - 2013-05-02 17:30 - 00000000 ____A C:\teamviewer773213.exe
2013-05-02 17:30 - 2013-05-02 17:30 - 00000000 ____A C:\csrss829256.exe
2013-05-02 17:27 - 2013-05-02 17:27 - 00118784 ____A C:\acrobat147159.exe
2013-05-02 17:27 - 2013-05-02 17:27 - 00079360 ____A (TrueCrypt Foundation) C:\firefox135617.exe
2013-05-02 17:27 - 2013-05-02 17:27 - 00000000 ____A C:\teamviewer491329.exe
2013-05-02 17:27 - 2013-05-02 17:27 - 00000000 ____A C:\opera85118.exe
2013-05-02 17:26 - 2013-05-02 17:27 - 00155648 ____A (Handy-Software INC.) C:\spoolsv109431.exe
2013-05-02 17:02 - 2013-05-02 17:02 - 00155648 ____A (Handy-Software INC.) C:\iexplore233100.exe
2013-05-02 17:02 - 2013-05-02 17:02 - 00118784 ____A C:\notepad564465.exe
2013-05-02 17:02 - 2013-05-02 17:02 - 00079360 ____A (TrueCrypt Foundation) C:\winlogon892695.exe
2013-05-02 17:02 - 2013-05-02 17:02 - 00000000 ____A C:\jqs892874.exe
2013-05-02 17:02 - 2013-05-02 17:02 - 00000000 ____A C:\chrome914533.exe
2013-05-02 16:36 - 2013-05-02 16:36 - 00155648 ____A (Handy-Software INC.) C:\mstsc404529.exe
2013-05-02 16:36 - 2013-05-02 16:36 - 00118784 ____A C:\windowsupdate606705.exe
2013-05-02 16:36 - 2013-05-02 16:36 - 00079360 ____A (TrueCrypt Foundation) C:\chrome236759.exe
2013-05-02 16:36 - 2013-05-02 16:36 - 00000000 ____A C:\winlogon68512.exe
2013-05-02 16:36 - 2013-05-02 16:36 - 00000000 ____A C:\opera316315.exe
2013-05-02 16:33 - 2013-05-02 16:33 - 00155648 ____A (Handy-Software INC.) C:\windowsupdate132907.exe
2013-05-02 16:33 - 2013-05-02 16:33 - 00118784 ____A C:\vlcplayer863737.exe
2013-05-02 16:33 - 2013-05-02 16:33 - 00079360 ____A (TrueCrypt Foundation) C:\windowsupdate983375.exe
2013-05-02 16:33 - 2013-05-02 16:33 - 00000000 ____A C:\opera573177.exe
2013-05-02 16:33 - 2013-05-02 16:33 - 00000000 ____A C:\jqs475449.exe
2013-05-02 16:23 - 2013-05-02 16:23 - 00276576 ____A C:\Windows\Minidump\Mini050213-06.dmp
2013-05-02 16:20 - 2013-05-02 16:20 - 00118784 ____A C:\csrss651257.exe
2013-05-02 16:20 - 2013-05-02 16:20 - 00104448 ____A (TrueCrypt Foundation) C:\acrobatreader989293.exe
2013-05-02 16:20 - 2013-05-02 16:20 - 00079360 ____A (TrueCrypt Foundation) C:\icq759195.exe
2013-05-02 16:20 - 2013-05-02 16:20 - 00000000 ____A C:\teamviewer873952.exe
2013-05-02 16:20 - 2013-05-02 16:20 - 00000000 ____A C:\opera168006.exe
2013-05-02 16:07 - 2013-05-02 16:07 - 00070078 ____A C:\Users\Dianeslife.dianne-PC.000\Downloads\Extras.Txt
2013-05-02 16:05 - 2013-05-02 16:05 - 00166402 ____A C:\Users\Dianeslife.dianne-PC.000\Downloads\OTL.Txt
2013-05-02 15:50 - 2013-05-02 15:50 - 00602112 ____A (OldTimer Tools) C:\Users\Dianeslife.dianne-PC.000\Downloads\OTL.exe
2013-05-02 14:53 - 2013-05-02 14:53 - 00155648 ____A (Handy-Software INC.) C:\winlogon236697.exe
2013-05-02 14:53 - 2013-05-02 14:53 - 00118784 ____A C:\acrobatreader113091.exe
2013-05-02 14:53 - 2013-05-02 14:53 - 00079360 ____A (TrueCrypt Foundation) C:\java820740.exe
2013-05-02 14:53 - 2013-05-02 14:53 - 00000000 ____A C:\teamviewer297860.exe
2013-05-02 14:53 - 2013-05-02 14:53 - 00000000 ____A C:\skype586979.exe
2013-05-02 13:55 - 2013-05-02 13:56 - 00118784 ____A C:\mstsc683817.exe
2013-05-02 13:55 - 2013-05-02 13:55 - 00155648 ____A (Handy-Software INC.) C:\mstsc722955.exe
2013-05-02 13:55 - 2013-05-02 13:55 - 00079360 ____A (TrueCrypt Foundation) C:\mstsc390328.exe
2013-05-02 13:55 - 2013-05-02 13:55 - 00000000 ____A C:\vlcplayer278752.exe
2013-05-02 13:55 - 2013-05-02 13:55 - 00000000 ____A C:\java318683.exe
2013-05-02 13:18 - 2013-05-02 13:18 - 00155648 ____A (Handy-Software INC.) C:\notepad966801.exe
2013-05-02 13:18 - 2013-05-02 13:18 - 00118784 ____A C:\firefox340557.exe
2013-05-02 13:18 - 2013-05-02 13:18 - 00079360 ____A (TrueCrypt Foundation) C:\skype738441.exe
2013-05-02 13:18 - 2013-05-02 13:18 - 00000000 ____A C:\rundll3287063.exe
2013-05-02 13:18 - 2013-05-02 13:18 - 00000000 ____A C:\googleupdate680280.exe
2013-05-02 12:08 - 2013-05-02 12:08 - 00118784 ____A C:\icq691933.exe
2013-05-02 12:08 - 2013-05-02 12:08 - 00104448 ____A (TrueCrypt Foundation) C:\conhost535073.exe
2013-05-02 12:08 - 2013-05-02 12:08 - 00079360 ____A (TrueCrypt Foundation) C:\icq522403.exe
2013-05-02 12:08 - 2013-05-02 12:08 - 00000000 ____A C:\rundll32799679.exe
2013-05-02 12:08 - 2013-05-02 12:08 - 00000000 ____A C:\iexplore538591.exe
2013-05-02 09:19 - 2013-05-02 09:19 - 00276576 ____A C:\Windows\Minidump\Mini050213-05.dmp
2013-05-02 09:15 - 2013-05-02 09:15 - 00119808 ____A (Mail.Ru) C:\rundll32607652.exe
2013-05-02 09:15 - 2013-05-02 09:15 - 00118784 ____A C:\vlcplayer7519.exe
2013-05-02 09:15 - 2013-05-02 09:15 - 00095744 ____A (Mail.Ru) C:\teamviewer480281.exe
2013-05-02 09:15 - 2013-05-02 09:15 - 00000000 ____A C:\opera974205.exe
2013-05-02 09:15 - 2013-05-02 09:15 - 00000000 ____A C:\flashplayer797915.exe
2013-05-02 09:09 - 2013-05-02 09:09 - 00276576 ____A C:\Windows\Minidump\Mini050213-04.dmp
2013-05-02 08:50 - 2013-05-02 08:50 - 00118784 ____A C:\chrome720041.exe
2013-05-02 08:50 - 2013-05-02 08:50 - 00000000 ____A C:\icq96727.exe
2013-05-02 08:50 - 2013-05-02 08:50 - 00000000 ____A C:\icq950829.exe
2013-05-02 08:49 - 2013-05-02 08:50 - 00095744 ____A (Mail.Ru) C:\csrss98300.exe
2013-05-02 08:49 - 2013-05-02 08:49 - 00155648 ____A (Handy-Software INC.) C:\csrss695435.exe
2013-05-02 08:46 - 2013-05-02 08:46 - 00000000 ____D C:\Users\Dianeslife.dianne-PC.000\Local Settings\MyFunCards_5m
2013-05-02 08:46 - 2013-05-02 08:46 - 00000000 ____D C:\Users\Dianeslife.dianne-PC.000\Local Settings\Application Data\MyFunCards_5m
2013-05-02 08:46 - 2013-05-02 08:46 - 00000000 ____D C:\Users\Dianeslife.dianne-PC.000\AppData\Local\MyFunCards_5m
2013-05-02 08:43 - 2013-05-02 08:43 - 00155648 ____A (Handy-Software INC.) C:\winlogon705216.exe
2013-05-02 08:43 - 2013-05-02 08:43 - 00118784 ____A C:\flashplayer745482.exe
2013-05-02 08:43 - 2013-05-02 08:43 - 00095744 ____A (Mail.Ru) C:\jqs7223.exe
2013-05-02 08:43 - 2013-05-02 08:43 - 00000000 ____A C:\winlogon309288.exe
2013-05-02 08:43 - 2013-05-02 08:43 - 00000000 ____A C:\csrss896551.exe
2013-05-02 08:39 - 2013-05-02 08:39 - 00276576 ____A C:\Windows\Minidump\Mini050213-03.dmp
2013-05-02 08:34 - 2013-05-02 08:34 - 00000000 ____D C:\Users\Dianeslife.dianne-PC.000\Application Data\SearchProtect
2013-05-02 08:34 - 2013-05-02 08:34 - 00000000 ____D C:\Users\Dianeslife.dianne-PC.000\AppData\Roaming\SearchProtect
2013-05-02 08:33 - 2013-05-02 08:33 - 00000000 ____D C:\Users\Dianeslife.dianne-PC.000\Local Settings\AVG SafeGuard toolbar
2013-05-02 08:33 - 2013-05-02 08:33 - 00000000 ____D C:\Users\Dianeslife.dianne-PC.000\Local Settings\Application Data\AVG SafeGuard toolbar
2013-05-02 08:33 - 2013-05-02 08:33 - 00000000 ____D C:\Users\Dianeslife.dianne-PC.000\AppData\Local\AVG SafeGuard toolbar
2013-05-02 08:26 - 2013-05-02 08:26 - 00270064 ____A C:\Windows\Minidump\Mini050213-02.dmp
2013-05-02 08:18 - 2013-05-02 08:18 - 00000000 ____D C:\Users\Dianeslife.dianne-PC.000\Application Data\AVG2013
2013-05-02 08:18 - 2013-05-02 08:18 - 00000000 ____D C:\Users\Dianeslife.dianne-PC.000\AppData\Roaming\AVG2013
2013-05-02 08:14 - 2013-05-02 16:23 - 672417819 ____A C:\Windows\MEMORY.DMP
2013-05-02 08:14 - 2013-05-02 08:15 - 00276520 ____A C:\Windows\Minidump\Mini050213-01.dmp
2013-05-01 15:41 - 2013-05-01 15:41 - 00143360 ____A C:\googleupdate93257.exe
2013-05-01 15:41 - 2013-05-01 15:41 - 00119808 ____A (Mail.Ru) C:\java268285.exe
2013-05-01 15:41 - 2013-05-01 15:41 - 00095744 ____A (Mail.Ru) C:\mstsc462903.exe
2013-05-01 15:41 - 2013-05-01 15:41 - 00000000 ____A C:\windowsupdate781629.exe
2013-05-01 15:41 - 2013-05-01 15:41 - 00000000 ____A C:\java356293.exe
2013-05-01 15:20 - 2013-05-01 15:20 - 00143360 ____A C:\icq40220.exe
2013-05-01 15:20 - 2013-05-01 15:20 - 00095744 ____A (Mail.Ru) C:\teamviewer626029.exe
2013-05-01 15:20 - 2013-05-01 15:20 - 00000000 ____A C:\mstsc709463.exe
2013-05-01 15:20 - 2013-05-01 15:20 - 00000000 ____A C:\jucheck864185.exe
2013-05-01 15:19 - 2013-05-01 15:19 - 00119808 ____A (Mail.Ru) C:\vlcplayer208848.exe
2013-05-01 15:13 - 2013-05-01 15:13 - 00143360 ____A C:\rundll32157950.exe
2013-05-01 15:13 - 2013-05-01 15:13 - 00095744 ____A (Mail.Ru) C:\chrome547035.exe
2013-05-01 15:13 - 2013-05-01 15:13 - 00000000 ____A C:\vlcplayer168894.exe
2013-05-01 15:13 - 2013-05-01 15:13 - 00000000 ____A C:\icq194577.exe
2013-05-01 15:12 - 2013-05-01 15:12 - 00119808 ____A (Mail.Ru) C:\firefox706601.exe
2013-05-01 15:02 - 2013-05-02 12:04 - 00000004 ____A C:\Users\dianne\Application Data\skype.ini
2013-05-01 15:02 - 2013-05-02 12:04 - 00000004 ____A C:\Users\dianne\AppData\Roaming\skype.ini
2013-05-01 14:59 - 2013-05-01 14:59 - 00143360 ____A C:\iexplore634279.exe
2013-05-01 14:59 - 2013-05-01 14:59 - 00095744 ____A (Mail.Ru) C:\acrobat251295.exe
2013-05-01 14:59 - 2013-05-01 14:59 - 00000000 ____A C:\jucheck576471.exe
2013-05-01 14:59 - 2013-05-01 14:59 - 00000000 ____A C:\jqs626033.exe
2013-05-01 14:58 - 2013-05-01 14:59 - 00172032 ____A (Intex Software LTD) C:\notepad280593.exe
2013-05-01 14:21 - 2013-05-01 14:21 - 00172032 ____A (Intex Software LTD) C:\alg284328.exe
2013-05-01 14:21 - 2013-05-01 14:21 - 00143360 ____A C:\alg907765.exe
2013-05-01 14:21 - 2013-05-01 14:21 - 00095744 ____A (Mail.Ru) C:\icq915640.exe
2013-05-01 14:21 - 2013-05-01 14:21 - 00000000 ____A C:\winlogon669745.exe
2013-05-01 14:21 - 2013-05-01 14:21 - 00000000 ____A C:\jqs794657.exe
2013-05-01 14:12 - 2013-05-01 14:12 - 00143360 ____A C:\icq901995.exe
2013-05-01 14:12 - 2013-05-01 14:12 - 00000000 ____A C:\windowsupdate365938.exe
2013-05-01 14:12 - 2013-05-01 14:12 - 00000000 ____A C:\icq485803.exe
2013-05-01 14:11 - 2013-05-01 14:12 - 00095744 ____A (Mail.Ru) C:\msconfig649286.exe
2013-05-01 14:11 - 2013-05-01 14:11 - 00172032 ____A (Intex Software LTD) C:\mstsc532398.exe
2013-05-01 14:01 - 2013-05-01 14:01 - 00172032 ____A (Intex Software LTD) C:\jucheck234924.exe
2013-05-01 14:01 - 2013-05-01 14:01 - 00143360 ____A C:\jqs17101.exe
2013-05-01 14:01 - 2013-05-01 14:01 - 00095744 ____A (Mail.Ru) C:\windowsupdate589892.exe
2013-05-01 14:01 - 2013-05-01 14:01 - 00000000 ____A C:\winlogon661101.exe
2013-05-01 14:01 - 2013-05-01 14:01 - 00000000 ____A C:\windowsupdate96743.exe
2013-05-01 13:57 - 2013-05-01 13:57 - 00172032 ____A (Intex Software LTD) C:\acrobat823773.exe
2013-05-01 13:57 - 2013-05-01 13:57 - 00143360 ____A C:\firefox213543.exe
2013-05-01 13:57 - 2013-05-01 13:57 - 00095744 ____A (Mail.Ru) C:\rundll3266645.exe
2013-05-01 13:57 - 2013-05-01 13:57 - 00000000 ____A C:\notepad789161.exe
2013-05-01 13:57 - 2013-05-01 13:57 - 00000000 ____A C:\acrobat767709.exe
2013-05-01 13:54 - 2013-05-01 13:54 - 00172032 ____A (Intex Software LTD) C:\msconfig468186.exe
2013-05-01 13:54 - 2013-05-01 13:54 - 00143360 ____A C:\alg670382.exe
2013-05-01 13:54 - 2013-05-01 13:54 - 00095744 ____A (Mail.Ru) C:\csrss725318.exe
2013-05-01 13:54 - 2013-05-01 13:54 - 00000000 ____A C:\googleupdate12191.exe
2013-05-01 13:54 - 2013-05-01 13:54 - 00000000 ____A C:\csrss127999.exe
2013-05-01 13:51 - 2013-05-01 13:51 - 00143360 ____A C:\rundll32489527.exe
2013-05-01 13:50 - 2013-05-01 13:50 - 00172032 ____A (Intex Software LTD) C:\acrobatreader521175.exe
2013-05-01 13:50 - 2013-05-01 13:50 - 00095744 ____A (Mail.Ru) C:\chrome202760.exe
2013-05-01 13:50 - 2013-05-01 13:50 - 00000000 ____A C:\vlcplayer162217.exe
2013-05-01 13:50 - 2013-05-01 13:50 - 00000000 ____A C:\ctfmon776557.exe
2013-05-01 13:14 - 2013-05-01 13:14 - 00143360 ____A C:\mstsc993072.exe
2013-05-01 13:14 - 2013-05-01 13:14 - 00119808 ____A (Mail.Ru) C:\acrobat388158.exe
2013-05-01 13:14 - 2013-05-01 13:14 - 00095744 ____A (Mail.Ru) C:\skype310143.exe
2013-05-01 13:14 - 2013-05-01 13:14 - 00000000 ____A C:\googleupdate86940.exe
2013-05-01 13:14 - 2013-05-01 13:14 - 00000000 ____A C:\firefox603167.exe
2013-05-01 13:04 - 2013-05-01 13:04 - 00143360 ____A C:\opera835295.exe
2013-05-01 13:04 - 2013-05-01 13:04 - 00000000 ____A C:\googleupdate642361.exe
2013-05-01 13:04 - 2013-05-01 13:04 - 00000000 ____A C:\acrobatreader812511.exe
2013-05-01 13:03 - 2013-05-01 13:03 - 00119808 ____A (Mail.Ru) C:\vlcplayer785269.exe
2013-05-01 13:03 - 2013-05-01 13:03 - 00095744 ____A (Mail.Ru) C:\ctfmon347821.exe
2013-05-01 12:15 - 2013-05-01 12:15 - 00172032 ____A (Intex Software LTD) C:\flashplayer775734.exe
2013-05-01 12:15 - 2013-05-01 12:15 - 00143360 ____A C:\firefox933559.exe
2013-05-01 12:15 - 2013-05-01 12:15 - 00095744 ____A (Mail.Ru) C:\conhost27040.exe
2013-05-01 12:15 - 2013-05-01 12:15 - 00000000 ____A C:\mstsc713540.exe
2013-05-01 12:15 - 2013-05-01 12:15 - 00000000 ____A C:\chrome33315.exe
2013-05-01 12:12 - 2013-05-01 12:12 - 00172032 ____A (Intex Software LTD) C:\conhost23376.exe
2013-05-01 12:12 - 2013-05-01 12:12 - 00143360 ____A C:\ctfmon424177.exe
2013-05-01 12:12 - 2013-05-01 12:12 - 00095744 ____A (Mail.Ru) C:\mstsc926033.exe
2013-05-01 12:12 - 2013-05-01 12:12 - 00000000 ____A C:\winlogon226296.exe
2013-05-01 12:12 - 2013-05-01 12:12 - 00000000 ____A C:\vlcplayer519672.exe
2013-05-01 11:44 - 2013-05-01 11:44 - 00172032 ____A (Intex Software LTD) C:\googleupdate646327.exe
2013-05-01 11:44 - 2013-05-01 11:44 - 00143360 ____A C:\ctfmon444048.exe
2013-05-01 11:44 - 2013-05-01 11:44 - 00095744 ____A (Mail.Ru) C:\conhost688135.exe
2013-05-01 11:44 - 2013-05-01 11:44 - 00000000 ____A C:\iexplore701714.exe
2013-05-01 11:44 - 2013-05-01 11:44 - 00000000 ____A C:\acrobatreader161153.exe
2013-05-01 11:37 - 2013-05-01 11:37 - 00143360 ____A C:\alg763110.exe
2013-05-01 11:37 - 2013-05-01 11:37 - 00119808 ____A (Mail.Ru) C:\teamviewer.exe
2013-05-01 11:37 - 2013-05-01 11:37 - 00095744 ____A (Mail.Ru) C:\jqs526995.exe
2013-05-01 11:37 - 2013-05-01 11:37 - 00000000 ____A C:\vlcplayer773917.exe
2013-05-01 11:37 - 2013-05-01 11:37 - 00000000 ____A C:\alg708090.exe
2013-05-01 11:16 - 2013-05-01 11:16 - 00143360 ____A C:\chrome.exe
2013-05-01 11:16 - 2013-05-01 11:16 - 00119808 ____A (Mail.Ru) C:\icq.exe
2013-05-01 11:16 - 2013-05-01 11:16 - 00095744 ____A (Mail.Ru) C:\flashplayer.exe
2013-05-01 11:16 - 2013-05-01 11:16 - 00000000 ____A C:\rundll32.exe
2013-05-01 11:16 - 2013-05-01 11:16 - 00000000 ____A C:\firefox.exe
2013-05-01 11:06 - 2013-05-01 11:06 - 00143360 ____A C:\conhost.exe
2013-05-01 11:06 - 2013-05-01 11:06 - 00095744 ____A (Mail.Ru) C:\acrobatreader.exe
2013-05-01 11:06 - 2013-05-01 11:06 - 00000000 ____A C:\jqs.exe
2013-05-01 11:06 - 2013-05-01 11:06 - 00000000 ____A C:\ctfmon.exe
2013-05-01 11:05 - 2013-05-01 11:05 - 00119808 ____A (Mail.Ru) C:\jucheck.exe
2013-05-01 10:45 - 2013-05-01 10:45 - 00143360 ____A C:\spoolsv.exe
2013-05-01 10:45 - 2013-05-01 10:45 - 00000000 ____A C:\skype.exe
2013-05-01 10:45 - 2013-05-01 10:45 - 00000000 ____A C:\opera.exe
2013-05-01 10:44 - 2013-05-01 10:44 - 00172032 ____A (Intex Software LTD) C:\alg.exe
2013-05-01 10:44 - 2013-05-01 10:44 - 00000000 ____A C:\vlcplayer.exe
2013-05-01 09:47 - 2013-04-04 17:19 - 10926080 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-01 09:47 - 2013-04-04 17:08 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-05-01 09:47 - 2013-04-04 17:01 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-01 09:47 - 2013-04-04 17:00 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-01 09:47 - 2013-04-04 16:59 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-05-01 09:47 - 2013-04-04 16:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-05-01 09:47 - 2013-04-04 16:57 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-05-01 09:47 - 2013-04-04 16:56 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-05-01 09:47 - 2013-04-04 16:55 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-05-01 09:47 - 2013-04-04 16:55 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-05-01 09:47 - 2013-04-04 16:54 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-01 09:47 - 2013-04-04 16:54 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-01 09:47 - 2013-04-04 16:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-05-01 09:47 - 2013-04-04 16:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-05-01 09:47 - 2013-04-04 14:11 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-05-01 09:47 - 2013-04-04 14:09 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-05-01 09:47 - 2013-04-04 14:02 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-05-01 09:47 - 2013-04-04 14:02 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-05-01 09:47 - 2013-04-04 14:02 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-05-01 09:47 - 2013-04-04 14:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-05-01 09:47 - 2013-04-04 13:59 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-05-01 09:47 - 2013-04-04 13:58 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-05-01 09:47 - 2013-04-04 13:58 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-05-01 09:47 - 2013-04-04 13:57 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-05-01 09:47 - 2013-04-04 13:56 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-05-01 09:47 - 2013-04-04 13:55 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-05-01 09:47 - 2013-04-04 13:54 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-05-01 09:47 - 2013-04-04 13:50 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-05-01 09:43 - 2013-05-01 09:43 - 00172032 ____A (Intex Software LTD) C:\acrobat.exe
2013-05-01 09:43 - 2013-05-01 09:43 - 00143360 ____A C:\iexplore.exe
2013-05-01 09:43 - 2013-05-01 09:43 - 00000000 ____A C:\windowsupdate.exe
2013-05-01 09:43 - 2013-05-01 09:43 - 00000000 ____A C:\msconfig.exe
2013-05-01 09:43 - 2013-05-01 09:43 - 00000000 ____A C:\java.exe
2013-05-01 09:40 - 2013-05-01 09:40 - 00172032 ____A (Intex Software LTD) C:\mstsc.exe
2013-05-01 09:40 - 2013-05-01 09:40 - 00143360 ____A C:\winlogon.exe
2013-05-01 09:40 - 2013-05-01 09:40 - 00000000 ____A C:\notepad.exe
2013-05-01 09:40 - 2013-05-01 09:40 - 00000000 ____A C:\googleupdate.exe
2013-05-01 09:40 - 2013-05-01 09:40 - 00000000 ____A C:\csrss.exe
2013-05-01 09:35 - 2013-05-05 13:36 - 17818624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-01 09:35 - 2013-05-05 13:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-01 09:35 - 2013-05-05 11:25 - 12324864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-05-01 09:35 - 2013-05-05 11:12 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-04-30 14:14 - 2013-04-15 06:17 - 00901496 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-04-30 14:14 - 2013-04-12 19:34 - 00047104 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-04-30 14:14 - 2013-04-08 17:55 - 02774016 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-04-30 13:50 - 2013-04-30 13:50 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2013-04-30 13:10 - 2013-04-30 13:10 - 00000000 ____D C:\Users\Dianeslife.dianne-PC.000\Local Settings\Avg2013
2013-04-30 13:10 - 2013-04-30 13:10 - 00000000 ____D C:\Users\Dianeslife.dianne-PC.000\Local Settings\Application Data\Avg2013
2013-04-30 13:10 - 2013-04-30 13:10 - 00000000 ____D C:\Users\Dianeslife.dianne-PC.000\AppData\Local\Avg2013
2013-04-30 13:08 - 2013-04-30 13:08 - 00000000 ____D C:\Users\Dianeslife.dianne-PC.000\Application Data\SUPERAntiSpyware.com
2013-04-30 13:08 - 2013-04-30 13:08 - 00000000 ____D C:\Users\Dianeslife.dianne-PC.000\AppData\Roaming\SUPERAntiSpyware.com
2013-04-30 13:07 - 2013-04-30 13:07 - 00000732 ____A C:\Users\Dianeslife.dianne-PC.000\Local Settings\d3d9caps64.dat
2013-04-30 13:07 - 2013-04-30 13:07 - 00000732 ____A C:\Users\Dianeslife.dianne-PC.000\Local Settings\Application Data\d3d9caps64.dat
2013-04-30 13:07 - 2013-04-30 13:07 - 00000732 ____A C:\Users\Dianeslife.dianne-PC.000\AppData\Local\d3d9caps64.dat
2013-04-30 13:01 - 2013-05-03 12:16 - 00000000 ____D C:\Users\Guest\Application Data\SearchProtect
2013-04-30 13:01 - 2013-05-03 12:16 - 00000000 ____D C:\Users\Guest\AppData\Roaming\SearchProtect
2013-04-30 13:01 - 2013-04-30 13:01 - 00000000 ____D C:\Users\Guest\Local Settings\Avg2013
2013-04-30 13:01 - 2013-04-30 13:01 - 00000000 ____D C:\Users\Guest\Local Settings\AVG SafeGuard toolbar
2013-04-30 13:01 - 2013-04-30 13:01 - 00000000 ____D C:\Users\Guest\Local Settings\Application Data\Avg2013
2013-04-30 13:01 - 2013-04-30 13:01 - 00000000 ____D C:\Users\Guest\Local Settings\Application Data\AVG SafeGuard toolbar
2013-04-30 13:01 - 2013-04-30 13:01 - 00000000 ____D C:\Users\Guest\Application Data\SUPERAntiSpyware.com
2013-04-30 13:01 - 2013-04-30 13:01 - 00000000 ____D C:\Users\Guest\AppData\Roaming\SUPERAntiSpyware.com
2013-04-30 13:01 - 2013-04-30 13:01 - 00000000 ____D C:\Users\Guest\AppData\Local\Avg2013
2013-04-30 13:01 - 2013-04-30 13:01 - 00000000 ____D C:\Users\Guest\AppData\Local\AVG SafeGuard toolbar
2013-04-30 04:13 - 2013-04-30 04:13 - 00000000 ____D C:\Program Files (x86)\Coupon Savings
2013-04-28 05:27 - 2013-04-30 14:19 - 00000000 ____D C:\Users\dianne\Local Settings\SweetIM
2013-04-28 05:27 - 2013-04-30 14:19 - 00000000 ____D C:\Users\dianne\Local Settings\Application Data\SweetIM
2013-04-28 05:27 - 2013-04-30 14:19 - 00000000 ____D C:\Users\dianne\AppData\Local\SweetIM
2013-04-20 13:16 - 2013-04-20 13:16 - 00000000 ____A C:\Windows\setuperr.log
2013-04-20 13:16 - 2013-04-20 13:16 - 00000000 ____A C:\Windows\setupact.log
2013-04-19 11:04 - 2013-04-19 11:04 - 00000000 ____D C:\Users\dianne\Local Settings\MyFunCards_5m
2013-04-19 11:04 - 2013-04-19 11:04 - 00000000 ____D C:\Users\dianne\Local Settings\Application Data\MyFunCards_5m
2013-04-19 11:04 - 2013-04-19 11:04 - 00000000 ____D C:\Users\dianne\AppData\Local\MyFunCards_5m
2013-04-19 08:37 - 2013-05-03 15:44 - 00000360 ____A C:\Windows\Tasks\AmiUpdXp.job
2013-04-19 08:36 - 2013-04-19 08:36 - 00000000 ____D C:\Users\dianne\Local Settings\SwvUpdater
2013-04-19 08:36 - 2013-04-19 08:36 - 00000000 ____D C:\Users\dianne\Local Settings\Application Data\SwvUpdater
2013-04-19 08:36 - 2013-04-19 08:36 - 00000000 ____D C:\Users\dianne\AppData\Local\SwvUpdater
2013-04-19 08:36 - 2013-04-19 08:36 - 00000000 ____D C:\Program Files (x86)\WhiteSmoke_New
2013-04-19 08:35 - 2013-05-24 23:29 - 00000000 ____D C:\Users\dianne\Application Data\SearchProtect
2013-04-19 08:35 - 2013-05-24 23:29 - 00000000 ____D C:\Users\dianne\AppData\Roaming\SearchProtect
2013-04-19 08:35 - 2013-05-24 23:23 - 00000000 ____D C:\Users\dianne\Local Settings\CRE
2013-04-19 08:35 - 2013-05-24 23:23 - 00000000 ____D C:\Users\dianne\Local Settings\Application Data\CRE
2013-04-19 08:35 - 2013-05-24 23:23 - 00000000 ____D C:\Users\dianne\AppData\Local\CRE
2013-04-19 08:35 - 2013-04-19 08:35 - 00000867 ____A C:\Users\dianne\Desktop\Driver Pro.lnk
2013-04-19 08:35 - 2013-04-19 08:35 - 00000000 ____D C:\Users\dianne\Application Data\Driver Pro
2013-04-19 08:35 - 2013-04-19 08:35 - 00000000 ____D C:\Users\dianne\AppData\Roaming\Driver Pro
2013-04-19 08:35 - 2013-04-19 08:35 - 00000000 ____D C:\Program Files (x86)\SearchProtect
2013-04-19 08:35 - 2013-04-19 08:35 - 00000000 ____D C:\Program Files (x86)\Driver Pro
2013-04-19 08:34 - 2013-05-24 23:27 - 00000009 ____A C:\END
2013-04-19 08:34 - 2013-05-04 14:04 - 00000000 ____D C:\Users\dianne\Application Data\Yontoo
2013-04-19 08:34 - 2013-05-04 14:04 - 00000000 ____D C:\Users\dianne\AppData\Roaming\Yontoo
2013-04-19 08:34 - 2013-04-19 08:34 - 00000000 ____D C:\Program Files (x86)\Yontoo
2013-04-19 08:33 - 2013-04-30 13:42 - 00000000 ____D C:\Program Files (x86)\Tuguu SL
2013-04-19 08:33 - 2013-04-19 08:33 - 00001918 ____A C:\Users\Public\Desktop\VAFPlayer.lnk
2013-04-19 08:33 - 2013-04-19 08:33 - 00001918 ____A C:\ProgramData\Desktop\VAFPlayer.lnk
2013-04-19 08:33 - 2013-04-19 08:33 - 00000000 ____D C:\Users\dianne\Application Data\player
2013-04-19 08:33 - 2013-04-19 08:33 - 00000000 ____D C:\Users\dianne\AppData\Roaming\player
2013-04-19 08:29 - 2013-04-30 13:42 - 00000000 ____D C:\Program Files\Updater By SweetPacks
2013-04-19 08:29 - 2013-04-30 13:42 - 00000000 ____D C:\Program Files (x86)\SweetIM
2013-04-19 08:28 - 2013-04-19 08:28 - 00000903 ____A C:\Users\dianne\Desktop\Optimizer Pro.lnk
2013-04-19 08:28 - 2013-04-19 08:28 - 00000535 ____A C:\Windows\KB893803v2.log
2013-04-19 08:28 - 2013-04-19 08:28 - 00000000 ____D C:\Users\dianne\Local Settings\Supreme Savings
2013-04-19 08:28 - 2013-04-19 08:28 - 00000000 ____D C:\Users\dianne\Local Settings\Application Data\Supreme Savings
2013-04-19 08:28 - 2013-04-19 08:28 - 00000000 ____D C:\Users\dianne\Application Data\Optimizer Pro
2013-04-19 08:28 - 2013-04-19 08:28 - 00000000 ____D C:\Users\dianne\Application Data\DefaultTab
2013-04-19 08:28 - 2013-04-19 08:28 - 00000000 ____D C:\Users\dianne\AppData\Roaming\Optimizer Pro
2013-04-19 08:28 - 2013-04-19 08:28 - 00000000 ____D C:\Users\dianne\AppData\Roaming\DefaultTab
2013-04-19 08:28 - 2013-04-19 08:28 - 00000000 ____D C:\Users\dianne\AppData\Local\Supreme Savings
2013-04-19 08:28 - 2013-04-19 08:28 - 00000000 ____D C:\Program Files (x86)\DefaultTab
2013-04-19 08:27 - 2013-04-19 08:28 - 00000000 ____D C:\Program Files (x86)\Supreme Savings
2013-04-19 08:27 - 2013-04-19 08:27 - 00000928 ____A C:\Users\dianne\Desktop\MyPC Backup.lnk
2013-04-19 08:27 - 2013-04-19 08:27 - 00000000 ____D C:\Users\dianne\Local Settings\Updater19962
2013-04-19 08:27 - 2013-04-19 08:27 - 00000000 ____D C:\Users\dianne\Local Settings\Application Data\Updater19962
2013-04-19 08:27 - 2013-04-19 08:27 - 00000000 ____D C:\Users\dianne\AppData\Local\Updater19962
2013-04-19 08:27 - 2013-04-19 08:27 - 00000000 ____D C:\Program Files (x86)\Optimizer Pro
2013-04-16 12:38 - 2013-04-16 12:38 - 00049872 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\circbogd.sys
2013-04-11 06:27 - 2013-04-30 13:42 - 00000000 ____D C:\Windows\SysWOW64\cache
2013-04-09 16:28 - 2013-03-11 05:33 - 04691304 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-04-09 16:28 - 2013-03-08 20:16 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2013-04-09 16:28 - 2013-03-08 17:48 - 00075264 ____A (Microsoft Corporation) C:\Windows\System32\smss.exe
2013-04-09 16:28 - 2013-03-07 20:18 - 00451072 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2013-04-09 16:28 - 2013-03-07 20:17 - 02425344 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2013-04-09 16:28 - 2013-03-07 19:52 - 02067968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-04-09 16:28 - 2013-03-03 11:13 - 01513320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys

==================== One Month Modified Files and Folders =======

2013-05-31 09:03 - 2013-05-31 07:36 - 00835584 ____A (The PHP Group) C:\ProgramData\FB40.tmp
2013-05-31 09:03 - 2013-05-31 07:36 - 00835584 ____A (The PHP Group) C:\ProgramData\Application Data\FB40.tmp
2013-05-31 08:44 - 2013-05-31 07:36 - 00835584 ____A (The PHP Group) C:\ProgramData\Application Data\29A0.tmp
2013-05-31 08:44 - 2013-05-31 07:36 - 00835584 ____A (The PHP Group) C:\ProgramData\29A0.tmp
2013-05-31 07:36 - 2013-05-31 07:36 - 00835584 ____A (The PHP Group) C:\ProgramData\Application Data\8BBC.tmp
2013-05-31 07:36 - 2013-05-31 07:36 - 00835584 ____A (The PHP Group) C:\ProgramData\8BBC.tmp
2013-05-31 07:36 - 2013-05-31 07:36 - 00000000 ____D C:\Windows\Sun
2013-05-31 07:27 - 2009-11-02 19:24 - 00000000 ____D C:\Users\dianne\Local Settings\Application Data\Adobe
2013-05-31 07:27 - 2009-11-02 19:24 - 00000000 ____D C:\Users\dianne\Local Settings\Adobe
2013-05-31 07:27 - 2009-11-02 19:24 - 00000000 ____D C:\Users\dianne\AppData\Local\Adobe
2013-05-30 08:13 - 2013-05-27 00:20 - 00000000 ____D C:\Users\dianne\Local Settings\Tuguu SL
2013-05-30 08:13 - 2013-05-27 00:20 - 00000000 ____D C:\Users\dianne\Local Settings\Application Data\Tuguu SL
2013-05-30 08:13 - 2013-05-27 00:20 - 00000000 ____D C:\Users\dianne\AppData\Local\Tuguu SL
2013-05-27 00:20 - 2011-10-31 00:24 - 00000000 ____D C:\Users\dianne\Local Settings\Application Data\{BD0B560B-03C9-477F-BB45-CC2A8242532F}
2013-05-27 00:20 - 2011-10-31 00:24 - 00000000 ____D C:\Users\dianne\Local Settings\{BD0B560B-03C9-477F-BB45-CC2A8242532F}
2013-05-27 00:20 - 2011-10-31 00:24 - 00000000 ____D C:\Users\dianne\AppData\Local\{BD0B560B-03C9-477F-BB45-CC2A8242532F}
2013-05-24 23:39 - 2013-05-24 23:39 - 00000000 ____D C:\Users\dianne\Application Data\DealPly
2013-05-24 23:39 - 2013-05-24 23:39 - 00000000 ____D C:\Users\dianne\AppData\Roaming\DealPly
2013-05-24 23:39 - 2013-05-24 23:39 - 00000000 ____D C:\Program Files (x86)\DealPly
2013-05-24 23:32 - 2013-05-24 23:32 - 00000000 ____D C:\Users\dianne\Application Data\Iminent
2013-05-24 23:32 - 2013-05-24 23:32 - 00000000 ____D C:\Users\dianne\AppData\Roaming\Iminent
2013-05-24 23:32 - 2013-05-24 23:31 - 00000000 ____D C:\Program Files (x86)\Iminent
2013-05-24 23:31 - 2013-05-24 23:31 - 00000000 ____D C:\ProgramData\Iminent
2013-05-24 23:31 - 2013-05-24 23:31 - 00000000 ____D C:\ProgramData\Application Data\Iminent
2013-05-24 23:29 - 2013-04-19 08:35 - 00000000 ____D C:\Users\dianne\Application Data\SearchProtect
2013-05-24 23:29 - 2013-04-19 08:35 - 00000000 ____D C:\Users\dianne\AppData\Roaming\SearchProtect
2013-05-24 23:28 - 2013-05-24 23:24 - 00000000 ____D C:\Program Files (x86)\Vafmusic2
2013-05-24 23:27 - 2013-05-24 23:26 - 00000000 ____D C:\Users\dianne\Local Settings\Smartbar
2013-05-24 23:27 - 2013-05-24 23:26 - 00000000 ____D C:\Users\dianne\Local Settings\Application Data\Smartbar
2013-05-24 23:27 - 2013-05-24 23:26 - 00000000 ____D C:\Users\dianne\AppData\Local\Smartbar
2013-05-24 23:27 - 2013-04-19 08:34 - 00000009 ____A C:\END
2013-05-24 23:26 - 2013-05-23 00:34 - 00000000 ____D C:\Users\dianne\Local Settings\Systweak
2013-05-24 23:26 - 2013-05-23 00:34 - 00000000 ____D C:\Users\dianne\Local Settings\Application Data\Systweak
2013-05-24 23:26 - 2013-05-23 00:34 - 00000000 ____D C:\Users\dianne\AppData\Local\Systweak
2013-05-24 23:26 - 2011-10-15 11:43 - 00000000 ____D C:\Users\dianne\Local Settings\Application Data\{8C782384-8E04-471A-A94C-BEF67ADEC6C9}
2013-05-24 23:26 - 2011-10-15 11:43 - 00000000 ____D C:\Users\dianne\Local Settings\{8C782384-8E04-471A-A94C-BEF67ADEC6C9}
2013-05-24 23:26 - 2011-10-15 11:43 - 00000000 ____D C:\Users\dianne\AppData\Local\{8C782384-8E04-471A-A94C-BEF67ADEC6C9}
2013-05-24 23:24 - 2010-08-13 16:36 - 00000000 ____D C:\Users\dianne\Local Settings\Conduit
2013-05-24 23:24 - 2010-08-13 16:36 - 00000000 ____D C:\Users\dianne\Local Settings\Application Data\Conduit
2013-05-24 23:24 - 2010-08-13 16:36 - 00000000 ____D C:\Users\dianne\AppData\Local\Conduit
2013-05-24 23:23 - 2013-05-24 23:23 - 00000000 ____D C:\Users\dianne\Application Data\Uniblue
2013-05-24 23:23 - 2013-05-24 23:23 - 00000000 ____D C:\Users\dianne\AppData\Roaming\Uniblue
2013-05-24 23:23 - 2013-05-24 23:23 - 00000000 ____D C:\Program Files (x86)\Uniblue
2013-05-24 23:23 - 2013-04-19 08:35 - 00000000 ____D C:\Users\dianne\Local Settings\CRE
2013-05-24 23:23 - 2013-04-19 08:35 - 00000000 ____D C:\Users\dianne\Local Settings\Application Data\CRE
2013-05-24 23:23 - 2013-04-19 08:35 - 00000000 ____D C:\Users\dianne\AppData\Local\CRE
2013-05-24 23:22 - 2013-05-24 23:22 - 00000000 ____D C:\Users\dianne\Local Settings\DownloadTerms
2013-05-24 23:22 - 2013-05-24 23:22 - 00000000 ____D C:\Users\dianne\Local Settings\Application Data\DownloadTerms
2013-05-24 23:22 - 2013-05-24 23:22 - 00000000 ____D C:\Users\dianne\AppData\Local\DownloadTerms
2013-05-24 23:22 - 2013-05-24 23:22 - 00000000 ____D C:\Program Files (x86)\SingAlong
2013-05-23 00:34 - 2011-08-19 03:43 - 00000000 ____D C:\Users\dianne\Local Settings\Application Data\{5957012D-72E7-4279-BE0C-64A361C05CFF}
2013-05-23 00:34 - 2011-08-19 03:43 - 00000000 ____D C:\Users\dianne\Local Settings\{5957012D-72E7-4279-BE0C-64A361C05CFF}
2013-05-23 00:34 - 2011-08-19 03:43 - 00000000 ____D C:\Users\dianne\AppData\Local\{5957012D-72E7-4279-BE0C-64A361C05CFF}
2013-05-22 18:46 - 2013-05-22 18:46 - 00000000 ____D C:\Users\dianne\Local Settings\IAC
2013-05-22 18:46 - 2013-05-22 18:46 - 00000000 ____D C:\Users\dianne\Local Settings\Application Data\IAC
2013-05-22 18:46 - 2013-05-22 18:46 - 00000000 ____D C:\Users\dianne\AppData\Local\IAC
2013-05-14 22:31 - 2013-05-14 22:31 - 00000000 ____D C:\Users\dianne\Application Data\ShopAtHome
2013-05-14 22:31 - 2013-05-14 22:31 - 00000000 ____D C:\Users\dianne\AppData\Roaming\ShopAtHome
2013-05-05 13:36 - 2013-05-01 09:35 - 17818624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-05 13:16 - 2013-05-01 09:35 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-05 11:25 - 2013-05-01 09:35 - 12324864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-05-05 11:12 - 2013-05-01 09:35 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-05-04 19:06 - 2013-05-04 19:06 - 00000000 ____D C:\FRST
2013-05-04 15:00 - 2006-11-02 07:22 - 00003744 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-05-04 15:00 - 2006-11-02 07:22 - 00003744 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-05-04 14:45 - 2013-05-04 14:45 - 00602112 ____A (OldTimer Tools) C:\Users\dianne\Downloads\OTL.exe
2013-05-04 14:29 - 2011-11-28 22:09 - 01471992 ____A C:\Windows\WindowsUpdate.log
2013-05-04 14:04 - 2013-04-19 08:34 - 00000000 ____D C:\Users\dianne\Application Data\Yontoo
2013-05-04 14:04 - 2013-04-19 08:34 - 00000000 ____D C:\Users\dianne\AppData\Roaming\Yontoo
2013-05-04 04:10 - 2011-03-26 05:26 - 00000000 ____D C:\ProgramData\MFAData
2013-05-04 04:10 - 2011-03-26 05:26 - 00000000 ____D C:\ProgramData\Application Data\MFAData
2013-05-03 16:14 - 2006-11-02 07:42 - 00032588 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-05-03 15:47 - 2013-05-03 15:47 - 00000004 ____A C:\Users\Dianeslife.dianne-PC.000\Application Data\skype.ini
2013-05-03 15:47 - 2013-05-03 15:47 - 00000004 ____A C:\Users\Dianeslife.dianne-PC.000\AppData\Roaming\skype.ini
2013-05-03 15:45 - 2012-11-29 21:50 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-05-03 15:45 - 2011-03-26 05:35 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-05-03 15:44 - 2013-04-19 08:37 - 00000360 ____A C:\Windows\Tasks\AmiUpdXp.job
2013-05-03 15:43 - 2013-05-03 15:43 - 00339968 ____A C:\skype936927.exe
2013-05-03 15:43 - 2013-05-03 15:43 - 00160256 ____A (SmartDev Software INC.) C:\icq804758.exe
2013-05-03 15:43 - 2013-05-03 15:43 - 00000000 ____A C:\notepad934314.exe
2013-05-03 15:43 - 2013-05-03 15:43 - 00000000 ____A C:\notepad592593.exe
2013-05-03 15:43 - 2013-05-03 15:43 - 00000000 ____A C:\acrobatreader546217.exe
2013-05-03 15:43 - 2010-01-30 18:02 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-05-03 15:43 - 2009-08-11 19:16 - 00000288 ____A C:\Windows\Tasks\RtlNICDiagVistaStart.job
2013-05-03 15:31 - 2011-04-17 07:20 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1424625615-964005803-1290662544-1000UA.job
2013-05-03 15:22 - 2010-01-30 18:02 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-05-03 14:58 - 2013-05-03 14:58 - 00339968 ____A C:\vlcplayer112080.exe
2013-05-03 14:58 - 2013-05-03 14:58 - 00160256 ____A (SmartDev Software INC.) C:\notepad51661.exe
2013-05-03 14:58 - 2013-05-03 14:58 - 00000000 ____A C:\skype884200.exe
2013-05-03 14:58 - 2013-05-03 14:58 - 00000000 ____A C:\conhost898425.exe
2013-05-03 14:58 - 2013-05-03 14:58 - 00000000 ____A C:\chrome906514.exe
2013-05-03 14:52 - 2013-05-03 14:52 - 00339968 ____A C:\winlogon506979.exe
2013-05-03 14:52 - 2013-05-03 14:52 - 00160256 ____A (SmartDev Software INC.) C:\firefox207543.exe
2013-05-03 14:52 - 2013-05-03 14:52 - 00000000 ____A C:\opera690821.exe
2013-05-03 14:52 - 2013-05-03 14:52 - 00000000 ____A C:\msconfig411325.exe
2013-05-03 14:52 - 2013-05-03 14:52 - 00000000 ____A C:\acrobat122838.exe
2013-05-03 14:32 - 2011-04-17 07:20 - 00000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1424625615-964005803-1290662544-1000Core.job
2013-05-03 14:23 - 2006-11-02 07:42 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-03 12:24 - 2011-03-09 15:27 - 00000000 ____D C:\ProgramData\Yahoo! Companion
2013-05-03 12:24 - 2011-03-09 15:27 - 00000000 ____D C:\ProgramData\Application Data\Yahoo! Companion
2013-05-03 12:23 - 2011-12-03 20:46 - 00000000 ____D C:\Users\Guest\Application Data\Google
2013-05-03 12:23 - 2011-12-03 20:46 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Google
2013-05-03 12:18 - 2011-12-03 20:46 - 00000000 ____D C:\Users\Guest\Local Settings\Google
2013-05-03 12:18 - 2011-12-03 20:46 - 00000000 ____D C:\Users\Guest\Local Settings\Application Data\Google
2013-05-03 12:18 - 2011-12-03 20:46 - 00000000 ____D C:\Users\Guest\AppData\Local\Google
2013-05-03 12:16 - 2013-05-03 12:16 - 00000000 ____D C:\Users\Guest\Application Data\AVG2013
2013-05-03 12:16 - 2013-05-03 12:16 - 00000000 ____D C:\Users\Guest\AppData\Roaming\AVG2013
2013-05-03 12:16 - 2013-04-30 13:01 - 00000000 ____D C:\Users\Guest\Application Data\SearchProtect
2013-05-03 12:16 - 2013-04-30 13:01 - 00000000 ____D C:\Users\Guest\AppData\Roaming\SearchProtect
2013-05-02 23:04 - 2013-05-02 23:04 - 00159232 ____A (Handy-Software INC.) C:\jqs610173.exe
2013-05-02 23:04 - 2013-05-02 23:04 - 00118784 ____A C:\ctfmon622763.exe
2013-05-02 23:04 - 2013-05-02 23:04 - 00079360 ____A (TrueCrypt Foundation) C:\mstsc448018.exe
2013-05-02 23:04 - 2013-05-02 23:04 - 00000000 ____A C:\spoolsv705678.exe
2013-05-02 23:04 - 2013-05-02 23:04 - 00000000 ____A C:\skype824759.exe
2013-05-02 22:42 - 2013-05-02 22:42 - 00118784 ____A C:\teamviewer181069.exe
2013-05-02 22:42 - 2013-05-02 22:42 - 00104448 ____A (TrueCrypt Foundation) C:\teamviewer886518.exe
2013-05-02 22:42 - 2013-05-02 22:42 - 00079360 ____A (TrueCrypt Foundation) C:\icq575055.exe
2013-05-02 22:42 - 2013-05-02 22:42 - 00000000 ____A C:\rundll32887045.exe
2013-05-02 22:42 - 2013-05-02 22:42 - 00000000 ____A C:\firefox748637.exe
2013-05-02 22:35 - 2013-05-02 22:35 - 00155648 ____A (Handy-Software INC.) C:\spoolsv628255.exe
2013-05-02 22:35 - 2013-05-02 22:35 - 00118784 ____A C:\skype182761.exe
2013-05-02 22:35 - 2013-05-02 22:35 - 00079360 ____A (TrueCrypt Foundation) C:\chrome218447.exe
2013-05-02 22:35 - 2013-05-02 22:35 - 00000000 ____A C:\opera702546.exe
2013-05-02 22:35 - 2013-05-02 22:35 - 00000000 ____A C:\mstsc137826.exe
2013-05-02 22:07 - 2013-05-02 22:07 - 00062464 ____A C:\ab53tzax0rrdg.exe
2013-05-02 20:53 - 2013-05-02 20:53 - 00155648 ____A (Handy-Software INC.) C:\ctfmon939801.exe
2013-05-02 20:53 - 2013-05-02 20:53 - 00118784 ____A C:\windowsupdate546361.exe
2013-05-02 20:53 - 2013-05-02 20:53 - 00079360 ____A (TrueCrypt Foundation) C:\skype264171.exe
2013-05-02 20:53 - 2013-05-02 20:53 - 00000000 ____A C:\teamviewer104157.exe
2013-05-02 20:53 - 2013-05-02 20:53 - 00000000 ____A C:\jucheck662571.exe
2013-05-02 20:33 - 2013-05-02 20:33 - 00118784 ____A C:\iexplore681869.exe
2013-05-02 20:33 - 2013-05-02 20:33 - 00104448 ____A (TrueCrypt Foundation) C:\windowsupdate262242.exe
2013-05-02 20:33 - 2013-05-02 20:33 - 00079360 ____A (TrueCrypt Foundation) C:\chrome932441.exe
2013-05-02 20:33 - 2013-05-02 20:33 - 00000000 ____A C:\rundll32993525.exe
2013-05-02 20:33 - 2013-05-02 20:33 - 00000000 ____A C:\googleupdate202983.exe
2013-05-02 20:19 - 2013-05-02 20:19 - 00155648 ____A (Handy-Software INC.) C:\skype541672.exe
2013-05-02 20:19 - 2013-05-02 20:19 - 00118784 ____A C:\flashplayer346255.exe
2013-05-02 20:19 - 2013-05-02 20:19 - 00079360 ____A (TrueCrypt Foundation) C:\jqs978128.exe
2013-05-02 20:19 - 2013-05-02 20:19 - 00000000 ____A C:\notepad533755.exe
2013-05-02 20:19 - 2013-05-02 20:19 - 00000000 ____A C:\chrome658477.exe
2013-05-02 19:46 - 2013-05-02 19:46 - 00118784 ____A C:\acrobat699032.exe
2013-05-02 19:46 - 2013-05-02 19:46 - 00079360 ____A (TrueCrypt Foundation) C:\icq30407.exe
2013-05-02 19:46 - 2013-05-02 19:46 - 00000000 ____A C:\teamviewer524382.exe
2013-05-02 19:46 - 2013-05-02 19:46 - 00000000 ____A C:\jqs187759.exe
2013-05-02 19:46 - 2013-05-02 19:45 - 00104448 ____A (TrueCrypt Foundation) C:\notepad792152.exe
2013-05-02 19:42 - 2013-05-02 19:42 - 00155648 ____A (Handy-Software INC.) C:\ctfmon30984.exe
2013-05-02 19:42 - 2013-05-02 19:42 - 00118784 ____A C:\acrobatreader81749.exe
2013-05-02 19:42 - 2013-05-02 19:42 - 00079360 ____A (TrueCrypt Foundation) C:\iexplore402645.exe
2013-05-02 19:42 - 2013-05-02 19:42 - 00000000 ____A C:\csrss997278.exe
2013-05-02 19:42 - 2013-05-02 19:42 - 00000000 ____A C:\acrobat85526.exe
2013-05-02 19:39 - 2013-05-02 19:39 - 00118784 ____A C:\acrobatreader101746.exe
2013-05-02 19:39 - 2013-05-02 19:39 - 00104448 ____A (TrueCrypt Foundation) C:\jucheck330567.exe
2013-05-02 19:39 - 2013-05-02 19:39 - 00079360 ____A (TrueCrypt Foundation) C:\jucheck662335.exe
2013-05-02 19:39 - 2013-05-02 19:39 - 00000000 ____A C:\skype141176.exe
2013-05-02 19:39 - 2013-05-02 19:39 - 00000000 ____A C:\acrobat77889.exe
2013-05-02 19:10 - 2013-05-02 19:10 - 00118784 ____A C:\acrobat223048.exe
2013-05-02 19:10 - 2013-05-02 19:10 - 00000000 ____A C:\winlogon130415.exe
2013-05-02 19:10 - 2013-05-02 19:10 - 00000000 ____A C:\jucheck277042.exe
2013-05-02 19:10 - 2013-05-02 19:09 - 00079360 ____A (TrueCrypt Foundation) C:\jucheck735425.exe
2013-05-02 19:09 - 2013-05-02 19:09 - 00104448 ____A (TrueCrypt Foundation) C:\notepad95914.exe
2013-05-02 18:55 - 2013-05-02 18:55 - 00118784 ____A C:\jqs12747.exe
2013-05-02 18:55 - 2013-05-02 18:55 - 00104448 ____A (TrueCrypt Foundation) C:\csrss107632.exe
2013-05-02 18:55 - 2013-05-02 18:55 - 00079360 ____A (TrueCrypt Foundation) C:\icq20391.exe
2013-05-02 18:55 - 2013-05-02 18:55 - 00000000 ____A C:\vlcplayer372074.exe
2013-05-02 18:55 - 2013-05-02 18:55 - 00000000 ____A C:\icq204884.exe
2013-05-02 17:30 - 2013-05-02 17:30 - 00155648 ____A (Handy-Software INC.) C:\conhost988193.exe
2013-05-02 17:30 - 2013-05-02 17:30 - 00118784 ____A C:\jucheck320931.exe
2013-05-02 17:30 - 2013-05-02 17:30 - 00079360 ____A (TrueCrypt Foundation) C:\ctfmon459735.exe
2013-05-02 17:30 - 2013-05-02 17:30 - 00000000 ____A C:\teamviewer773213.exe
2013-05-02 17:30 - 2013-05-02 17:30 - 00000000 ____A C:\csrss829256.exe
2013-05-02 17:27 - 2013-05-02 17:27 - 00118784 ____A C:\acrobat147159.exe
2013-05-02 17:27 - 2013-05-02 17:27 - 00079360 ____A (TrueCrypt Foundation) C:\firefox135617.exe
2013-05-02 17:27 - 2013-05-02 17:27 - 00000000 ____A C:\teamviewer491329.exe
2013-05-02 17:27 - 2013-05-02 17:27 - 00000000 ____A C:\opera85118.exe
2013-05-02 17:27 - 2013-05-02 17:26 - 00155648 ____A (Handy-Software INC.) C:\spoolsv109431.exe
2013-05-02 17:02 - 2013-05-02 17:02 - 00155648 ____A (Handy-Software INC.) C:\iexplore233100.exe
2013-05-02 17:02 - 2013-05-02 17:02 - 00118784 ____A C:\notepad564465.exe
2013-05-02 17:02 - 2013-05-02 17:02 - 00079360 ____A (TrueCrypt Foundation) C:\winlogon892695.exe
2013-05-02 17:02 - 2013-05-02 17:02 - 00000000 ____A C:\jqs892874.exe
2013-05-02 17:02 - 2013-05-02 17:02 - 00000000 ____A C:\chrome914533.exe
2013-05-02 16:36 - 2013-05-02 16:36 - 00155648 ____A (Handy-Software INC.) C:\mstsc404529.exe
2013-05-02 16:36 - 2013-05-02 16:36 - 00118784 ____A C:\windowsupdate606705.exe
2013-05-02 16:36 - 2013-05-02 16:36 - 00079360 ____A (TrueCrypt Foundation) C:\chrome236759.exe
2013-05-02 16:36 - 2013-05-02 16:36 - 00000000 ____A C:\winlogon68512.exe
2013-05-02 16:36 - 2013-05-02 16:36 - 00000000 ____A C:\opera316315.exe
2013-05-02 16:33 - 2013-05-02 16:33 - 00155648 ____A (Handy-Software INC.) C:\windowsupdate132907.exe
2013-05-02 16:33 - 2013-05-02 16:33 - 00118784 ____A C:\vlcplayer863737.exe
2013-05-02 16:33 - 2013-05-02 16:33 - 00079360 ____A (TrueCrypt Foundation) C:\windowsupdate983375.exe
2013-05-02 16:33 - 2013-05-02 16:33 - 00000000 ____A C:\opera573177.exe
2013-05-02 16:33 - 2013-05-02 16:33 - 00000000 ____A C:\jqs475449.exe
2013-05-02 16:23 - 2013-05-02 16:23 - 00276576 ____A C:\Windows\Minidump\Mini050213-06.dmp
2013-05-02 16:23 - 2013-05-02 08:14 - 672417819 ____A C:\Windows\MEMORY.DMP
2013-05-02 16:23 - 2010-09-19 16:31 - 00000000 ____D C:\Windows\Minidump
2013-05-02 16:20 - 2013-05-02 16:20 - 00118784 ____A C:\csrss651257.exe
2013-05-02 16:20 - 2013-05-02 16:20 - 00104448 ____A (TrueCrypt Foundation) C:\acrobatreader989293.exe
2013-05-02 16:20 - 2013-05-02 16:20 - 00079360 ____A (TrueCrypt Foundation) C:\icq759195.exe
2013-05-02 16:20 - 2013-05-02 16:20 - 00000000 ____A C:\teamviewer873952.exe
2013-05-02 16:20 - 2013-05-02 16:20 - 00000000 ____A C:\opera168006.exe
2013-05-02 16:07 - 2013-05-02 16:07 - 00070078 ____A C:\Users\Dianeslife.dianne-PC.000\Downloads\Extras.Txt
2013-05-02 16:05 - 2013-05-02 16:05 - 00166402 ____A C:\Users\Dianeslife.dianne-PC.000\Downloads\OTL.Txt
2013-05-02 15:50 - 2013-05-02 15:50 - 00602112 ____A (OldTimer Tools) C:\Users\Dianeslife.dianne-PC.000\Downloads\OTL.exe
2013-05-02 14:53 - 2013-05-02 14:53 - 00155648 ____A (Handy-Software INC.) C:\winlogon236697.exe
2013-05-02 14:53 - 2013-05-02 14:53 - 00118784 ____A C:\acrobatreader113091.exe
2013-05-02 14:53 - 2013-05-02 14:53 - 00079360 ____A (TrueCrypt Foundation) C:\java820740.exe
2013-05-02 14:53 - 2013-05-02 14:53 - 00000000 ____A C:\teamviewer297860.exe
2013-05-02 14:53 - 2013-05-02 14:53 - 00000000 ____A C:\skype586979.exe
2013-05-02 13:56 - 2013-05-02 13:55 - 00118784 ____A C:\mstsc683817.exe
2013-05-02 13:55 - 2013-05-02 13:55 - 00155648 ____A (Handy-Software INC.) C:\mstsc722955.exe
2013-05-02 13:55 - 2013-05-02 13:55 - 00079360 ____A (TrueCrypt Foundation) C:\mstsc390328.exe
2013-05-02 13:55 - 2013-05-02 13:55 - 00000000 ____A C:\vlcplayer278752.exe
2013-05-02 13:55 - 2013-05-02 13:55 - 00000000 ____A C:\java318683.exe
2013-05-02 13:18 - 2013-05-02 13:18 - 00155648 ____A (Handy-Software INC.) C:\notepad966801.exe
2013-05-02 13:18 - 2013-05-02 13:18 - 00118784 ____A C:\firefox340557.exe
2013-05-02 13:18 - 2013-05-02 13:18 - 00079360 ____A (TrueCrypt Foundation) C:\skype738441.exe
2013-05-02 13:18 - 2013-05-02 13:18 - 00000000 ____A C:\rundll3287063.exe
2013-05-02 13:18 - 2013-05-02 13:18 - 00000000 ____A C:\googleupdate680280.exe
2013-05-02 12:09 - 2013-05-31 09:35 - 00000732 ____A C:\Users\dianne\Local Settings\d3d9caps64.dat
2013-05-02 12:09 - 2013-05-31 09:35 - 00000732 ____A C:\Users\dianne\Local Settings\Application Data\d3d9caps64.dat
2013-05-02 12:09 - 2013-05-31 09:35 - 00000732 ____A C:\Users\dianne\AppData\Local\d3d9caps64.dat
2013-05-02 12:08 - 2013-05-02 12:08 - 00118784 ____A C:\icq691933.exe
2013-05-02 12:08 - 2013-05-02 12:08 - 00104448 ____A (TrueCrypt Foundation) C:\conhost535073.exe
2013-05-02 12:08 - 2013-05-02 12:08 - 00079360 ____A (TrueCrypt Foundation) C:\icq522403.exe
2013-05-02 12:08 - 2013-05-02 12:08 - 00000000 ____A C:\rundll32799679.exe
2013-05-02 12:08 - 2013-05-02 12:08 - 00000000 ____A C:\iexplore538591.exe
2013-05-02 12:04 - 2013-05-01 15:02 - 00000004 ____A C:\Users\dianne\Application Data\skype.ini
2013-05-02 12:04 - 2013-05-01 15:02 - 00000004 ____A C:\Users\dianne\AppData\Roaming\skype.ini
2013-05-02 09:19 - 2013-05-02 09:19 - 00276576 ____A C:\Windows\Minidump\Mini050213-05.dmp
2013-05-02 09:15 - 2013-05-02 09:15 - 00119808 ____A (Mail.Ru) C:\rundll32607652.exe
2013-05-02 09:15 - 2013-05-02 09:15 - 00118784 ____A C:\vlcplayer7519.exe
2013-05-02 09:15 - 2013-05-02 09:15 - 00095744 ____A (Mail.Ru) C:\teamviewer480281.exe
2013-05-02 09:15 - 2013-05-02 09:15 - 00000000 ____A C:\opera974205.exe
2013-05-02 09:15 - 2013-05-02 09:15 - 00000000 ____A C:\flashplayer797915.exe
2013-05-02 09:09 - 2013-05-02 09:09 - 00276576 ____A C:\Windows\Minidump\Mini050213-04.dmp
2013-05-02 08:50 - 2013-05-02 08:50 - 00118784 ____A C:\chrome720041.exe
2013-05-02 08:50 - 2013-05-02 08:50 - 00000000 ____A C:\icq96727.exe
2013-05-02 08:50 - 2013-05-02 08:50 - 00000000 ____A C:\icq950829.exe
2013-05-02 08:50 - 2013-05-02 08:49 - 00095744 ____A (Mail.Ru) C:\csrss98300.exe
2013-05-02 08:49 - 2013-05-02 08:49 - 00155648 ____A (Handy-Software INC.) C:\csrss695435.exe
2013-05-02 08:46 - 2013-05-02 08:46 - 00000000 ____D C:\Users\Dianeslife.dianne-PC.000\Local Settings\MyFunCards_5m
2013-05-02 08:46 - 2013-05-02 08:46 - 00000000 ____D C:\Users\Dianeslife.dianne-PC.000\Local Settings\Application Data\MyFunCards_5m
2013-05-02 08:46 - 2013-05-02 08:46 - 00000000 ____D C:\Users\Dianeslife.dianne-PC.000\AppData\Local\MyFunCards_5m
2013-05-02 08:43 - 2013-05-02 08:43 - 00155648 ____A (Handy-Software INC.) C:\winlogon705216.exe
2013-05-02 08:43 - 2013-05-02 08:43 - 00118784 ____A C:\flashplayer745482.exe
2013-05-02 08:43 - 2013-05-02 08:43 - 00095744 ____A (Mail.Ru) C:\jqs7223.exe
2013-05-02 08:43 - 2013-05-02 08:43 - 00000000 ____A C:\winlogon309288.exe
2013-05-02 08:43 - 2013-05-02 08:43 - 00000000 ____A C:\csrss896551.exe
2013-05-02 08:43 - 2011-04-26 09:52 - 00000000 ____D C:\Users\Dianeslife.dianne-PC.000\Local Settings\Google
2013-05-02 08:43 - 2011-04-26 09:52 - 00000000 ____D C:\Users\Dianeslife.dianne-PC.000\Local Settings\Application Data\Google
2013-05-02 08:43 - 2011-04-26 09:52 - 00000000 ____D C:\Users\Dianeslife.dianne-PC.000\AppData\Local\Google
2013-05-02 08:39 - 2013-05-02 08:39 - 00276576 ____A C:\Windows\Minidump\Mini050213-03.dmp
2013-05-02 08:34 - 2013-05-02 08:34 - 00000000 ____D C:\Users\Dianeslife.dianne-PC.000\Application Data\SearchProtect
2013-05-02 08:34 - 2013-05-02 08:34 - 00000000 ____D C:\Users\Dianeslife.dianne-PC.000\AppData\Roaming\SearchProtect
2013-05-02 08:34 - 2012-11-19 06:06 - 00001242 _RASH C:\Users\Dianeslife.dianne-PC.000\ntuser.pol
2013-05-02 08:34 - 2010-10-09 02:28 - 00000000 ____D C:\users\Dianeslife.dianne-PC.000
2013-05-02 08:33 - 2013-05-02 08:33 - 00000000 ____D C:\Users\Dianeslife.dianne-PC.000\Local Settings\AVG SafeGuard toolbar
2013-05-02 08:33 - 2013-05-02 08:33 - 00000000 ____D C:\Users\Dianeslife.dianne-PC.000\Local Settings\Application Data\AVG SafeGuard toolbar
2013-05-02 08:33 - 2013-05-02 08:33 - 00000000 ____D C:\Users\Dianeslife.dianne-PC.000\AppData\Local\AVG SafeGuard toolbar
2013-05-02 08:26 - 2013-05-02 08:26 - 00270064 ____A C:\Windows\Minidump\Mini050213-02.dmp
2013-05-02 08:18 - 2013-05-02 08:18 - 00000000 ____D C:\Users\Dianeslife.dianne-PC.000\Application Data\AVG2013
2013-05-02 08:18 - 2013-05-02 08:18 - 00000000 ____D C:\Users\Dianeslife.dianne-PC.000\AppData\Roaming\AVG2013
2013-05-02 08:15 - 2013-05-02 08:14 - 00276520 ____A C:\Windows\Minidump\Mini050213-01.dmp
2013-05-01 18:43 - 2006-11-02 04:46 - 00759750 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-01 15:41 - 2013-05-01 15:41 - 00143360 ____A C:\googleupdate93257.exe
2013-05-01 15:41 - 2013-05-01 15:41 - 00119808 ____A (Mail.Ru) C:\java268285.exe
2013-05-01 15:41 - 2013-05-01 15:41 - 00095744 ____A (Mail.Ru) C:\mstsc462903.exe
2013-05-01 15:41 - 2013-05-01 15:41 - 00000000 ____A C:\windowsupdate781629.exe
2013-05-01 15:41 - 2013-05-01 15:41 - 00000000 ____A C:\java356293.exe
2013-05-01 15:20 - 2013-05-01 15:20 - 00143360 ____A C:\icq40220.exe
2013-05-01 15:20 - 2013-05-01 15:20 - 00095744 ____A (Mail.Ru) C:\teamviewer626029.exe
2013-05-01 15:20 - 2013-05-01 15:20 - 00000000 ____A C:\mstsc709463.exe
2013-05-01 15:20 - 2013-05-01 15:20 - 00000000 ____A C:\jucheck864185.exe
2013-05-01 15:19 - 2013-05-01 15:19 - 00119808 ____A (Mail.Ru) C:\vlcplayer208848.exe
2013-05-01 15:13 - 2013-05-01 15:13 - 00143360 ____A C:\rundll32157950.exe
2013-05-01 15:13 - 2013-05-01 15:13 - 00095744 ____A (Mail.Ru) C:\chrome547035.exe
2013-05-01 15:13 - 2013-05-01 15:13 - 00000000 ____A C:\vlcplayer168894.exe
2013-05-01 15:13 - 2013-05-01 15:13 - 00000000 ____A C:\icq194577.exe
2013-05-01 15:12 - 2013-05-01 15:12 - 00119808 ____A (Mail.Ru) C:\firefox706601.exe
2013-05-01 14:59 - 2013-05-01 14:59 - 00143360 ____A C:\iexplore634279.exe
2013-05-01 14:59 - 2013-05-01 14:59 - 00095744 ____A (Mail.Ru) C:\acrobat251295.exe
2013-05-01 14:59 - 2013-05-01 14:59 - 00000000 ____A C:\jucheck576471.exe
2013-05-01 14:59 - 2013-05-01 14:59 - 00000000 ____A C:\jqs626033.exe
2013-05-01 14:59 - 2013-05-01 14:58 - 00172032 ____A (Intex Software LTD) C:\notepad280593.exe
2013-05-01 14:21 - 2013-05-01 14:21 - 00172032 ____A (Intex Software LTD) C:\alg284328.exe
2013-05-01 14:21 - 2013-05-01 14:21 - 00143360 ____A C:\alg907765.exe
2013-05-01 14:21 - 2013-05-01 14:21 - 00095744 ____A (Mail.Ru) C:\icq915640.exe
2013-05-01 14:21 - 2013-05-01 14:21 - 00000000 ____A C:\winlogon669745.exe
2013-05-01 14:21 - 2013-05-01 14:21 - 00000000 ____A C:\jqs794657.exe
2013-05-01 14:12 - 2013-05-01 14:12 - 00143360 ____A C:\icq901995.exe
2013-05-01 14:12 - 2013-05-01 14:12 - 00000000 ____A C:\windowsupdate365938.exe
2013-05-01 14:12 - 2013-05-01 14:12 - 00000000 ____A C:\icq485803.exe
2013-05-01 14:12 - 2013-05-01 14:11 - 00095744 ____A (Mail.Ru) C:\msconfig649286.exe
2013-05-01 14:11 - 2013-05-01 14:11 - 00172032 ____A (Intex Software LTD) C:\mstsc532398.exe
2013-05-01 14:01 - 2013-05-01 14:01 - 00172032 ____A (Intex Software LTD) C:\jucheck234924.exe
2013-05-01 14:01 - 2013-05-01 14:01 - 00143360 ____A C:\jqs17101.exe
2013-05-01 14:01 - 2013-05-01 14:01 - 00095744 ____A (Mail.Ru) C:\windowsupdate589892.exe
2013-05-01 14:01 - 2013-05-01 14:01 - 00000000 ____A C:\winlogon661101.exe
2013-05-01 14:01 - 2013-05-01 14:01 - 00000000 ____A C:\windowsupdate96743.exe
2013-05-01 13:57 - 2013-05-01 13:57 - 00172032 ____A (Intex Software LTD) C:\acrobat823773.exe
2013-05-01 13:57 - 2013-05-01 13:57 - 00143360 ____A C:\firefox213543.exe
2013-05-01 13:57 - 2013-05-01 13:57 - 00095744 ____A (Mail.Ru) C:\rundll3266645.exe
2013-05-01 13:57 - 2013-05-01 13:57 - 00000000 ____A C:\notepad789161.exe
2013-05-01 13:57 - 2013-05-01 13:57 - 00000000 ____A C:\acrobat767709.exe
2013-05-01 13:54 - 2013-05-01 13:54 - 00172032 ____A (Intex Software LTD) C:\msconfig468186.exe
2013-05-01 13:54 - 2013-05-01 13:54 - 00143360 ____A C:\alg670382.exe
2013-05-01 13:54 - 2013-05-01 13:54 - 00095744 ____A (Mail.Ru) C:\csrss725318.exe
2013-05-01 13:54 - 2013-05-01 13:54 - 00000000 ____A C:\googleupdate12191.exe
2013-05-01 13:54 - 2013-05-01 13:54 - 00000000 ____A C:\csrss127999.exe
2013-05-01 13:51 - 2013-05-01 13:51 - 00143360 ____A C:\rundll32489527.exe
2013-05-01 13:50 - 2013-05-01 13:50 - 00172032 ____A (Intex Software LTD) C:\acrobatreader521175.exe
2013-05-01 13:50 - 2013-05-01 13:50 - 00095744 ____A (Mail.Ru) C:\chrome202760.exe
2013-05-01 13:50 - 2013-05-01 13:50 - 00000000 ____A C:\vlcplayer162217.exe
2013-05-01 13:50 - 2013-05-01 13:50 - 00000000 ____A C:\ctfmon776557.exe
2013-05-01 13:14 - 2013-05-01 13:14 - 00143360 ____A C:\mstsc993072.exe
2013-05-01 13:14 - 2013-05-01 13:14 - 00119808 ____A (Mail.Ru) C:\acrobat388158.exe
2013-05-01 13:14 - 2013-05-01 13:14 - 00095744 ____A (Mail.Ru) C:\skype310143.exe
2013-05-01 13:14 - 2013-05-01 13:14 - 00000000 ____A C:\googleupdate86940.exe
2013-05-01 13:14 - 2013-05-01 13:14 - 00000000 ____A C:\firefox603167.exe
2013-05-01 13:04 - 2013-05-01 13:04 - 00143360 ____A C:\opera835295.exe
2013-05-01 13:04 - 2013-05-01 13:04 - 00000000 ____A C:\googleupdate642361.exe
2013-05-01 13:04 - 2013-05-01 13:04 - 00000000 ____A C:\acrobatreader812511.exe
2013-05-01 13:03 - 2013-05-01 13:03 - 00119808 ____A (Mail.Ru) C:\vlcplayer785269.exe
2013-05-01 13:03 - 2013-05-01 13:03 - 00095744 ____A (Mail.Ru) C:\ctfmon347821.exe
2013-05-01 12:15 - 2013-05-01 12:15 - 00172032 ____A (Intex Software LTD) C:\flashplayer775734.exe
2013-05-01 12:15 - 2013-05-01 12:15 - 00143360 ____A C:\firefox933559.exe
2013-05-01 12:15 - 2013-05-01 12:15 - 00095744 ____A (Mail.Ru) C:\conhost27040.exe
2013-05-01 12:15 - 2013-05-01 12:15 - 00000000 ____A C:\mstsc713540.exe
2013-05-01 12:15 - 2013-05-01 12:15 - 00000000 ____A C:\chrome33315.exe
2013-05-01 12:12 - 2013-05-01 12:12 - 00172032 ____A (Intex Software LTD) C:\conhost23376.exe
2013-05-01 12:12 - 2013-05-01 12:12 - 00143360 ____A C:\ctfmon424177.exe
2013-05-01 12:12 - 2013-05-01 12:12 - 00095744 ____A (Mail.Ru) C:\mstsc926033.exe
2013-05-01 12:12 - 2013-05-01 12:12 - 00000000 ____A C:\winlogon226296.exe
2013-05-01 12:12 - 2013-05-01 12:12 - 00000000 ____A C:\vlcplayer519672.exe
2013-05-01 11:44 - 2013-05-01 11:44 - 00172032 ____A (Intex Software LTD) C:\googleupdate646327.exe
2013-05-01 11:44 - 2013-05-01 11:44 - 00143360 ____A C:\ctfmon444048.exe
2013-05-01 11:44 - 2013-05-01 11:44 - 00095744 ____A (Mail.Ru) C:\conhost688135.exe
2013-05-01 11:44 - 2013-05-01 11:44 - 00000000 ____A C:\iexplore701714.exe
2013-05-01 11:44 - 2013-05-01 11:44 - 00000000 ____A C:\acrobatreader161153.exe
2013-05-01 11:37 - 2013-05-01 11:37 - 00143360 ____A C:\alg763110.exe
2013-05-01 11:37 - 2013-05-01 11:37 - 00119808 ____A (Mail.Ru) C:\teamviewer.exe
2013-05-01 11:37 - 2013-05-01 11:37 - 00095744 ____A (Mail.Ru) C:\jqs526995.exe
2013-05-01 11:37 - 2013-05-01 11:37 - 00000000 ____A C:\vlcplayer773917.exe
2013-05-01 11:37 - 2013-05-01 11:37 - 00000000 ____A C:\alg708090.exe
2013-05-01 11:16 - 2013-05-01 11:16 - 00143360 ____A C:\chrome.exe
2013-05-01 11:16 - 2013-05-01 11:16 - 00119808 ____A (Mail.Ru) C:\icq.exe
2013-05-01 11:16 - 2013-05-01 11:16 - 00095744 ____A (Mail.Ru) C:\flashplayer.exe
2013-05-01 11:16 - 2013-05-01 11:16 - 00000000 ____A C:\rundll32.exe
2013-05-01 11:16 - 2013-05-01 11:16 - 00000000 ____A C:\firefox.exe
2013-05-01 11:06 - 2013-05-01 11:06 - 00143360 ____A C:\conhost.exe
2013-05-01 11:06 - 2013-05-01 11:06 - 00095744 ____A (Mail.Ru) C:\acrobatreader.exe
2013-05-01 11:06 - 2013-05-01 11:06 - 00000000 ____A C:\jqs.exe
2013-05-01 11:06 - 2013-05-01 11:06 - 00000000 ____A C:\ctfmon.exe
2013-05-01 11:05 - 2013-05-01 11:05 - 00119808 ____A (Mail.Ru) C:\jucheck.exe
2013-05-01 10:45 - 2013-05-01 10:45 - 00143360 ____A C:\spoolsv.exe
2013-05-01 10:45 - 2013-05-01 10:45 - 00000000 ____A C:\skype.exe
2013-05-01 10:45 - 2013-05-01 10:45 - 00000000 ____A C:\opera.exe
2013-05-01 10:44 - 2013-05-01 10:44 - 00172032 ____A (Intex Software LTD) C:\alg.exe
2013-05-01 10:44 - 2013-05-01 10:44 - 00000000 ____A C:\vlcplayer.exe
2013-05-01 10:06 - 2006-11-02 07:21 - 00272616 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-01 10:05 - 2013-02-14 21:58 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-05-01 09:43 - 2013-05-01 09:43 - 00172032 ____A (Intex Software LTD) C:\acrobat.exe
2013-05-01 09:43 - 2013-05-01 09:43 - 00143360 ____A C:\iexplore.exe
2013-05-01 09:43 - 2013-05-01 09:43 - 00000000 ____A C:\windowsupdate.exe
2013-05-01 09:43 - 2013-05-01 09:43 - 00000000 ____A C:\msconfig.exe
2013-05-01 09:43 - 2013-05-01 09:43 - 00000000 ____A C:\java.exe
2013-05-01 09:43 - 2006-11-02 04:35 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2013-05-01 09:40 - 2013-05-01 09:40 - 00172032 ____A (Intex Software LTD) C:\mstsc.exe
2013-05-01 09:40 - 2013-05-01 09:40 - 00143360 ____A C:\winlogon.exe
2013-05-01 09:40 - 2013-05-01 09:40 - 00000000 ____A C:\notepad.exe
2013-05-01 09:40 - 2013-05-01 09:40 - 00000000 ____A C:\googleupdate.exe
2013-05-01 09:40 - 2013-05-01 09:40 - 00000000 ____A C:\csrss.exe
2013-04-30 19:33 - 2011-04-17 07:21 - 00002090 ____A C:\Users\dianne\Desktop\Google Chrome.lnk
2013-04-30 14:45 - 2012-11-29 21:50 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-04-30 14:45 - 2011-10-18 09:07 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-04-30 14:19 - 2013-04-28 05:27 - 00000000 ____D C:\Users\dianne\Local Settings\SweetIM
2013-04-30 14:19 - 2013-04-28 05:27 - 00000000 ____D C:\Users\dianne\Local Settings\Application Data\SweetIM
2013-04-30 14:19 - 2013-04-28 05:27 - 00000000 ____D C:\Users\dianne\AppData\Local\SweetIM
2013-04-30 13:50 - 2013-04-30 13:50 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2013-04-30 13:47 - 2013-03-11 09:11 - 00000000 ____D C:\Program Files (x86)\AVG SafeGuard toolbar
2013-04-30 13:45 - 2009-08-14 12:46 - 00000000 ____D C:\users\dianne
2013-04-30 13:43 - 2011-12-03 20:45 - 00000000 ____D C:\users\Guest
2013-04-30 13:43 - 2009-08-19 05:57 - 00000000 ____D C:\users\RA Media Server
2013-04-30 13:43 - 2006-11-02 04:33 - 72089600 ____A C:\Windows\System32\config\software_previous
2013-04-30 13:43 - 2006-11-02 04:33 - 49807360 ____A C:\Windows\System32\config\components_previous
2013-04-30 13:43 - 2006-11-02 04:33 - 21495808 ____A C:\Windows\System32\config\system_previous
2013-04-30 13:43 - 2006-11-02 04:33 - 00524288 ____A C:\Windows\System32\config\default_previous
2013-04-30 13:43 - 2006-11-02 04:33 - 00131072 ____A C:\Windows\System32\config\sam_previous
2013-04-30 13:43 - 2006-11-02 04:33 - 00024576 ____A C:\Windows\System32\config\security_previous
2013-04-30 13:42 - 2013-04-19 08:33 - 00000000 ____D C:\Program Files (x86)\Tuguu SL
2013-04-30 13:42 - 2013-04-19 08:29 - 00000000 ____D C:\Program Files\Updater By SweetPacks
2013-04-30 13:42 - 2013-04-19 08:29 - 00000000 ____D C:\Program Files (x86)\SweetIM
2013-04-30 13:42 - 2013-04-11 06:27 - 00000000 ____D C:\Windows\SysWOW64\cache
2013-04-30 13:42 - 2011-11-05 19:39 - 00000000 ____D C:\Program Files\Defraggler
2013-04-30 13:42 - 2011-10-28 07:57 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-04-30 13:42 - 2011-04-01 10:59 - 00000000 ____D C:\Users\Dianeslife.dianne-PC.000\Application Data\Yahoo!
2013-04-30 13:42 - 2011-04-01 10:59 - 00000000 ____D C:\Users\Dianeslife.dianne-PC.000\AppData\Roaming\Yahoo!
2013-04-30 13:42 - 2011-03-31 06:52 - 00000000 ____D C:\Users\Dianeslife.dianne-PC.000\Application Data\AVG10
2013-04-30 13:42 - 2011-03-31 06:52 - 00000000 ____D C:\Users\Dianeslife.dianne-PC.000\AppData\Roaming\AVG10
2013-04-30 13:42 - 2010-10-09 02:29 - 00000000 ____D C:\Users\Dianeslife.dianne-PC.000\Local Settings\SupportSoft
2013-04-30 13:42 - 2010-10-09 02:29 - 00000000 ____D C:\Users\Dianeslife.dianne-PC.000\Local Settings\Application Data\SupportSoft
2013-04-30 13:42 - 2010-10-09 02:29 - 00000000 ____D C:\Users\Dianeslife.dianne-PC.000\Application Data\Verizon
2013-04-30 13:42 - 2010-10-09 02:29 - 00000000 ____D C:\Users\Dianeslife.dianne-PC.000\AppData\Roaming\Verizon
2013-04-30 13:42 - 2010-10-09 02:29 - 00000000 ____D C:\Users\Dianeslife.dianne-PC.000\AppData\Local\SupportSoft
2013-04-30 13:42 - 2010-10-09 02:28 - 00000000 ____D C:\Users\Dianeslife.dianne-PC.000\Local Settings\VirtualStore
2013-04-30 13:42 - 2010-10-09 02:28 - 00000000 ____D C:\Users\Dianeslife.dianne-PC.000\Local Settings\Application Data\VirtualStore
2013-04-30 13:42 - 2010-10-09 02:28 - 00000000 ____D C:\Users\Dianeslife.dianne-PC.000\AppData\Local\VirtualStore
2013-04-30 13:42 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\System32\spool
2013-04-30 13:42 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\System32\Msdtc
2013-04-30 13:42 - 2006-11-02 05:33 - 00000000 __RSD C:\Windows\Media
2013-04-30 13:42 - 2006-11-02 05:33 - 00000000 ____D C:\Windows\registration
2013-04-30 13:10 - 2013-04-30 13:10 - 00000000 ____D C:\Users\Dianeslife.dianne-PC.000\Local Settings\Avg2013
2013-04-30 13:10 - 2013-04-30 13:10 - 00000000 ____D C:\Users\Dianeslife.dianne-PC.000\Local Settings\Application Data\Avg2013
2013-04-30 13:10 - 2013-04-30 13:10 - 00000000 ____D C:\Users\Dianeslife.dianne-PC.000\AppData\Local\Avg2013
2013-04-30 13:08 - 2013-04-30 13:08 - 00000000 ____D C:\Users\Dianeslife.dianne-PC.000\Application Data\SUPERAntiSpyware.com
2013-04-30 13:08 - 2013-04-30 13:08 - 00000000 ____D C:\Users\Dianeslife.dianne-PC.000\AppData\Roaming\SUPERAntiSpyware.com
2013-04-30 13:07 - 2013-04-30 13:07 - 00000732 ____A C:\Users\Dianeslife.dianne-PC.000\Local Settings\d3d9caps64.dat
2013-04-30 13:07 - 2013-04-30 13:07 - 00000732 ____A C:\Users\Dianeslife.dianne-PC.000\Local Settings\Application Data\d3d9caps64.dat
2013-04-30 13:07 - 2013-04-30 13:07 - 00000732 ____A C:\Users\Dianeslife.dianne-PC.000\AppData\Local\d3d9caps64.dat
2013-04-30 13:01 - 2013-04-30 13:01 - 00000000 ____D C:\Users\Guest\Local Settings\Avg2013
2013-04-30 13:01 - 2013-04-30 13:01 - 00000000 ____D C:\Users\Guest\Local Settings\AVG SafeGuard toolbar
2013-04-30 13:01 - 2013-04-30 13:01 - 00000000 ____D C:\Users\Guest\Local Settings\Application Data\Avg2013
2013-04-30 13:01 - 2013-04-30 13:01 - 00000000 ____D C:\Users\Guest\Local Settings\Application Data\AVG SafeGuard toolbar
2013-04-30 13:01 - 2013-04-30 13:01 - 00000000 ____D C:\Users\Guest\Application Data\SUPERAntiSpyware.com
2013-04-30 13:01 - 2013-04-30 13:01 - 00000000 ____D C:\Users\Guest\AppData\Roaming\SUPERAntiSpyware.com
2013-04-30 13:01 - 2013-04-30 13:01 - 00000000 ____D C:\Users\Guest\AppData\Local\Avg2013
2013-04-30 13:01 - 2013-04-30 13:01 - 00000000 ____D C:\Users\Guest\AppData\Local\AVG SafeGuard toolbar
2013-04-30 04:13 - 2013-04-30 04:13 - 00000000 ____D C:\Program Files (x86)\Coupon Savings
2013-04-27 23:04 - 2009-08-11 19:17 - 00000000 ____D C:\ProgramData\Application Data\Adobe
2013-04-27 23:04 - 2009-08-11 19:17 - 00000000 ____D C:\ProgramData\Adobe
2013-04-26 03:11 - 2011-09-18 18:07 - 00000000 ____D C:\Users\dianne\Local Settings\Application Data\{4CD31BCC-CFA8-4C1C-99EA-7AE42A7090B3}
2013-04-26 03:11 - 2011-09-18 18:07 - 00000000 ____D C:\Users\dianne\Local Settings\{4CD31BCC-CFA8-4C1C-99EA-7AE42A7090B3}
2013-04-26 03:11 - 2011-09-18 18:07 - 00000000 ____D C:\Users\dianne\AppData\Local\{4CD31BCC-CFA8-4C1C-99EA-7AE42A7090B3}
2013-04-21 13:54 - 2013-01-05 23:52 - 00000000 ____D C:\Users\dianne\Desktop\dianne
2013-04-21 13:54 - 2012-11-13 16:01 - 00000000 ____D C:\Users\dianne\Local Settings\Xfinity.com
2013-04-21 13:54 - 2012-11-13 16:01 - 00000000 ____D C:\Users\dianne\Local Settings\Application Data\Xfinity.com
2013-04-21 13:54 - 2012-11-13 16:01 - 00000000 ____D C:\Users\dianne\AppData\Local\Xfinity.com
2013-04-21 13:54 - 2012-04-26 14:54 - 00000000 ____D C:\Users\dianne\Application Data\IObit
2013-04-21 13:54 - 2012-04-26 14:54 - 00000000 ____D C:\Users\dianne\AppData\Roaming\IObit
2013-04-21 13:54 - 2012-02-14 22:54 - 00000000 ____D C:\Users\dianne\Local Settings\Solid State Networks
2013-04-21 13:54 - 2012-02-14 22:54 - 00000000 ____D C:\Users\dianne\Local Settings\Application Data\Solid State Networks
2013-04-21 13:54 - 2012-02-14 22:54 - 00000000 ____D C:\Users\dianne\AppData\Local\Solid State Networks
2013-04-21 13:54 - 2010-07-25 12:19 - 00000000 ____D C:\Users\dianne\Application Data\Skype
2013-04-21 13:54 - 2010-07-25 12:19 - 00000000 ____D C:\Users\dianne\AppData\Roaming\Skype
2013-04-21 13:54 - 2006-11-02 05:34 - 00000000 ___HD C:\Windows\System32\GroupPolicy
2013-04-20 23:14 - 2011-10-28 07:58 - 00754664 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2013-04-20 13:58 - 2010-09-24 14:37 - 00000000 ____D C:\Users\dianne\My Documents\OneNote Notebooks
2013-04-20 13:58 - 2010-09-24 14:37 - 00000000 ____D C:\Users\dianne\Documents\OneNote Notebooks
2013-04-20 13:16 - 2013-04-20 13:16 - 00000000 ____A C:\Windows\setuperr.log
2013-04-20 13:16 - 2013-04-20 13:16 - 00000000 ____A C:\Windows\setupact.log
2013-04-20 06:27 - 2012-11-17 06:39 - 00026946 ____A C:\Windows\PFRO.log
2013-04-19 11:04 - 2013-04-19 11:04 - 00000000 ____D C:\Users\dianne\Local Settings\MyFunCards_5m
2013-04-19 11:04 - 2013-04-19 11:04 - 00000000 ____D C:\Users\dianne\Local Settings\Application Data\MyFunCards_5m
2013-04-19 11:04 - 2013-04-19 11:04 - 00000000 ____D C:\Users\dianne\AppData\Local\MyFunCards_5m
2013-04-19 11:04 - 2010-01-05 20:23 - 00000000 ____D C:\Users\dianne\Local Settings\Google
2013-04-19 11:04 - 2010-01-05 20:23 - 00000000 ____D C:\Users\dianne\Local Settings\Application Data\Google
2013-04-19 11:04 - 2010-01-05 20:23 - 00000000 ____D C:\Users\dianne\AppData\Local\Google
2013-04-19 10:51 - 2013-02-15 22:07 - 00001480 ____A C:\Users\dianne\Desktop\Sync Folder.lnk
2013-04-19 08:36 - 2013-04-19 08:36 - 00000000 ____D C:\Users\dianne\Local Settings\SwvUpdater
2013-04-19 08:36 - 2013-04-19 08:36 - 00000000 ____D C:\Users\dianne\Local Settings\Application Data\SwvUpdater
2013-04-19 08:36 - 2013-04-19 08:36 - 00000000 ____D C:\Users\dianne\AppData\Local\SwvUpdater
2013-04-19 08:36 - 2013-04-19 08:36 - 00000000 ____D C:\Program Files (x86)\WhiteSmoke_New
2013-04-19 08:35 - 2013-04-19 08:35 - 00000867 ____A C:\Users\dianne\Desktop\Driver Pro.lnk
2013-04-19 08:35 - 2013-04-19 08:35 - 00000000 ____D C:\Users\dianne\Application Data\Driver Pro
2013-04-19 08:35 - 2013-04-19 08:35 - 00000000 ____D C:\Users\dianne\AppData\Roaming\Driver Pro
2013-04-19 08:35 - 2013-04-19 08:35 - 00000000 ____D C:\Program Files (x86)\SearchProtect
2013-04-19 08:35 - 2013-04-19 08:35 - 00000000 ____D C:\Program Files (x86)\Driver Pro
2013-04-19 08:34 - 2013-04-19 08:34 - 00000000 ____D C:\Program Files (x86)\Yontoo
2013-04-19 08:33 - 2013-04-19 08:33 - 00001918 ____A C:\Users\Public\Desktop\VAFPlayer.lnk
2013-04-19 08:33 - 2013-04-19 08:33 - 00001918 ____A C:\ProgramData\Desktop\VAFPlayer.lnk
2013-04-19 08:33 - 2013-04-19 08:33 - 00000000 ____D C:\Users\dianne\Application Data\player
2013-04-19 08:33 - 2013-04-19 08:33 - 00000000 ____D C:\Users\dianne\AppData\Roaming\player
2013-04-19 08:28 - 2013-04-19 08:28 - 00000903 ____A C:\Users\dianne\Desktop\Optimizer Pro.lnk
2013-04-19 08:28 - 2013-04-19 08:28 - 00000535 ____A C:\Windows\KB893803v2.log
2013-04-19 08:28 - 2013-04-19 08:28 - 00000000 ____D C:\Users\dianne\Local Settings\Supreme Savings
2013-04-19 08:28 - 2013-04-19 08:28 - 00000000 ____D C:\Users\dianne\Local Settings\Application Data\Supreme Savings
2013-04-19 08:28 - 2013-04-19 08:28 - 00000000 ____D C:\Users\dianne\Application Data\Optimizer Pro
2013-04-19 08:28 - 2013-04-19 08:28 - 00000000 ____D C:\Users\dianne\Application Data\DefaultTab
2013-04-19 08:28 - 2013-04-19 08:28 - 00000000 ____D C:\Users\dianne\AppData\Roaming\Optimizer Pro
2013-04-19 08:28 - 2013-04-19 08:28 - 00000000 ____D C:\Users\dianne\AppData\Roaming\DefaultTab
2013-04-19 08:28 - 2013-04-19 08:28 - 00000000 ____D C:\Users\dianne\AppData\Local\Supreme Savings
2013-04-19 08:28 - 2013-04-19 08:28 - 00000000 ____D C:\Program Files (x86)\DefaultTab
2013-04-19 08:28 - 2013-04-19 08:27 - 00000000 ____D C:\Program Files (x86)\Supreme Savings
2013-04-19 08:28 - 2011-12-04 10:19 - 00000632 _RASH C:\Users\dianne\ntuser.pol
2013-04-19 08:28 - 2006-11-02 05:34 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2013-04-19 08:27 - 2013-04-19 08:27 - 00000928 ____A C:\Users\dianne\Desktop\MyPC Backup.lnk
2013-04-19 08:27 - 2013-04-19 08:27 - 00000000 ____D C:\Users\dianne\Local Settings\Updater19962
2013-04-19 08:27 - 2013-04-19 08:27 - 00000000 ____D C:\Users\dianne\Local Settings\Application Data\Updater19962
2013-04-19 08:27 - 2013-04-19 08:27 - 00000000 ____D C:\Users\dianne\AppData\Local\Updater19962
2013-04-19 08:27 - 2013-04-19 08:27 - 00000000 ____D C:\Program Files (x86)\Optimizer Pro
2013-04-18 08:07 - 2011-12-04 10:04 - 00000000 ____D C:\Users\dianne\Local Settings\Application Data\{5E8E4CD9-3164-4D3C-A79F-B53121E3851A}
2013-04-18 08:07 - 2011-12-04 10:04 - 00000000 ____D C:\Users\dianne\Local Settings\{5E8E4CD9-3164-4D3C-A79F-B53121E3851A}
2013-04-18 08:07 - 2011-12-04 10:04 - 00000000 ____D C:\Users\dianne\AppData\Local\{5E8E4CD9-3164-4D3C-A79F-B53121E3851A}
2013-04-16 12:38 - 2013-04-16 12:38 - 00049872 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\circbogd.sys
2013-04-15 06:17 - 2013-04-30 14:14 - 00901496 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-04-12 19:34 - 2013-04-30 14:14 - 00047104 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-04-11 06:26 - 2013-03-11 09:12 - 00040736 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
2013-04-08 17:55 - 2013-04-30 14:14 - 02774016 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-04-05 04:24 - 2013-03-11 09:12 - 00000830 ____A C:\Users\Public\Desktop\AVG 2013.lnk
2013-04-05 04:24 - 2013-03-11 09:12 - 00000830 ____A C:\ProgramData\Desktop\AVG 2013.lnk
2013-04-05 04:24 - 2011-04-13 22:36 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2013-04-04 17:19 - 2013-05-01 09:47 - 10926080 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-04-04 17:08 - 2013-05-01 09:47 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-04-04 17:01 - 2013-05-01 09:47 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-04-04 17:00 - 2013-05-01 09:47 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-04-04 16:59 - 2013-05-01 09:47 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-04-04 16:58 - 2013-05-01 09:47 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-04-04 16:57 - 2013-05-01 09:47 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-04-04 16:56 - 2013-05-01 09:47 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-04-04 16:55 - 2013-05-01 09:47 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-04-04 16:55 - 2013-05-01 09:47 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-04-04 16:54 - 2013-05-01 09:47 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-04-04 16:54 - 2013-05-01 09:47 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-04-04 16:51 - 2013-05-01 09:47 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-04-04 16:46 - 2013-05-01 09:47 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-04-04 14:54 - 2013-03-11 09:09 - 00000000 ____D C:\ProgramData\AVG2013
2013-04-04 14:54 - 2013-03-11 09:09 - 00000000 ____D C:\ProgramData\Application Data\AVG2013
2013-04-04 14:54 - 2013-03-11 09:07 - 00000000 ____D C:\Users\dianne\Local Settings\Avg2013
2013-04-04 14:54 - 2013-03-11 09:07 - 00000000 ____D C:\Users\dianne\Local Settings\Application Data\Avg2013
2013-04-04 14:54 - 2013-03-11 09:07 - 00000000 ____D C:\Users\dianne\AppData\Local\Avg2013
2013-04-04 14:54 - 2009-08-14 12:51 - 00000000 ____D C:\Users\dianne\Local Settings\SupportSoft
2013-04-04 14:54 - 2009-08-14 12:51 - 00000000 ____D C:\Users\dianne\Local Settings\Application Data\SupportSoft
2013-04-04 14:54 - 2009-08-14 12:51 - 00000000 ____D C:\Users\dianne\AppData\Local\SupportSoft
2013-04-04 14:11 - 2013-05-01 09:47 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-04-04 14:09 - 2013-05-01 09:47 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-04-04 14:02 - 2013-05-01 09:47 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-04-04 14:02 - 2013-05-01 09:47 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-04-04 14:02 - 2013-05-01 09:47 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-04-04 14:01 - 2013-05-01 09:47 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-04-04 13:59 - 2013-05-01 09:47 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-04-04 13:58 - 2013-05-01 09:47 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-04-04 13:58 - 2013-05-01 09:47 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-04-04 13:57 - 2013-05-01 09:47 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-04-04 13:56 - 2013-05-01 09:47 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-04-04 13:55 - 2013-05-01 09:47 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-04-04 13:54 - 2013-05-01 09:47 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-04-04 13:50 - 2013-05-01 09:47 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-1424625615-964005803-1290662544-1000\$cba21230bf71015178d904b5b57d4cd0
C:\$Recycle.Bin\S-1-5-21-1424625615-964005803-1290662544-1000\$cba21230bf71015178d904b5b57d4cd0\L
C:\$Recycle.Bin\S-1-5-21-1424625615-964005803-1290662544-1000\$cba21230bf71015178d904b5b57d4cd0\U

Files to move or delete:
====================
C:\Users\Dianeslife.dianne-PC.000\AppData\Roaming\skype.dat
C:\Users\Dianeslife.dianne-PC.000\AppData\Roaming\skype.ini
C:\Users\dianne\AppData\Roaming\skype.dat
C:\Users\dianne\AppData\Roaming\skype.ini

==================== Known DLLs (Whitelisted) ================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-04-21 13:41:41
Restore point made on: 2013-04-21 13:43:22
Restore point made on: 2013-04-24 02:30:51
Restore point made on: 2013-04-24 23:00:36
Restore point made on: 2013-04-25 20:54:43
Restore point made on: 2013-04-27 19:08:16
Restore point made on: 2013-04-28 12:20:35
Restore point made on: 2013-04-28 23:03:40
Restore point made on: 2013-04-29 20:00:19
Restore point made on: 2013-05-01 02:40:50
Restore point made on: 2013-05-01 09:35:30
Restore point made on: 2013-05-01 20:00:30
Restore point made on: 2013-05-02 23:05:31
Restore point made on: 2013-05-03 19:20:01
Restore point made on: 2013-05-04 20:00:48
Restore point made on: 2013-05-06 04:21:37
Restore point made on: 2013-05-09 08:46:52
Restore point made on: 2013-05-10 04:23:24
Restore point made on: 2013-05-14 04:26:05
Restore point made on: 2013-05-14 23:00:56
Restore point made on: 2013-05-15 20:00:11
Restore point made on: 2013-05-16 20:00:11
Restore point made on: 2013-05-17 20:00:11
Restore point made on: 2013-05-17 23:29:26
Restore point made on: 2013-05-20 23:31:48
Restore point made on: 2013-05-23 01:43:26
Restore point made on: 2013-05-23 20:00:20
Restore point made on: 2013-05-24 18:20:11
Restore point made on: 2013-05-24 23:26:17
Restore point made on: 2013-05-25 00:03:46
Restore point made on: 2013-05-27 00:56:04
Restore point made on: 2013-05-28 20:21:08
Restore point made on: 2013-05-29 20:00:21

==================== Memory info ===========================

Percentage of memory in use: 11%
Total physical RAM: 4060.26 MB
Available physical RAM: 3601.07 MB
Total Pagefile: 3933.89 MB
Available Pagefile: 3577.05 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:683.58 GB) (Free:524.9 GB) NTFS (Disk=0 Partition=3) ==>[Drive with boot components (obtained from BCD)]
Drive d: (VivitarExperienc) (CDROM) (Total:0.05 GB) (Free:0 GB) CDFS
Drive e: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
Drive f: () (Removable) (Total:7.47 GB) (Free:4.25 GB) FAT32 (Disk=1 Partition=1)
Drive x: (RECOVERY) (Fixed) (Total:15 GB) (Free:0.02 GB) NTFS (Disk=0 Partition=2)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 699 GB) (Disk ID: 38000000)
Partition 1: (Not Active) - (Size=55 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=684 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 7 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=7 GB) - (Type=0B)

Last Boot: 2013-05-04 14:43

==================== End Of Log ============================

#8
jtroop

Posted 04 June 2013 - 05:55 PM

Member

Topic Starter
Member
70 posts

Here is some additional information that you may find of use:

She received the malware on 05/31 (or that is when the symptoms began).

Just now I had google chrome browser running. When I re-started the machine to go into repair mode, chrome displayed a message indicating "malware with a white screen playing audio is preventing a restart, do you want to force restart?" Funny eh? Also it appears her computer date/time is one month off. I just noticed this.

Edited by jtroop, 04 June 2013 - 05:57 PM.

#9
JSntgRvr

Posted 04 June 2013 - 07:52 PM

Global Moderator

Global Moderator
11,579 posts

Download the enclosed file.

Save it next to FRST.

Run FRST as you did before, except that this time around click on the Fix button and wait.

The tool will make a log in the flashdrive (Fixlog.txt) please post it to your reply.

Attempt to boot in Normal Mode. If successful, follow these steps:

Run adwCleaner.

Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete

Posted Image

Once done it will ask to reboot, allow this

On reboot a log will be produced at C:\ADWCleaner[XX].txt please post it in your next reply.

Posted Image

Please download Malwarebytes' Anti-Malware from Here. Never download Malwarebytes' Anti-Malware from other sources.

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

#10
jtroop

Posted 05 June 2013 - 02:10 PM

Member

Topic Starter
Member
70 posts

One thing at a time in case this nasty comes back. I was able to get into normal mode. I will do adwcleaner and malewarebytes next. Here is the fix log:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-06-2013
Ran by SYSTEM at 2013-05-05 15:56:27 Run:1
Running from D:\
Boot Mode: Recovery
==============================================

HKEY_USERS\Dianeslife.dianne-PC.000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
HKEY_USERS\dianne\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
C:\$Recycle.Bin\S-1-5-21-1424625615-964005803-1290662544-1000\$cba21230bf71015178d904b5b57d4cd0 => Moved successfully.
C:\Users\Dianeslife.dianne-PC.000\AppData\Roaming\skype.dat => Moved successfully.
C:\Users\Dianeslife.dianne-PC.000\AppData\Roaming\skype.ini => Moved successfully.
C:\Users\dianne\AppData\Roaming\skype.dat => Moved successfully.
C:\Users\dianne\AppData\Roaming\skype.ini => Moved successfully.

==== End of Fixlog ====

#11
jtroop

Posted 05 June 2013 - 02:32 PM

Member

Topic Starter
Member
70 posts

Okay, after running AdwCleaner and selecting delete, and after reboot, there are two logs, [R1] and [S1]. I am posting the S1 log as it is time stamped 3 minutes after R1. Here is the [S1} log:

# AdwCleaner v2.301 - Logfile created 05/05/2013 at 16:15:58
# Updated 16/05/2013 by Xplode
# Operating system : Windows ™ Vista Home Premium Service Pack 2 (64 bits)
# User : dianne - DIANNE-PC
# Boot Mode : Normal
# Running from : C:\Users\Dianeslife.dianne-PC.000\Downloads\AdwCleaner.exe
# Option [Delete]

***** [Services] *****

Stopped & Deleted : CltMngSvc
Stopped & Deleted : DefaultTabSearch
Stopped & Deleted : DefaultTabUpdate
Stopped & Deleted : Yontoo Desktop Updater

***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Ask.com
Deleted on reboot : C:\Program Files (x86)\AVG Secure Search
Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search
Deleted on reboot : C:\Program Files (x86)\Common Files\ParetoLogic
Deleted on reboot : C:\Program Files (x86)\Conduit
Deleted on reboot : C:\Program Files (x86)\ConduitEngine
Deleted on reboot : C:\Program Files (x86)\CouponAlert_2p
Deleted on reboot : C:\Program Files (x86)\DealPly
Deleted on reboot : C:\Program Files (x86)\DefaultTab
Deleted on reboot : C:\Program Files (x86)\Dogpile Bundle Toolbar
Deleted on reboot : C:\Program Files (x86)\Iminent
Deleted on reboot : C:\Program Files (x86)\MyFunCards_5m
Deleted on reboot : C:\Program Files (x86)\Optimizer Pro
Deleted on reboot : C:\Program Files (x86)\SearchProtect
Deleted on reboot : C:\Program Files (x86)\SingAlong
Deleted on reboot : C:\Program Files (x86)\Supreme Savings
Deleted on reboot : C:\Program Files (x86)\SweetIM
Deleted on reboot : C:\Program Files (x86)\WhiteSmoke_New
Deleted on reboot : C:\Program Files (x86)\Yontoo
Deleted on reboot : C:\Program Files (x86)\Zynga
Deleted on reboot : C:\Program Files (x86)\Zynga
Deleted on reboot : C:\Program Files\DomaIQ Uninstaller
Deleted on reboot : C:\ProgramData\Ask
Deleted on reboot : C:\ProgramData\Babylon
Deleted on reboot : C:\ProgramData\Iminent
Deleted on reboot : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro
Deleted on reboot : C:\ProgramData\ParetoLogic
Deleted on reboot : C:\ProgramData\Tarma Installer
Deleted on reboot : C:\Users\Dianeslife.dianne-PC.000\AppData\Local\MyFunCards_5m
Deleted on reboot : C:\Users\Dianeslife.dianne-PC.000\AppData\LocalLow\Conduit
Deleted on reboot : C:\Users\Dianeslife.dianne-PC.000\AppData\LocalLow\MyFunCards_5m
Deleted on reboot : C:\Users\Dianeslife.dianne-PC.000\AppData\LocalLow\Zynga
Deleted on reboot : C:\Users\Dianeslife.dianne-PC.000\AppData\LocalLow\Zynga
Deleted on reboot : C:\Users\Dianeslife.dianne-PC.000\AppData\Roaming\SearchProtect
Deleted on reboot : C:\Users\dianne\AppData\Local\Babylon
Deleted on reboot : C:\Users\dianne\AppData\Local\Conduit
Deleted on reboot : C:\Users\dianne\AppData\Local\ConduitEngine
Deleted on reboot : C:\Users\dianne\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Deleted on reboot : C:\Users\dianne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
Deleted on reboot : C:\Users\dianne\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
Deleted on reboot : C:\Users\dianne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Deleted on reboot : C:\Users\dianne\AppData\Local\MyFunCards_5m
Deleted on reboot : C:\Users\dianne\AppData\Local\Smartbar
Deleted on reboot : C:\Users\dianne\AppData\Local\Supreme Savings
Deleted on reboot : C:\Users\dianne\AppData\Local\SweetIM
Deleted on reboot : C:\Users\dianne\AppData\Local\SwvUpdater
Deleted on reboot : C:\Users\dianne\AppData\Local\Temp\Iminent
Deleted on reboot : C:\Users\dianne\AppData\Local\Temp\Smartbar
Deleted on reboot : C:\Users\dianne\AppData\Local\Updater19962
Deleted on reboot : C:\Users\dianne\AppData\Local\Zynga
Deleted on reboot : C:\Users\dianne\AppData\Local\Zynga
Deleted on reboot : C:\Users\dianne\AppData\LocalLow\AVG Secure Search
Deleted on reboot : C:\Users\dianne\AppData\LocalLow\AVG Security Toolbar
Deleted on reboot : C:\Users\dianne\AppData\LocalLow\Conduit
Deleted on reboot : C:\Users\dianne\AppData\LocalLow\ConduitEngine
Deleted on reboot : C:\Users\dianne\AppData\LocalLow\CouponAlert_2p
Deleted on reboot : C:\Users\dianne\AppData\LocalLow\FunWebProducts
Deleted on reboot : C:\Users\dianne\AppData\LocalLow\MyFunCards_5m
Deleted on reboot : C:\Users\dianne\AppData\LocalLow\MyWebSearch
Deleted on reboot : C:\Users\dianne\AppData\LocalLow\PriceGong
Deleted on reboot : C:\Users\dianne\AppData\LocalLow\SweetIM
Deleted on reboot : C:\Users\dianne\AppData\LocalLow\WhiteSmoke_New
Deleted on reboot : C:\Users\dianne\AppData\LocalLow\Zynga
Deleted on reboot : C:\Users\dianne\AppData\LocalLow\Zynga
Deleted on reboot : C:\Users\dianne\AppData\Roaming\Babylon
Deleted on reboot : C:\Users\dianne\AppData\Roaming\DealPly
Deleted on reboot : C:\Users\dianne\AppData\Roaming\DefaultTab
Deleted on reboot : C:\Users\dianne\AppData\Roaming\Iminent
Deleted on reboot : C:\Users\dianne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly
Deleted on reboot : C:\Users\dianne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dogpile Bundle Toolbar
Deleted on reboot : C:\Users\dianne\AppData\Roaming\Optimizer Pro
Deleted on reboot : C:\Users\dianne\AppData\Roaming\ParetoLogic
Deleted on reboot : C:\Users\dianne\AppData\Roaming\PriceGong
Deleted on reboot : C:\Users\dianne\AppData\Roaming\SearchProtect
Deleted on reboot : C:\Users\dianne\AppData\Roaming\Yontoo
Deleted on reboot : C:\Windows\Installer\{EBE677C0-CBCB-4EBF-8098-E27E1B5271CF}
File Deleted : \END
File Deleted : C:\Users\Public\Desktop\eBay.lnk
File Deleted : C:\Windows\Tasks\AmiUpdXp.job

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\AVG Security Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\DefaultTab
Key Deleted : HKCU\Software\AppDataLow\Software\Freecause
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\Supreme Savings
Key Deleted : HKCU\Software\AppDataLow\Software\WhiteSmoke_New
Key Deleted : HKCU\Software\AppDataLow\Software\Zynga
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Default Tab
Key Deleted : HKCU\Software\DefaultTab
Key Deleted : HKCU\Software\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\I Want This
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Zynga Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110111991162}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7B13EC3E-999A-4B70-B9CB-2617B8323822}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BFE4B5CB-63F7-4A51-9266-6167655D5B4F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C4B22C87-45EF-4F43-89F2-40DB2078864E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C80BDEB2-8735-44C6-BD55-A1CCD555667A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DA71FD14-5F7B-46AE-B8B1-44074A38F331}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110111991162}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1BB8B3AE-757D-443F-B3A4-0629E709B0D9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{739DF940-C5EE-4BAB-9D7E-270894AE687A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7B13EC3E-999A-4B70-B9CB-2617B8323822}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BFE4B5CB-63F7-4A51-9266-6167655D5B4F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C4B22C87-45EF-4F43-89F2-40DB2078864E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C80BDEB2-8735-44C6-BD55-A1CCD555667A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CE3B0E60-6386-4945-98C7-15B5800C56D6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DA71FD14-5F7B-46AE-B8B1-44074A38F331}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F78BF7A8-CF12-4DE7-A6DA-C463D1B539A7}
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\SearchProtect
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\Zynga
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0019962.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0019962.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0019962.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0019962.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX.1
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000060231.FCTB000060231Pos
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000060231.FCTB000060231Pos.1
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000060231.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000060231.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000060231.JSOptionsImpl
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000060231.JSOptionsImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook
Key Deleted : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1
Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2438727
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3289847
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Default Tab
Key Deleted : HKLM\Software\DefaultTab
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110111991162}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1BB8B3AE-757D-443F-B3A4-0629E709B0D9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CE3B0E60-6386-4945-98C7-15B5800C56D6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\Supreme Savings
Key Deleted : HKLM\Software\WhiteSmoke_New
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110111991162}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{13119113-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1BB8B3AE-757D-443F-B3A4-0629E709B0D9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{33119133-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{739DF940-C5EE-4BAB-9D7E-270894AE687A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B13EC3E-999A-4B70-B9CB-2617B8323822}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BFE4B5CB-63F7-4A51-9266-6167655D5B4F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C4B22C87-45EF-4F43-89F2-40DB2078864E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C80BDEB2-8735-44C6-BD55-A1CCD555667A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CE3B0E60-6386-4945-98C7-15B5800C56D6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DA71FD14-5F7B-46AE-B8B1-44074A38F331}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F78BF7A8-CF12-4DE7-A6DA-C463D1B539A7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\FCTB000060231
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110111991162}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110111991162}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{51FC1357-ADBF-491E-A7BB-2E02C0484D72}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65BCD620-07DD-012F-819F-073CF1B8F7C6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8C4FF1A-17A9-4EB0-AF52-B04C98A6C2A3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110111991162}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{739DF940-C5EE-4BAB-9D7E-270894AE687A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7B13EC3E-999A-4B70-B9CB-2617B8323822}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BFE4B5CB-63F7-4A51-9266-6167655D5B4F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C4B22C87-45EF-4F43-89F2-40DB2078864E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DA71FD14-5F7B-46AE-B8B1-44074A38F331}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EBE677C0-CBCB-4EBF-8098-E27E1B5271CF}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DomaIQ Uninstaller
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Supreme Savings
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke_New Toolbar
Key Deleted : HKLM\Software\Zynga
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{739DF940-C5EE-4BAB-9D7E-270894AE687A}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{7B13EC3E-999A-4B70-B9CB-2617B8323822}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{C80BDEB2-8735-44C6-BD55-A1CCD555667A}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{739DF940-C5EE-4BAB-9D7E-270894AE687A}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{7B13EC3E-999A-4B70-B9CB-2617B8323822}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{F78BF7A8-CF12-4DE7-A6DA-C463D1B539A7}]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Optimizer Pro]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [searchprotect]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Yontoo Desktop]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{739DF940-C5EE-4BAB-9D7E-270894AE687A}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{7B13EC3E-999A-4B70-B9CB-2617B8323822}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchProtectAll]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{739DF940-C5EE-4BAB-9D7E-270894AE687A}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{7B13EC3E-999A-4B70-B9CB-2617B8323822}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{C80BDEB2-8735-44C6-BD55-A1CCD555667A}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16483

Replaced : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={14837521-A90E-11E2-B41F-0021705D770C} --> hxxp://www.google.com

-\\ Google Chrome v27.0.1453.94

File : C:\Users\dianne\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.23] : icon_url = "hxxp://search.conduit.com/fav.ico",
Deleted [l.26] : keyword = "search.conduit.com",
Deleted [l.30] : search_url = "hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN19[...]
Deleted [l.31] : suggest_url = "hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}&CUI=U[...]
Deleted [l.498] : homepage = "hxxp://search.conduit.com/?ctid=CT3294791&SearchSource=48&CUI=UN19689179642454118&UM[...]
Deleted [l.675] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT3294791&SearchSource=48&CUI[...]

*************************

AdwCleaner[R1].txt - [28357 octets] - [05/05/2013 16:13:05]
AdwCleaner[S1].txt - [27743 octets] - [05/05/2013 16:15:58]

########## EOF - \AdwCleaner[S1].txt - [27804 octets] ##########

#12
JSntgRvr

Posted 05 June 2013 - 03:27 PM

Global Moderator

Global Moderator
11,579 posts

Looking good. :thumbsup:

#13
jtroop

Posted 05 June 2013 - 03:43 PM

Member

Topic Starter
Member
70 posts

Download the enclosed file.

Save it next to FRST.

Run FRST as you did before, except that this time around click on the Fix button and wait.

The tool will make a log in the flashdrive (Fixlog.txt) please post it to your reply.

Attempt to boot in Normal Mode. If successful, follow these steps:

Run adwCleaner.

Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete

Once done it will ask to reboot, allow this

On reboot a log will be produced at C:\ADWCleaner[XX].txt please post it in your next reply.

Please download Malwarebytes' Anti-Malware from Here. Never download Malwarebytes' Anti-Malware from other sources.

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

Now for the malarebytes. The scan completed, I clicked OK, then selected Show Results. Everything was checked, and I clicked Remove Selected. Then malwarebytes was displaying a not responding in the top bar of the box. After a few minutes, I went to task manager and forced closed it. I ran malwarebytes again and it only showed a couple of infections. So, I think the original scan worked. Here is the log from the original scan:

2013/05/05 16:33:39 -0400 DIANNE-PC Dianeslife MESSAGE Starting protection
2013/05/05 16:33:39 -0400 DIANNE-PC Dianeslife MESSAGE Protection started successfully
2013/05/05 16:33:39 -0400 DIANNE-PC Dianeslife MESSAGE Starting IP protection
2013/05/05 16:34:01 -0400 DIANNE-PC Dianeslife MESSAGE IP Protection started successfully
2013/05/05 16:34:01 -0400 DIANNE-PC Dianeslife MESSAGE Starting database refresh
2013/05/05 16:34:01 -0400 DIANNE-PC Dianeslife MESSAGE Stopping IP protection
2013/05/05 16:34:02 -0400 DIANNE-PC Dianeslife MESSAGE IP Protection stopped successfully
2013/05/05 16:34:06 -0400 DIANNE-PC Dianeslife MESSAGE Database refreshed successfully
2013/05/05 16:34:06 -0400 DIANNE-PC Dianeslife MESSAGE Starting IP protection
2013/05/05 16:34:14 -0400 DIANNE-PC Dianeslife MESSAGE IP Protection started successfully
2013/05/05 16:36:32 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.89 (Type: outgoing, Port: 53251, Process: svchost.exe)
2013/05/05 16:36:40 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.87 (Type: outgoing, Port: 53252, Process: svchost.exe)
2013/05/05 16:36:56 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.87 (Type: outgoing, Port: 53253, Process: svchost.exe)
2013/05/05 16:37:04 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.92 (Type: outgoing, Port: 53265, Process: svchost.exe)
2013/05/05 16:37:12 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.83 (Type: outgoing, Port: 53267, Process: svchost.exe)
2013/05/05 16:37:36 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.89 (Type: outgoing, Port: 53269, Process: svchost.exe)
2013/05/05 16:37:44 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.89 (Type: outgoing, Port: 53270, Process: svchost.exe)
2013/05/05 16:37:52 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.87 (Type: outgoing, Port: 53271, Process: svchost.exe)
2013/05/05 16:38:00 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.90 (Type: outgoing, Port: 53272, Process: svchost.exe)
2013/05/05 16:38:16 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.88 (Type: outgoing, Port: 53274, Process: svchost.exe)
2013/05/05 16:38:24 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.89 (Type: outgoing, Port: 53275, Process: svchost.exe)
2013/05/05 16:38:32 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.85 (Type: outgoing, Port: 53276, Process: svchost.exe)
2013/05/05 16:38:41 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.89 (Type: outgoing, Port: 53277, Process: svchost.exe)
2013/05/05 16:38:57 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.91 (Type: outgoing, Port: 53278, Process: svchost.exe)
2013/05/05 16:39:05 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.84 (Type: outgoing, Port: 53279, Process: svchost.exe)
2013/05/05 16:39:13 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.89 (Type: outgoing, Port: 53281, Process: svchost.exe)
2013/05/05 16:39:21 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.89 (Type: outgoing, Port: 53282, Process: svchost.exe)
2013/05/05 16:39:37 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.90 (Type: outgoing, Port: 53283, Process: svchost.exe)
2013/05/05 16:39:45 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.92 (Type: outgoing, Port: 53284, Process: svchost.exe)
2013/05/05 16:39:53 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.88 (Type: outgoing, Port: 53285, Process: svchost.exe)
2013/05/05 16:40:01 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.89 (Type: outgoing, Port: 53286, Process: svchost.exe)
2013/05/05 16:40:17 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.90 (Type: outgoing, Port: 53288, Process: svchost.exe)
2013/05/05 16:40:25 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.87 (Type: outgoing, Port: 53289, Process: svchost.exe)
2013/05/05 16:40:33 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.88 (Type: outgoing, Port: 53290, Process: svchost.exe)
2013/05/05 16:40:41 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.89 (Type: outgoing, Port: 53291, Process: svchost.exe)
2013/05/05 16:40:57 -0400 DIANNE-PC Dianeslife MESSAGE Executing scheduled update: Daily
2013/05/05 16:40:57 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.84 (Type: outgoing, Port: 53292, Process: svchost.exe)
2013/05/05 16:41:00 -0400 DIANNE-PC Dianeslife MESSAGE Database already up-to-date
2013/05/05 16:41:02 -0400 DIANNE-PC Dianeslife DETECTION C:\alg284328.exe Trojan.Ransom.FV QUARANTINE
2013/05/05 16:41:06 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.83 (Type: outgoing, Port: 53300, Process: svchost.exe)
2013/05/05 16:41:14 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.91 (Type: outgoing, Port: 53307, Process: svchost.exe)
2013/05/05 16:41:22 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.92 (Type: outgoing, Port: 53308, Process: svchost.exe)
2013/05/05 16:41:30 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.92 (Type: outgoing, Port: 53309, Process: svchost.exe)
2013/05/05 16:41:46 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.84 (Type: outgoing, Port: 53310, Process: svchost.exe)
2013/05/05 16:41:54 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.86 (Type: outgoing, Port: 53311, Process: svchost.exe)
2013/05/05 16:42:02 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.91 (Type: outgoing, Port: 53312, Process: svchost.exe)
2013/05/05 16:42:10 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.89 (Type: outgoing, Port: 53314, Process: svchost.exe)
2013/05/05 16:42:26 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.87 (Type: outgoing, Port: 53315, Process: svchost.exe)
2013/05/05 16:42:34 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.86 (Type: outgoing, Port: 53316, Process: svchost.exe)
2013/05/05 16:42:42 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.89 (Type: outgoing, Port: 53317, Process: svchost.exe)
2013/05/05 16:42:51 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.87 (Type: outgoing, Port: 53318, Process: svchost.exe)
2013/05/05 16:43:07 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.88 (Type: outgoing, Port: 53319, Process: svchost.exe)
2013/05/05 16:43:15 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.89 (Type: outgoing, Port: 53321, Process: svchost.exe)
2013/05/05 16:43:23 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.94 (Type: outgoing, Port: 53322, Process: svchost.exe)
2013/05/05 16:43:31 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.87 (Type: outgoing, Port: 53324, Process: svchost.exe)
2013/05/05 16:43:48 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.94 (Type: outgoing, Port: 53325, Process: svchost.exe)
2013/05/05 16:43:56 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.87 (Type: outgoing, Port: 53326, Process: svchost.exe)
2013/05/05 16:44:04 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.86 (Type: outgoing, Port: 53327, Process: svchost.exe)
2013/05/05 16:44:12 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.87 (Type: outgoing, Port: 53329, Process: svchost.exe)
2013/05/05 16:44:28 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.83 (Type: outgoing, Port: 53330, Process: svchost.exe)
2013/05/05 16:44:36 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.85 (Type: outgoing, Port: 53331, Process: svchost.exe)
2013/05/05 16:44:44 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.92 (Type: outgoing, Port: 53332, Process: svchost.exe)
2013/05/05 16:44:52 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.88 (Type: outgoing, Port: 53333, Process: svchost.exe)
2013/05/05 16:45:08 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.94 (Type: outgoing, Port: 53334, Process: svchost.exe)
2013/05/05 16:45:16 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.94 (Type: outgoing, Port: 53336, Process: svchost.exe)
2013/05/05 16:45:24 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.88 (Type: outgoing, Port: 53338, Process: svchost.exe)
2013/05/05 16:45:32 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.89 (Type: outgoing, Port: 53339, Process: svchost.exe)
2013/05/05 16:45:41 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.90 (Type: outgoing, Port: 53340, Process: svchost.exe)
2013/05/05 16:45:57 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.89 (Type: outgoing, Port: 53341, Process: svchost.exe)
2013/05/05 16:46:05 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.92 (Type: outgoing, Port: 53342, Process: svchost.exe)
2013/05/05 16:46:13 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.85 (Type: outgoing, Port: 53343, Process: svchost.exe)
2013/05/05 16:46:21 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.87 (Type: outgoing, Port: 53345, Process: svchost.exe)
2013/05/05 16:46:37 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.84 (Type: outgoing, Port: 53346, Process: svchost.exe)
2013/05/05 16:46:45 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.92 (Type: outgoing, Port: 53347, Process: svchost.exe)
2013/05/05 16:46:53 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.91 (Type: outgoing, Port: 53348, Process: svchost.exe)
2013/05/05 16:47:01 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.92 (Type: outgoing, Port: 53349, Process: svchost.exe)
2013/05/05 16:47:17 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.85 (Type: outgoing, Port: 53350, Process: svchost.exe)
2013/05/05 16:47:25 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.92 (Type: outgoing, Port: 53352, Process: svchost.exe)
2013/05/05 16:47:33 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.83 (Type: outgoing, Port: 53354, Process: svchost.exe)
2013/05/05 16:47:42 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.83 (Type: outgoing, Port: 53355, Process: svchost.exe)
2013/05/05 16:47:58 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.88 (Type: outgoing, Port: 53356, Process: svchost.exe)
2013/05/05 16:48:06 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.90 (Type: outgoing, Port: 53357, Process: svchost.exe)
2013/05/05 16:48:14 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.87 (Type: outgoing, Port: 53358, Process: svchost.exe)
2013/05/05 16:48:22 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.87 (Type: outgoing, Port: 53360, Process: svchost.exe)
2013/05/05 16:48:38 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.84 (Type: outgoing, Port: 53361, Process: svchost.exe)
2013/05/05 16:48:46 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.86 (Type: outgoing, Port: 53362, Process: svchost.exe)
2013/05/05 16:48:54 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.88 (Type: outgoing, Port: 53363, Process: svchost.exe)
2013/05/05 16:49:02 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.88 (Type: outgoing, Port: 53364, Process: svchost.exe)
2013/05/05 16:49:18 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.87 (Type: outgoing, Port: 53365, Process: svchost.exe)
2013/05/05 16:49:26 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.88 (Type: outgoing, Port: 53367, Process: svchost.exe)
2013/05/05 16:49:34 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.87 (Type: outgoing, Port: 53368, Process: svchost.exe)
2013/05/05 16:49:42 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.94 (Type: outgoing, Port: 53369, Process: svchost.exe)
2013/05/05 16:49:58 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.83 (Type: outgoing, Port: 53370, Process: svchost.exe)
2013/05/05 16:50:06 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.86 (Type: outgoing, Port: 53371, Process: svchost.exe)
2013/05/05 16:50:14 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.87 (Type: outgoing, Port: 53372, Process: svchost.exe)
2013/05/05 16:50:22 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.88 (Type: outgoing, Port: 53374, Process: svchost.exe)
2013/05/05 16:50:39 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.87 (Type: outgoing, Port: 53375, Process: svchost.exe)
2013/05/05 16:50:47 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.89 (Type: outgoing, Port: 53376, Process: svchost.exe)
2013/05/05 16:50:55 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.86 (Type: outgoing, Port: 53377, Process: svchost.exe)
2013/05/05 16:51:03 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.94 (Type: outgoing, Port: 53381, Process: svchost.exe)
2013/05/05 16:51:19 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.90 (Type: outgoing, Port: 53382, Process: svchost.exe)
2013/05/05 16:51:27 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.86 (Type: outgoing, Port: 53384, Process: svchost.exe)
2013/05/05 16:51:35 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.86 (Type: outgoing, Port: 53385, Process: svchost.exe)
2013/05/05 16:51:43 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.94 (Type: outgoing, Port: 53386, Process: svchost.exe)
2013/05/05 16:51:51 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.85 (Type: outgoing, Port: 53387, Process: svchost.exe)
2013/05/05 16:52:07 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.85 (Type: outgoing, Port: 53388, Process: svchost.exe)
2013/05/05 16:52:15 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.87 (Type: outgoing, Port: 53389, Process: svchost.exe)
2013/05/05 16:52:23 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.90 (Type: outgoing, Port: 53391, Process: svchost.exe)
2013/05/05 16:52:31 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.86 (Type: outgoing, Port: 53392, Process: svchost.exe)
2013/05/05 16:52:47 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.89 (Type: outgoing, Port: 53393, Process: svchost.exe)
2013/05/05 16:52:55 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.90 (Type: outgoing, Port: 53394, Process: svchost.exe)
2013/05/05 16:53:03 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.84 (Type: outgoing, Port: 53395, Process: svchost.exe)
2013/05/05 16:53:11 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.94 (Type: outgoing, Port: 53396, Process: svchost.exe)
2013/05/05 16:53:28 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.90 (Type: outgoing, Port: 53398, Process: svchost.exe)
2013/05/05 16:53:36 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.89 (Type: outgoing, Port: 53399, Process: svchost.exe)
2013/05/05 16:53:44 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.89 (Type: outgoing, Port: 53400, Process: svchost.exe)
2013/05/05 16:53:52 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.86 (Type: outgoing, Port: 53401, Process: svchost.exe)
2013/05/05 16:54:08 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.83 (Type: outgoing, Port: 53402, Process: svchost.exe)
2013/05/05 16:54:16 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.87 (Type: outgoing, Port: 53403, Process: svchost.exe)
2013/05/05 16:54:24 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.84 (Type: outgoing, Port: 53405, Process: svchost.exe)
2013/05/05 16:54:32 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.89 (Type: outgoing, Port: 53406, Process: svchost.exe)
2013/05/05 16:54:48 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.91 (Type: outgoing, Port: 53407, Process: svchost.exe)
2013/05/05 16:54:56 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.94 (Type: outgoing, Port: 53408, Process: svchost.exe)
2013/05/05 16:55:04 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.92 (Type: outgoing, Port: 53409, Process: svchost.exe)
2013/05/05 16:55:12 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.85 (Type: outgoing, Port: 53410, Process: svchost.exe)
2013/05/05 16:55:28 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.90 (Type: outgoing, Port: 53412, Process: svchost.exe)
2013/05/05 16:55:36 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.86 (Type: outgoing, Port: 53413, Process: svchost.exe)
2013/05/05 16:55:44 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.83 (Type: outgoing, Port: 53414, Process: svchost.exe)
2013/05/05 16:55:52 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.88 (Type: outgoing, Port: 53415, Process: svchost.exe)
2013/05/05 16:56:08 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.84 (Type: outgoing, Port: 53416, Process: svchost.exe)
2013/05/05 16:56:17 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.91 (Type: outgoing, Port: 53417, Process: svchost.exe)
2013/05/05 16:56:25 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.84 (Type: outgoing, Port: 53419, Process: svchost.exe)
2013/05/05 16:56:33 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.85 (Type: outgoing, Port: 53420, Process: svchost.exe)
2013/05/05 16:56:49 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.88 (Type: outgoing, Port: 53421, Process: svchost.exe)
2013/05/05 16:56:57 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.87 (Type: outgoing, Port: 53422, Process: svchost.exe)
2013/05/05 16:57:05 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.91 (Type: outgoing, Port: 53423, Process: svchost.exe)
2013/05/05 16:57:13 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.87 (Type: outgoing, Port: 53424, Process: svchost.exe)
2013/05/05 16:57:29 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.89 (Type: outgoing, Port: 53425, Process: svchost.exe)
2013/05/05 16:57:37 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.86 (Type: outgoing, Port: 53427, Process: svchost.exe)
2013/05/05 16:57:45 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.88 (Type: outgoing, Port: 53428, Process: svchost.exe)
2013/05/05 16:57:53 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.83 (Type: outgoing, Port: 53429, Process: svchost.exe)
2013/05/05 16:58:09 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.92 (Type: outgoing, Port: 53430, Process: svchost.exe)
2013/05/05 16:58:17 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.89 (Type: outgoing, Port: 53431, Process: svchost.exe)
2013/05/05 16:58:25 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.91 (Type: outgoing, Port: 53432, Process: svchost.exe)
2013/05/05 16:58:33 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.92 (Type: outgoing, Port: 53434, Process: svchost.exe)
2013/05/05 16:58:49 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.89 (Type: outgoing, Port: 53435, Process: svchost.exe)
2013/05/05 16:58:57 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.94 (Type: outgoing, Port: 53436, Process: svchost.exe)
2013/05/05 16:59:05 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.89 (Type: outgoing, Port: 53437, Process: svchost.exe)
2013/05/05 16:59:13 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.84 (Type: outgoing, Port: 53438, Process: svchost.exe)
2013/05/05 16:59:29 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.94 (Type: outgoing, Port: 53439, Process: svchost.exe)
2013/05/05 16:59:37 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.94 (Type: outgoing, Port: 53441, Process: svchost.exe)
2013/05/05 16:59:46 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.92 (Type: outgoing, Port: 53442, Process: svchost.exe)
2013/05/05 16:59:54 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.89 (Type: outgoing, Port: 53443, Process: svchost.exe)
2013/05/05 17:00:10 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.92 (Type: outgoing, Port: 53444, Process: svchost.exe)
2013/05/05 17:00:18 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.83 (Type: outgoing, Port: 53445, Process: svchost.exe)
2013/05/05 17:00:26 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.83 (Type: outgoing, Port: 53446, Process: svchost.exe)
2013/05/05 17:00:34 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.92 (Type: outgoing, Port: 53448, Process: svchost.exe)
2013/05/05 17:00:42 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.91 (Type: outgoing, Port: 53449, Process: svchost.exe)
2013/05/05 17:00:51 -0400 DIANNE-PC Dianeslife DETECTION C:\acrobat.exe Trojan.Ransom.FV QUARANTINE
2013/05/05 17:00:51 -0400 DIANNE-PC Dianeslife DETECTION C:\spoolsv628255.exe Trojan.Zbot.FV QUARANTINE
2013/05/05 17:00:58 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.91 (Type: outgoing, Port: 53452, Process: svchost.exe)
2013/05/05 17:01:06 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.91 (Type: outgoing, Port: 53454, Process: svchost.exe)
2013/05/05 17:01:14 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.88 (Type: outgoing, Port: 53457, Process: svchost.exe)
2013/05/05 17:01:18 -0400 DIANNE-PC Dianeslife DETECTION C:\chrome218447.exe Trojan.Ransom.FG QUARANTINE
2013/05/05 17:01:22 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.88 (Type: outgoing, Port: 53458, Process: svchost.exe)
2013/05/05 17:01:38 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.83 (Type: outgoing, Port: 53460, Process: svchost.exe)
2013/05/05 17:01:45 -0400 DIANNE-PC Dianeslife DETECTION C:\skype264171.exe Trojan.Ransom.FG QUARANTINE
2013/05/05 17:01:45 -0400 DIANNE-PC Dianeslife DETECTION C:\flashplayer775734.exe Trojan.Ransom.FV QUARANTINE
2013/05/05 17:01:46 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.89 (Type: outgoing, Port: 53461, Process: svchost.exe)
2013/05/05 17:01:54 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.91 (Type: outgoing, Port: 53462, Process: svchost.exe)
2013/05/05 17:02:02 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.91 (Type: outgoing, Port: 53463, Process: svchost.exe)
2013/05/05 17:02:08 -0400 DIANNE-PC Dianeslife DETECTION C:\jqs610173.exe Trojan.Zbot.FV QUARANTINE
2013/05/05 17:02:08 -0400 DIANNE-PC Dianeslife DETECTION C:\mstsc448018.exe Trojan.Ransom.FG QUARANTINE
2013/05/05 17:02:08 -0400 DIANNE-PC Dianeslife DETECTION C:\teamviewer886518.exe Trojan.Ransom.FG QUARANTINE
2013/05/05 17:02:16 -0400 DIANNE-PC Dianeslife DETECTION c:\alg284328.exe Trojan.Ransom.FV QUARANTINE
2013/05/05 17:02:16 -0400 DIANNE-PC Dianeslife ERROR Quarantine failed: SDKQuarantine failed with error code 2
2013/05/05 17:02:19 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.89 (Type: outgoing, Port: 53464, Process: svchost.exe)
2013/05/05 17:02:20 -0400 DIANNE-PC Dianeslife DETECTION c:\acrobat.exe Trojan.Ransom.FV QUARANTINE
2013/05/05 17:02:20 -0400 DIANNE-PC Dianeslife DETECTION c:\alg284328.exe Trojan.Ransom.FV QUARANTINE
2013/05/05 17:02:20 -0400 DIANNE-PC Dianeslife DETECTION c:\jqs610173.exe Trojan.Zbot.FV QUARANTINE
2013/05/05 17:02:20 -0400 DIANNE-PC Dianeslife DETECTION c:\skype264171.exe Trojan.Ransom.FG QUARANTINE
2013/05/05 17:02:20 -0400 DIANNE-PC Dianeslife DETECTION c:\mstsc448018.exe Trojan.Ransom.FG QUARANTINE
2013/05/05 17:02:20 -0400 DIANNE-PC Dianeslife DETECTION c:\chrome218447.exe Trojan.Ransom.FG QUARANTINE
2013/05/05 17:02:20 -0400 DIANNE-PC Dianeslife DETECTION c:\spoolsv628255.exe Trojan.Zbot.FV QUARANTINE
2013/05/05 17:02:20 -0400 DIANNE-PC Dianeslife DETECTION c:\teamviewer886518.exe Trojan.Ransom.FG QUARANTINE
2013/05/05 17:02:20 -0400 DIANNE-PC Dianeslife DETECTION c:\flashplayer775734.exe Trojan.Ransom.FV QUARANTINE
2013/05/05 17:02:20 -0400 DIANNE-PC Dianeslife ERROR Quarantine failed: SDKQuarantine failed with error code 2
2013/05/05 17:02:20 -0400 DIANNE-PC Dianeslife ERROR Quarantine failed: SDKQuarantine failed with error code 2
2013/05/05 17:02:20 -0400 DIANNE-PC Dianeslife ERROR Quarantine failed: SDKQuarantine failed with error code 2
2013/05/05 17:02:20 -0400 DIANNE-PC Dianeslife ERROR Quarantine failed: SDKQuarantine failed with error code 2
2013/05/05 17:02:20 -0400 DIANNE-PC Dianeslife ERROR Quarantine failed: SDKQuarantine failed with error code 2
2013/05/05 17:02:20 -0400 DIANNE-PC Dianeslife ERROR Quarantine failed: SDKQuarantine failed with error code 2
2013/05/05 17:02:20 -0400 DIANNE-PC Dianeslife ERROR Quarantine failed: SDKQuarantine failed with error code 2
2013/05/05 17:02:20 -0400 DIANNE-PC Dianeslife ERROR Quarantine failed: SDKQuarantine failed with error code 2
2013/05/05 17:02:20 -0400 DIANNE-PC Dianeslife ERROR Quarantine failed: SDKQuarantine failed with error code 2
2013/05/05 17:02:22 -0400 DIANNE-PC Dianeslife DETECTION C:\notepad280593.exe Trojan.Ransom.FV QUARANTINE
2013/05/05 17:02:22 -0400 DIANNE-PC Dianeslife DETECTION C:\acrobatreader521175.exe Trojan.Ransom.FV QUARANTINE
2013/05/05 17:02:27 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.87 (Type: outgoing, Port: 53465, Process: svchost.exe)
2013/05/05 17:02:35 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.90 (Type: outgoing, Port: 53467, Process: svchost.exe)
2013/05/05 17:02:42 -0400 DIANNE-PC Dianeslife DETECTION c:\acrobat.exe Trojan.Ransom.FV QUARANTINE
2013/05/05 17:02:42 -0400 DIANNE-PC Dianeslife DETECTION c:\jqs610173.exe Trojan.Zbot.FV QUARANTINE
2013/05/05 17:02:42 -0400 DIANNE-PC Dianeslife DETECTION c:\mstsc448018.exe Trojan.Ransom.FG QUARANTINE
2013/05/05 17:02:42 -0400 DIANNE-PC Dianeslife DETECTION c:\skype264171.exe Trojan.Ransom.FG QUARANTINE
2013/05/05 17:02:42 -0400 DIANNE-PC Dianeslife ERROR Quarantine failed: SDKQuarantine failed with error code 2
2013/05/05 17:02:42 -0400 DIANNE-PC Dianeslife DETECTION c:\chrome218447.exe Trojan.Ransom.FG QUARANTINE
2013/05/05 17:02:42 -0400 DIANNE-PC Dianeslife ERROR Quarantine failed: SDKQuarantine failed with error code 2
2013/05/05 17:02:42 -0400 DIANNE-PC Dianeslife DETECTION c:\spoolsv628255.exe Trojan.Zbot.FV QUARANTINE
2013/05/05 17:02:42 -0400 DIANNE-PC Dianeslife ERROR Quarantine failed: SDKQuarantine failed with error code 2
2013/05/05 17:02:42 -0400 DIANNE-PC Dianeslife DETECTION c:\teamviewer886518.exe Trojan.Ransom.FG QUARANTINE
2013/05/05 17:02:42 -0400 DIANNE-PC Dianeslife ERROR Quarantine failed: SDKQuarantine failed with error code 2
2013/05/05 17:02:42 -0400 DIANNE-PC Dianeslife DETECTION c:\flashplayer775734.exe Trojan.Ransom.FV QUARANTINE
2013/05/05 17:02:42 -0400 DIANNE-PC Dianeslife DETECTION c:\acrobatreader521175.exe Trojan.Ransom.FV QUARANTINE
2013/05/05 17:02:42 -0400 DIANNE-PC Dianeslife ERROR Quarantine failed: SDKQuarantine failed with error code 2
2013/05/05 17:02:42 -0400 DIANNE-PC Dianeslife ERROR Quarantine failed: SDKQuarantine failed with error code 2
2013/05/05 17:02:42 -0400 DIANNE-PC Dianeslife ERROR Quarantine failed: SDKQuarantine failed with error code 2
2013/05/05 17:02:42 -0400 DIANNE-PC Dianeslife ERROR Quarantine failed: SDKQuarantine failed with error code 2
2013/05/05 17:02:42 -0400 DIANNE-PC Dianeslife ERROR Quarantine failed: SDKQuarantine failed with error code 2
2013/05/05 17:02:43 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.83 (Type: outgoing, Port: 53468, Process: svchost.exe)
2013/05/05 17:02:43 -0400 DIANNE-PC Dianeslife DETECTION c:\notepad280593.exe Trojan.Ransom.FV QUARANTINE
2013/05/05 17:02:43 -0400 DIANNE-PC Dianeslife ERROR Quarantine failed: SDKQuarantine failed with error code 2
2013/05/05 17:02:56 -0400 DIANNE-PC Dianeslife DETECTION C:\ab53tzax0rrdg.exe Trojan.Ransom.Foreign QUARANTINE
2013/05/05 17:02:56 -0400 DIANNE-PC Dianeslife DETECTION C:\acrobatreader.exe Trojan.Ransom.Foreign QUARANTINE
2013/05/05 17:02:59 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.85 (Type: outgoing, Port: 53469, Process: svchost.exe)
2013/05/05 17:03:07 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.94 (Type: outgoing, Port: 53470, Process: svchost.exe)
2013/05/05 17:03:15 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.92 (Type: outgoing, Port: 53471, Process: svchost.exe)
2013/05/05 17:03:23 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.86 (Type: outgoing, Port: 53472, Process: svchost.exe)
2013/05/05 17:03:39 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.89 (Type: outgoing, Port: 53474, Process: svchost.exe)
2013/05/05 17:03:47 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.86 (Type: outgoing, Port: 53475, Process: svchost.exe)
2013/05/05 17:03:55 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.87 (Type: outgoing, Port: 53476, Process: svchost.exe)
2013/05/05 17:04:03 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.89 (Type: outgoing, Port: 53477, Process: svchost.exe)
2013/05/05 17:04:19 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.88 (Type: outgoing, Port: 53478, Process: svchost.exe)
2013/05/05 17:04:27 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.85 (Type: outgoing, Port: 53479, Process: svchost.exe)
2013/05/05 17:04:35 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.84 (Type: outgoing, Port: 53481, Process: svchost.exe)
2013/05/05 17:04:44 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.91 (Type: outgoing, Port: 53482, Process: svchost.exe)
2013/05/05 17:05:00 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.91 (Type: outgoing, Port: 53483, Process: svchost.exe)
2013/05/05 17:05:08 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.90 (Type: outgoing, Port: 53484, Process: svchost.exe)
2013/05/05 17:05:16 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.84 (Type: outgoing, Port: 53485, Process: svchost.exe)
2013/05/05 17:05:24 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.94 (Type: outgoing, Port: 53486, Process: svchost.exe)
2013/05/05 17:05:40 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.94 (Type: outgoing, Port: 53488, Process: svchost.exe)
2013/05/05 17:05:48 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.91 (Type: outgoing, Port: 53489, Process: svchost.exe)
2013/05/05 17:05:56 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.91 (Type: outgoing, Port: 53490, Process: svchost.exe)
2013/05/05 17:06:04 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.86 (Type: outgoing, Port: 53491, Process: svchost.exe)
2013/05/05 17:06:20 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.91 (Type: outgoing, Port: 53492, Process: svchost.exe)
2013/05/05 17:06:28 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.90 (Type: outgoing, Port: 53493, Process: svchost.exe)
2013/05/05 17:06:36 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.89 (Type: outgoing, Port: 53495, Process: svchost.exe)
2013/05/05 17:06:52 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.91 (Type: outgoing, Port: 53496, Process: svchost.exe)
2013/05/05 17:07:00 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.85 (Type: outgoing, Port: 53497, Process: svchost.exe)
2013/05/05 17:07:08 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.86 (Type: outgoing, Port: 53498, Process: svchost.exe)
2013/05/05 17:07:16 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.92 (Type: outgoing, Port: 53499, Process: svchost.exe)
2013/05/05 17:07:32 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.87 (Type: outgoing, Port: 53500, Process: svchost.exe)
2013/05/05 17:07:40 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.92 (Type: outgoing, Port: 53502, Process: svchost.exe)
2013/05/05 17:07:48 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.92 (Type: outgoing, Port: 53503, Process: svchost.exe)
2013/05/05 17:07:56 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.90 (Type: outgoing, Port: 53504, Process: svchost.exe)
2013/05/05 17:08:13 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.92 (Type: outgoing, Port: 53505, Process: svchost.exe)
2013/05/05 17:08:21 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.91 (Type: outgoing, Port: 53506, Process: svchost.exe)
2013/05/05 17:08:29 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.83 (Type: outgoing, Port: 53507, Process: svchost.exe)
2013/05/05 17:08:37 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.92 (Type: outgoing, Port: 53509, Process: svchost.exe)
2013/05/05 17:08:53 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.88 (Type: outgoing, Port: 53510, Process: svchost.exe)
2013/05/05 17:09:01 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.92 (Type: outgoing, Port: 53511, Process: svchost.exe)
2013/05/05 17:09:09 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.92 (Type: outgoing, Port: 53512, Process: svchost.exe)
2013/05/05 17:09:17 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.91 (Type: outgoing, Port: 53513, Process: svchost.exe)
2013/05/05 17:09:33 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.86 (Type: outgoing, Port: 53514, Process: svchost.exe)
2013/05/05 17:09:41 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.86 (Type: outgoing, Port: 53516, Process: svchost.exe)
2013/05/05 17:09:49 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.87 (Type: outgoing, Port: 53517, Process: svchost.exe)
2013/05/05 17:09:57 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.90 (Type: outgoing, Port: 53518, Process: svchost.exe)
2013/05/05 17:10:13 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.84 (Type: outgoing, Port: 53519, Process: svchost.exe)
2013/05/05 17:10:21 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.90 (Type: outgoing, Port: 53520, Process: svchost.exe)
2013/05/05 17:10:29 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.90 (Type: outgoing, Port: 53521, Process: svchost.exe)
2013/05/05 17:10:37 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.88 (Type: outgoing, Port: 53523, Process: svchost.exe)
2013/05/05 17:10:51 -0400 DIANNE-PC Dianeslife DETECTION c:\skype264171.exe Trojan.Ransom.FG QUARANTINE
2013/05/05 17:10:51 -0400 DIANNE-PC Dianeslife DETECTION c:\ab53tzax0rrdg.exe Trojan.Ransom.Foreign QUARANTINE
2013/05/05 17:10:51 -0400 DIANNE-PC Dianeslife DETECTION c:\acrobatreader.exe Trojan.Ransom.Foreign QUARANTINE
2013/05/05 17:10:51 -0400 DIANNE-PC Dianeslife DETECTION c:\acrobatreader521175.exe Trojan.Ransom.FV QUARANTINE
2013/05/05 17:10:51 -0400 DIANNE-PC Dianeslife ERROR Quarantine failed: SDKQuarantine failed with error code 2
2013/05/05 17:10:51 -0400 DIANNE-PC Dianeslife ERROR Quarantine failed: SDKQuarantine failed with error code 2
2013/05/05 17:10:51 -0400 DIANNE-PC Dianeslife ERROR Quarantine failed: SDKQuarantine failed with error code 2
2013/05/05 17:10:51 -0400 DIANNE-PC Dianeslife ERROR Quarantine failed: SDKQuarantine failed with error code 2
2013/05/05 17:10:52 -0400 DIANNE-PC Dianeslife DETECTION c:\mstsc448018.exe Trojan.Ransom.FG QUARANTINE
2013/05/05 17:10:52 -0400 DIANNE-PC Dianeslife DETECTION c:\spoolsv628255.exe Trojan.Zbot.FV QUARANTINE
2013/05/05 17:10:52 -0400 DIANNE-PC Dianeslife DETECTION c:\teamviewer886518.exe Trojan.Ransom.FG QUARANTINE
2013/05/05 17:10:52 -0400 DIANNE-PC Dianeslife ERROR Quarantine failed: SDKQuarantine failed with error code 2
2013/05/05 17:10:52 -0400 DIANNE-PC Dianeslife ERROR Quarantine failed: SDKQuarantine failed with error code 2
2013/05/05 17:10:52 -0400 DIANNE-PC Dianeslife ERROR Quarantine failed: SDKQuarantine failed with error code 2
2013/05/05 17:10:53 -0400 DIANNE-PC Dianeslife DETECTION c:\notepad280593.exe Trojan.Ransom.FV QUARANTINE
2013/05/05 17:10:53 -0400 DIANNE-PC Dianeslife ERROR Quarantine failed: SDKQuarantine failed with error code 2
2013/05/05 17:10:53 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.91 (Type: outgoing, Port: 53524, Process: svchost.exe)
2013/05/05 17:10:54 -0400 DIANNE-PC Dianeslife DETECTION c:\acrobatreader.exe Trojan.Ransom.Foreign QUARANTINE
2013/05/05 17:10:54 -0400 DIANNE-PC Dianeslife DETECTION c:\ab53tzax0rrdg.exe Trojan.Ransom.Foreign QUARANTINE
2013/05/05 17:10:54 -0400 DIANNE-PC Dianeslife ERROR Quarantine failed: SDKQuarantine failed with error code 2
2013/05/05 17:10:54 -0400 DIANNE-PC Dianeslife ERROR Quarantine failed: SDKQuarantine failed with error code 2
2013/05/05 17:11:01 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.91 (Type: outgoing, Port: 53527, Process: svchost.exe)
2013/05/05 17:11:09 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.90 (Type: outgoing, Port: 53531, Process: svchost.exe)
2013/05/05 17:11:18 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.85 (Type: outgoing, Port: 53532, Process: svchost.exe)
2013/05/05 17:11:34 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.87 (Type: outgoing, Port: 53533, Process: svchost.exe)
2013/05/05 17:11:42 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.89 (Type: outgoing, Port: 53534, Process: svchost.exe)
2013/05/05 17:11:50 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.92 (Type: outgoing, Port: 53536, Process: svchost.exe)
2013/05/05 17:11:58 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.87 (Type: outgoing, Port: 53537, Process: svchost.exe)
2013/05/05 17:12:14 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.85 (Type: outgoing, Port: 53538, Process: svchost.exe)
2013/05/05 17:12:22 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.84 (Type: outgoing, Port: 53539, Process: svchost.exe)
2013/05/05 17:12:30 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.92 (Type: outgoing, Port: 53540, Process: svchost.exe)
2013/05/05 17:12:38 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.91 (Type: outgoing, Port: 53541, Process: svchost.exe)
2013/05/05 17:12:54 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.85 (Type: outgoing, Port: 53543, Process: svchost.exe)
2013/05/05 17:13:02 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.92 (Type: outgoing, Port: 53544, Process: svchost.exe)
2013/05/05 17:13:10 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.92 (Type: outgoing, Port: 53545, Process: svchost.exe)
2013/05/05 17:13:18 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.83 (Type: outgoing, Port: 53546, Process: svchost.exe)
2013/05/05 17:13:42 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.87 (Type: outgoing, Port: 53548, Process: svchost.exe)
2013/05/05 17:13:50 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.89 (Type: outgoing, Port: 53550, Process: svchost.exe)
2013/05/05 17:13:58 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.92 (Type: outgoing, Port: 53551, Process: svchost.exe)
2013/05/05 17:14:06 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.89 (Type: outgoing, Port: 53552, Process: svchost.exe)
2013/05/05 17:14:23 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.85 (Type: outgoing, Port: 53553, Process: svchost.exe)
2013/05/05 17:14:31 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.84 (Type: outgoing, Port: 53554, Process: svchost.exe)
2013/05/05 17:14:39 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.91 (Type: outgoing, Port: 53555, Process: svchost.exe)
2013/05/05 17:14:47 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.90 (Type: outgoing, Port: 53557, Process: svchost.exe)
2013/05/05 17:15:03 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.85 (Type: outgoing, Port: 53558, Process: svchost.exe)
2013/05/05 17:15:11 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.91 (Type: outgoing, Port: 53559, Process: svchost.exe)
2013/05/05 17:15:19 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.83 (Type: outgoing, Port: 53560, Process: svchost.exe)
2013/05/05 17:15:27 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.87 (Type: outgoing, Port: 53561, Process: svchost.exe)
2013/05/05 17:15:43 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.85 (Type: outgoing, Port: 53562, Process: svchost.exe)
2013/05/05 17:15:51 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.87 (Type: outgoing, Port: 53564, Process: svchost.exe)
2013/05/05 17:15:59 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.92 (Type: outgoing, Port: 53565, Process: svchost.exe)
2013/05/05 17:16:07 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.83 (Type: outgoing, Port: 53566, Process: svchost.exe)
2013/05/05 17:16:23 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.89 (Type: outgoing, Port: 53567, Process: svchost.exe)
2013/05/05 17:16:31 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.83 (Type: outgoing, Port: 53568, Process: svchost.exe)
2013/05/05 17:16:39 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.87 (Type: outgoing, Port: 53569, Process: svchost.exe)
2013/05/05 17:16:47 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.91 (Type: outgoing, Port: 53571, Process: svchost.exe)
2013/05/05 17:17:03 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.86 (Type: outgoing, Port: 53572, Process: svchost.exe)
2013/05/05 17:17:11 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.90 (Type: outgoing, Port: 53573, Process: svchost.exe)
2013/05/05 17:17:19 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.87 (Type: outgoing, Port: 53574, Process: svchost.exe)
2013/05/05 17:17:27 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.87 (Type: outgoing, Port: 53576, Process: svchost.exe)
2013/05/05 17:17:44 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.92 (Type: outgoing, Port: 53577, Process: svchost.exe)
2013/05/05 17:17:52 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.87 (Type: outgoing, Port: 53578, Process: svchost.exe)
2013/05/05 17:18:00 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.88 (Type: outgoing, Port: 53579, Process: svchost.exe)
2013/05/05 17:18:08 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.84 (Type: outgoing, Port: 53580, Process: svchost.exe)
2013/05/05 17:18:24 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.94 (Type: outgoing, Port: 53581, Process: svchost.exe)
2013/05/05 17:18:32 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.90 (Type: outgoing, Port: 53583, Process: svchost.exe)
2013/05/05 17:18:40 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.88 (Type: outgoing, Port: 53584, Process: svchost.exe)
2013/05/05 17:18:48 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.84 (Type: outgoing, Port: 53585, Process: svchost.exe)
2013/05/05 17:19:04 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.92 (Type: outgoing, Port: 53586, Process: svchost.exe)
2013/05/05 17:19:12 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.91 (Type: outgoing, Port: 53587, Process: svchost.exe)
2013/05/05 17:19:20 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.86 (Type: outgoing, Port: 53588, Process: svchost.exe)
2013/05/05 17:19:29 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.83 (Type: outgoing, Port: 53590, Process: svchost.exe)
2013/05/05 17:19:45 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.89 (Type: outgoing, Port: 53591, Process: svchost.exe)
2013/05/05 17:19:53 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.90 (Type: outgoing, Port: 53592, Process: svchost.exe)
2013/05/05 17:20:01 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.84 (Type: outgoing, Port: 53593, Process: svchost.exe)
2013/05/05 17:20:09 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.92 (Type: outgoing, Port: 53594, Process: svchost.exe)
2013/05/05 17:20:17 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.86 (Type: outgoing, Port: 53595, Process: svchost.exe)
2013/05/05 17:20:34 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.88 (Type: outgoing, Port: 53597, Process: svchost.exe)
2013/05/05 17:20:42 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.94 (Type: outgoing, Port: 53598, Process: svchost.exe)
2013/05/05 17:20:50 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.83 (Type: outgoing, Port: 53599, Process: svchost.exe)
2013/05/05 17:20:59 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.86 (Type: outgoing, Port: 53600, Process: svchost.exe)
2013/05/05 17:21:11 -0400 DIANNE-PC Dianeslife DETECTION c:\skype264171.exe Trojan.Ransom.FG QUARANTINE
2013/05/05 17:21:11 -0400 DIANNE-PC Dianeslife DETECTION c:\mstsc448018.exe Trojan.Ransom.FG QUARANTINE
2013/05/05 17:21:11 -0400 DIANNE-PC Dianeslife DETECTION c:\spoolsv628255.exe Trojan.Zbot.FV QUARANTINE
2013/05/05 17:21:11 -0400 DIANNE-PC Dianeslife DETECTION c:\acrobatreader.exe Trojan.Ransom.Foreign QUARANTINE
2013/05/05 17:21:11 -0400 DIANNE-PC Dianeslife ERROR Quarantine failed: SDKQuarantine failed with error code 2
2013/05/05 17:21:11 -0400 DIANNE-PC Dianeslife DETECTION c:\ab53tzax0rrdg.exe Trojan.Ransom.Foreign QUARANTINE
2013/05/05 17:21:11 -0400 DIANNE-PC Dianeslife DETECTION c:\teamviewer886518.exe Trojan.Ransom.FG QUARANTINE
2013/05/05 17:21:11 -0400 DIANNE-PC Dianeslife ERROR Quarantine failed: SDKQuarantine failed with error code 2
2013/05/05 17:21:11 -0400 DIANNE-PC Dianeslife ERROR Quarantine failed: SDKQuarantine failed with error code 2
2013/05/05 17:21:11 -0400 DIANNE-PC Dianeslife ERROR Quarantine failed: SDKQuarantine failed with error code 2
2013/05/05 17:21:11 -0400 DIANNE-PC Dianeslife ERROR Quarantine failed: SDKQuarantine failed with error code 2
2013/05/05 17:21:11 -0400 DIANNE-PC Dianeslife ERROR Quarantine failed: SDKQuarantine failed with error code 2
2013/05/05 17:21:13 -0400 DIANNE-PC Dianeslife DETECTION c:\notepad280593.exe Trojan.Ransom.FV QUARANTINE
2013/05/05 17:21:13 -0400 DIANNE-PC Dianeslife ERROR Quarantine failed: SDKQuarantine failed with error code 2
2013/05/05 17:21:15 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.90 (Type: outgoing, Port: 53603, Process: svchost.exe)
2013/05/05 17:21:23 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.89 (Type: outgoing, Port: 53608, Process: svchost.exe)
2013/05/05 17:21:31 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.84 (Type: outgoing, Port: 53610, Process: svchost.exe)
2013/05/05 17:21:40 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.86 (Type: outgoing, Port: 53611, Process: svchost.exe)
2013/05/05 17:21:48 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.91 (Type: outgoing, Port: 53612, Process: svchost.exe)
2013/05/05 17:22:04 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.86 (Type: outgoing, Port: 53613, Process: svchost.exe)
2013/05/05 17:22:12 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.84 (Type: outgoing, Port: 53614, Process: svchost.exe)
2013/05/05 17:22:20 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.86 (Type: outgoing, Port: 53615, Process: svchost.exe)
2013/05/05 17:22:28 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.89 (Type: outgoing, Port: 53617, Process: svchost.exe)
2013/05/05 17:22:44 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.90 (Type: outgoing, Port: 53618, Process: svchost.exe)
2013/05/05 17:22:52 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.85 (Type: outgoing, Port: 53619, Process: svchost.exe)
2013/05/05 17:23:01 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.85 (Type: outgoing, Port: 53620, Process: svchost.exe)
2013/05/05 17:23:09 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.92 (Type: outgoing, Port: 53622, Process: svchost.exe)
2013/05/05 17:23:25 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.91 (Type: outgoing, Port: 53623, Process: svchost.exe)
2013/05/05 17:23:33 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.94 (Type: outgoing, Port: 53624, Process: svchost.exe)
2013/05/05 17:23:41 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.90 (Type: outgoing, Port: 53625, Process: svchost.exe)
2013/05/05 17:23:49 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.85 (Type: outgoing, Port: 53626, Process: svchost.exe)
2013/05/05 17:23:57 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.86 (Type: outgoing, Port: 53627, Process: svchost.exe)
2013/05/05 17:24:14 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.94 (Type: outgoing, Port: 53629, Process: svchost.exe)
2013/05/05 17:24:22 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.88 (Type: outgoing, Port: 53630, Process: svchost.exe)
2013/05/05 17:24:30 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.92 (Type: outgoing, Port: 53631, Process: svchost.exe)
2013/05/05 17:24:38 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.88 (Type: outgoing, Port: 53632, Process: svchost.exe)
2013/05/05 17:24:54 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.90 (Type: outgoing, Port: 53633, Process: svchost.exe)
2013/05/05 17:25:02 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.91 (Type: outgoing, Port: 53634, Process: svchost.exe)
2013/05/05 17:25:11 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.94 (Type: outgoing, Port: 53636, Process: svchost.exe)
2013/05/05 17:25:19 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.94 (Type: outgoing, Port: 53637, Process: svchost.exe)
2013/05/05 17:25:35 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.91 (Type: outgoing, Port: 53638, Process: svchost.exe)
2013/05/05 17:25:43 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.85 (Type: outgoing, Port: 53639, Process: svchost.exe)
2013/05/05 17:25:51 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.89 (Type: outgoing, Port: 53640, Process: svchost.exe)
2013/05/05 17:25:59 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.94 (Type: outgoing, Port: 53641, Process: svchost.exe)
2013/05/05 17:26:16 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.83 (Type: outgoing, Port: 53643, Process: svchost.exe)
2013/05/05 17:26:24 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.85 (Type: outgoing, Port: 53644, Process: svchost.exe)
2013/05/05 17:26:32 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.86 (Type: outgoing, Port: 53645, Process: svchost.exe)
2013/05/05 17:26:40 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.90 (Type: outgoing, Port: 53646, Process: svchost.exe)
2013/05/05 17:26:48 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.88 (Type: outgoing, Port: 53647, Process: svchost.exe)
2013/05/05 17:27:04 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.84 (Type: outgoing, Port: 53648, Process: svchost.exe)
2013/05/05 17:27:12 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.87 (Type: outgoing, Port: 53650, Process: svchost.exe)
2013/05/05 17:27:20 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.87 (Type: outgoing, Port: 53651, Process: svchost.exe)
2013/05/05 17:27:28 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.90 (Type: outgoing, Port: 53652, Process: svchost.exe)
2013/05/05 17:27:34 -0400 DIANNE-PC Dianeslife DETECTION c:\mstsc448018.exe Trojan.Ransom.FG QUARANTINE
2013/05/05 17:27:34 -0400 DIANNE-PC Dianeslife ERROR Quarantine failed: SDKQuarantine failed with error code 2
2013/05/05 17:27:35 -0400 DIANNE-PC Dianeslife DETECTION c:\skype264171.exe Trojan.Ransom.FG QUARANTINE
2013/05/05 17:27:35 -0400 DIANNE-PC Dianeslife DETECTION c:\spoolsv628255.exe Trojan.Zbot.FV QUARANTINE
2013/05/05 17:27:35 -0400 DIANNE-PC Dianeslife DETECTION c:\teamviewer886518.exe Trojan.Ransom.FG QUARANTINE
2013/05/05 17:27:35 -0400 DIANNE-PC Dianeslife ERROR Quarantine failed: SDKQuarantine failed with error code 2
2013/05/05 17:27:35 -0400 DIANNE-PC Dianeslife ERROR Quarantine failed: SDKQuarantine failed with error code 2
2013/05/05 17:27:35 -0400 DIANNE-PC Dianeslife ERROR Quarantine failed: SDKQuarantine failed with error code 2
2013/05/05 17:27:43 -0400 DIANNE-PC Dianeslife DETECTION c:\mstsc448018.exe Trojan.Ransom.FG QUARANTINE
2013/05/05 17:27:43 -0400 DIANNE-PC Dianeslife DETECTION c:\skype264171.exe Trojan.Ransom.FG QUARANTINE
2013/05/05 17:27:43 -0400 DIANNE-PC Dianeslife DETECTION c:\spoolsv628255.exe Trojan.Zbot.FV QUARANTINE
2013/05/05 17:27:43 -0400 DIANNE-PC Dianeslife DETECTION c:\teamviewer886518.exe Trojan.Ransom.FG QUARANTINE
2013/05/05 17:27:43 -0400 DIANNE-PC Dianeslife ERROR Quarantine failed: SDKQuarantine failed with error code 2
2013/05/05 17:27:43 -0400 DIANNE-PC Dianeslife ERROR Quarantine failed: SDKQuarantine failed with error code 2
2013/05/05 17:27:43 -0400 DIANNE-PC Dianeslife ERROR Quarantine failed: SDKQuarantine failed with error code 2
2013/05/05 17:27:43 -0400 DIANNE-PC Dianeslife ERROR Quarantine failed: SDKQuarantine failed with error code 2
2013/05/05 17:27:45 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.87 (Type: outgoing, Port: 53653, Process: svchost.exe)
2013/05/05 17:27:53 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.91 (Type: outgoing, Port: 53654, Process: svchost.exe)
2013/05/05 17:28:01 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.86 (Type: outgoing, Port: 53655, Process: svchost.exe)
2013/05/05 17:28:09 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.84 (Type: outgoing, Port: 53657, Process: svchost.exe)
2013/05/05 17:28:25 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.84 (Type: outgoing, Port: 53658, Process: svchost.exe)
2013/05/05 17:28:33 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.86 (Type: outgoing, Port: 53659, Process: svchost.exe)
2013/05/05 17:28:41 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.92 (Type: outgoing, Port: 53660, Process: svchost.exe)
2013/05/05 17:28:49 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.85 (Type: outgoing, Port: 53661, Process: svchost.exe)
2013/05/05 17:29:05 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.94 (Type: outgoing, Port: 53662, Process: svchost.exe)
2013/05/05 17:29:14 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.94 (Type: outgoing, Port: 53666, Process: svchost.exe)
2013/05/05 17:29:22 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.92 (Type: outgoing, Port: 53667, Process: svchost.exe)
2013/05/05 17:29:30 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.84 (Type: outgoing, Port: 53668, Process: svchost.exe)
2013/05/05 17:29:38 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.94 (Type: outgoing, Port: 53669, Process: svchost.exe)
2013/05/05 17:29:55 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.84 (Type: outgoing, Port: 53670, Process: svchost.exe)
2013/05/05 17:30:03 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.88 (Type: outgoing, Port: 53671, Process: svchost.exe)
2013/05/05 17:30:11 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.89 (Type: outgoing, Port: 53673, Process: svchost.exe)
2013/05/05 17:30:22 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.90 (Type: outgoing, Port: 53674, Process: svchost.exe)
2013/05/05 17:30:31 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.94 (Type: outgoing, Port: 53675, Process: svchost.exe)
2013/05/05 17:30:39 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.87 (Type: outgoing, Port: 53676, Process: svchost.exe)
2013/05/05 17:30:55 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.83 (Type: outgoing, Port: 53677, Process: svchost.exe)
2013/05/05 17:31:03 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.84 (Type: outgoing, Port: 53678, Process: svchost.exe)
2013/05/05 17:31:13 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.84 (Type: outgoing, Port: 53681, Process: svchost.exe)
2013/05/05 17:31:21 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.85 (Type: outgoing, Port: 53684, Process: svchost.exe)
2013/05/05 17:31:29 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.87 (Type: outgoing, Port: 53685, Process: svchost.exe)
2013/05/05 17:31:46 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.90 (Type: outgoing, Port: 53686, Process: svchost.exe)
2013/05/05 17:31:54 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.90 (Type: outgoing, Port: 53688, Process: svchost.exe)
2013/05/05 17:32:02 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.92 (Type: outgoing, Port: 53690, Process: svchost.exe)
2013/05/05 17:32:11 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.84 (Type: outgoing, Port: 53691, Process: svchost.exe)
2013/05/05 17:32:20 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.94 (Type: outgoing, Port: 53692, Process: svchost.exe)
2013/05/05 17:32:36 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.91 (Type: outgoing, Port: 53693, Process: svchost.exe)
2013/05/05 17:32:44 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.83 (Type: outgoing, Port: 53694, Process: svchost.exe)
2013/05/05 17:32:52 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.83 (Type: outgoing, Port: 53696, Process: svchost.exe)
2013/05/05 17:33:00 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.94 (Type: outgoing, Port: 53697, Process: svchost.exe)
2013/05/05 17:33:16 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.94 (Type: outgoing, Port: 53698, Process: svchost.exe)
2013/05/05 17:33:24 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.92 (Type: outgoing, Port: 53699, Process: svchost.exe)
2013/05/05 17:33:32 -0400 DIANNE-PC Dianeslife IP-BLOCK 46.249.61.88 (Type: outgoing, Port: 53700, Process: svchost.exe)

#14
jtroop

Posted 05 June 2013 - 05:25 PM

Member

Topic Starter
Member
70 posts

Since I was able to get into normal mode, I updated AVG free edition and ran a scan. It got to about 45% complete and found about 15 trojan horses. It was securing the trojan horses as it was scanning. Then there was one it couldn't remove, access is denied. I snapped a photo of it so I could show you. The trojan horse that could not be removed is:

Trojan horse Generic_s.BIH
c:\Windows\Temp\sqctnjb\sfuvoel\wow.dll

That is the exact name of it. When the scan went to about 45% complete, the computer suddenly went into a stop error screen, performing a crash dump. I went back into normal mode, started AVG to scan and it dumped again. So, lots of nasties have been removed, but it is still fighting to remain.

Edited by jtroop, 05 June 2013 - 06:04 PM.

#15
JSntgRvr

Posted 05 June 2013 - 06:31 PM

Global Moderator

Global Moderator
11,579 posts

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

If you are using Firefox, make sure that your download settings are as follows:
- Tools->Options->Main tab
- Set to "Always ask me where to Save the files".
During the download, rename Combofix to MyPoppy as follows:
It is important you rename Combofix during the download, but not after.
Please do not rename Combofix to other names, but only to the one indicated.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

-----------------------------------------------------------
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link or this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  -----------------------------------------------------------
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
-----------------------------------------------------------
Double click on MyPoppy.exe & follow the prompts.
Install the Recovery Console if prompted.
When finished, it will produce a report for you.
Please post the "C:\MyPoppy.txt" . ( I believe Combofix will also rename the report)

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.